Bug 1297232

Thanks for your bug report.

"guest ok" means that guest account is allowed, but you can still provide your credentials. So it is correct to see auth dialog, where you can choose anonymous login, or user login.

There is also "guest only", which means that only guest account is allowed, so in that case you shouldn't see the dialog.

The behavioral has been changed by the following commit:
https://git.gnome.org/browse/gvfs/commit/daemon/gvfsbackendsmb.c?id=a0aec329939e198b6faea6b788df7278f6543436

Because it was difficult to log in as a specific user if guest is allowed...

So closing the bug, because the behavioral is intentional.

Please reopen.  I have added 'guest only' and still see a login dialog.  

The semantics of 'guest' vis-a-vis Samba are not clear.  If a user is a guest why would they want to provide credentials, which they not have in any case?
I had to think back to anonymous FTP usage where I think it was considered good etiquette to enter the email address to login to public areas.  That is not the case here:  I just want to login without a password dialog to shares I created on my own LAN.

When providing a userid, one must have already created a userid via pdbedit or smbpasswd, and the password is not remembered the next time even if once selects the 'Remember forever' radio button.  

I had a couple of brief successful logins without seeing the dialog if I installed gnome-keyring, but I run XFCE4 so was trying to get this guest login function working without installing any extra packages.  I know this can be done because I have one machine with a share defined ('guest ok', no 'guest only') and I have been able to connect to it without ever being prompted for a userid/pw
for more than a year now.  The share on the server is read only, so that may make a difference?

(In reply to Dominique Brazziel from comment #4)
> Please reopen.  I have added 'guest only' and still see a login dialog.  

Ok, let's reopen this bug, however there is probably just something wrong with your configuration, because I tried this with Thunar and I don't see password prompt with "guest only".

> The semantics of 'guest' vis-a-vis Samba are not clear.  If a user is a
> guest why would they want to provide credentials, which they not have in any
> case?
> I had to think back to anonymous FTP usage where I think it was considered
> good etiquette to enter the email address to login to public areas.  That is
> not the case here:  I just want to login without a password dialog to shares
> I created on my own LAN.

As far as I know with "guest ok" you should always see dialog, where you can choose anonymous login among others. It seems samba asked for password even if you use guest user name. You can see similar behavioral with smbclient:
smbclient -L host -U guest -> asks for password
smbclient -L host -N -> doesn't ask for password only if you tell him to not ask

> When providing a userid, one must have already created a userid via pdbedit
> or smbpasswd, and the password is not remembered the next time even if once
> selects the 'Remember forever' radio button.  
> 
> I had a couple of brief successful logins without seeing the dialog if I
> installed gnome-keyring, but I run XFCE4 so was trying to get this guest
> login function working without installing any extra packages.  I know this

"Remember forever" can't work without secrets service (i.e. gnome keyring). As far as I know there isn't any for XFCE and usually gnome keyring is used for this purpose...

> can be done because I have one machine with a share defined ('guest ok', no
> 'guest only') and I have been able to connect to it without ever being
> prompted for a userid/pw
> for more than a year now.  The share on the server is read only, so that may
> make a difference?

I don't think so... but you are right that one of my shares also doesn't invoke password dialog though it is guest ok, I have to investigate logs, what is happening there...

The commit referenced above in Comment 2 (https://bugzilla.redhat.com/show_bug.cgi?id=1297232#c2) was in response to https://bugzilla.gnome.org/show_bug.cgi?id=742169.  We see from the following test case from the 
OP of the bug:

2] share requires guest access (only)
> nautilus: offers to connect as registered user. The again, despite clearly
> being a guest-only share (guest only = yes), samba would nonetheless allow
> access. So, meh.

It seems the behavior of gvfs is not inline with the intent of Samba on 'guest only', which is to allow the connection without fussing around with userid/passwords.

