The requirement is simple enough: create a network/samba share on my Fedora 25 PC that Windows machines can connect to (with full read-write permissions) without being challenged for a username or password. The solution was not so easy, however, as Fedora 25 implements SELinux (which you could always disable, but it’s on for good reasons so I’d prefer not to just go around disabling it). There’s also a firewall in the way, which also has to be dealt with in a subtle way (i.e., just disabling the firewall is not an option!)
So, on the Linux PC, we need first to install the Samba server (and I throw in the client for good measure, though it’s not strictly needed; and my favourite text editor, which maybe also isn’t strictly needed if you’re happy with the likes of vi or emacs!):
sudo dnf install samba samba-client nano
Next, we need to edit the Samba configuration file:
sudo nano /etc/samba/smb.conf
In the configuration file you’re now editing, you need to end up with this sort of thing (but taking out the comments):
[global] workgroup = DIZWELL # replace with an appropriate WORKGROUP name security = user # this isn't optional unix charset = UTF-8 # makes sense for me, but your characterset needs might be different passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw map to guest = Bad User # this isn't optional, either [BIGDATA] # this is the share name and can be anything path = /data # here is where the stuff I want to share resides writable = yes browsable = yes guest ok = yes guest only = yes create mask = 0777 directory mask = 0777 public = yes available = yes
You may have other sections that control the sharing of home directories and printers -but I’m not interested in those so much at this point. All I’m really after is creating one big network share of all my data, so I create a ‘BIGDATA’ section -in which all the entries are necessary to allow password-less access to the share, backed by -in this case- a physical /data directory. Save the modified file when done: Samba is now correctly to configured to let the world and her dog have access to /data via a network share.
However, you need to make sure the file permissions on the server allow this wide-open access as well as the Samba configuration now does. So, if you haven’t already done it:
sudo chmod 777 /data
Now for a final bit of preparation:
sudo firewall-cmd --add-service=samba --permanent sudo setsebool -P samba_export_all_rw 1
The first of those commands leaves the firewall on, but with a permanent exception that allows Samba traffic through. The second command configures SELinux correctly to allow everything set up as a network share in the smb.conf configuration file to be accessed in full read-write mode. That again lets SELinux stay on in ‘enforcing’ mode, but with the necessary, narrowly-scoped exceptions to let Samba work.
sudo systemctl enable smb nmb sudo systemctl start smb nmb
That just makes sure the Samba services can auto-start every time I reboot my PC in the future, and then switches them on right now. That done, you should be able to browse from within your Windows Explorer session to the relevant server, see the new anonymous share and make full use of it without password or other security challenges.