The configuration on the host machine is a stock smb.conf from the 'samba-commons' package with the following local changes:

diff -u smb.conf.rpmdist smb.conf
--- smb.conf.rpmdist	2015-12-16 11:00:57.000000000 -0500
+++ smb.conf	2016-01-13 12:58:35.004939937 -0500
@@ -86,7 +86,7 @@
 # max protocol = used to define the supported protocol. The default is NT1. You
 # can set it to SMB2 if you want experimental SMB2 support.
 #
-	workgroup = MYGROUP
+	workgroup = (my local workgroup)
 	server string = Samba Server Version %v
 
 ;	netbios name = MYSERVER
@@ -232,10 +232,13 @@
 # nslookups.
 
 ;	wins support = yes
+	wins support = no
 ;	wins server = w.x.y.z
 ;	wins proxy = yes
+	wins proxy = no
 
 ;	dns proxy = yes
+	dns proxy = no
 
 # --------------------------- Printing Options -----------------------------
 #
@@ -294,6 +297,14 @@
 	writable = no
 	printable = yes
 
+[video]
+    comment = Videos
+    path = /av/video
+    browseable = yes
+    read only = yes
+    guest ok = yes
+    guest only = yes
+
 # Un-comment the following and create the netlogon directory for Domain Logons:
 ;	[netlogon]
 ;	comment = Network Logon Service

Taking some hints from the original bug report (https://bugzilla.gnome.org/show_bug.cgi?id=742169) I started messing around with gvfs-mount.  The first component I noticed was missing on the client machine (the one trying to access the host share) was gvfs-fuse.  

After installing gvfs-fuse on the client I was able to mount
the host share from the command line without authentication (as anonymous guest) with 'gvfs-mount -a smb://host/video', and the share appeared under the 'Network' section of Thunar.

Within Thunar, I am able to browse the share, but when trying to connect the authentication dialog pops up. If I try to go directly to the share (i.e. URI
"smb://host/video" Thunar shows me a blank pane.  If I do a reload it a pop-up
message informs me the directory is not mounted.


If only there was a way to drive the 'gvfs-mount -a' behavior from withing Thunar.  Also, it is still a mystery to me why 'guest ok' shares can be seen without authentication in the other direction (the host as client, client as host). I have a stock smb.conf with a video share added on both machines (workgroup changed).

For log output of the connection/authentication sequence this does nicely:

journalctl -a -t org.gtk.vfs.Daemon

OK, it seems like there is no way for Thunar to know if the login is anonymous or not until it prompts the user and the user answers.  I attempted to login
via the string 'smb://[guest|ftp]@host/share' but got a blank panel.

For the time being I am mounting the share at XFCE4 startup time with 'gvfs-mount -a smb://host/share'.

I finally find why some my shares with "guest ok" works without password prompt and some requires password...

Password prompt is not shown if you map bad users to guest (we can't do much with in gvfs):
map to guest = bad user

(In reply to Dominique Brazziel from comment #7)
> After installing gvfs-fuse on the client I was able to mount
> the host share from the command line without authentication (as anonymous
> guest) with 'gvfs-mount -a smb://host/video', and the share appeared under
> the 'Network' section of Thunar.

gvfs-fuse is not needed for gvfs-mount -a 

(In reply to Dominique Brazziel from comment #9)
> OK, it seems like there is no way for Thunar to know if the login is
> anonymous or not until it prompts the user and the user answers.  I

I am afraid we can't do much with. We don't know what is name of guest user, because it might be whatever, so we have to show password prompt even if you specify smb://guestusername@host/share...

> attempted to login
> via the string 'smb://[guest|ftp]@host/share' but got a blank panel.

Thunar should probably show login prompt in such case... actually I can see it. However you might want to file a bug for thunar about...

Thank you!  Having one host not prompt was a clue that promptless connection worked, it was a riddle figuring out why it worked for that machine and not the others.  I guess I missed one last step after installing stock versions of samba-common on the other host machines:

diff -u smb.conf.prompting-host smb.conf.non-prompting-host

Again, thank you for putting a separate pair of eyes on this.