How to enable guest access to a Solaris CIFS share
By Afshin Salek on Aug 06, 2009
A new share property, guestok, has been added (snv_118) to control whether or not guest access is allowed on a share.
If guestok is set to true, guest access will be allowed on the specified share. If the guestok share property is not defined or
is set to false, guest access will not be permitted on that share. By default, the guestok property is not defined, i.e. guest
access is disabled by default.
Examples to set guestok using sharemgr(1M) and zfs(1M):
# sharemgr set -P smb -p guestok=true -r myshare mygroup
# zfs set sharesmb=name=myshare,guestok=true mydataset
When a user attempts to connect to an SMB server, the request is interpreted as a guest connection if an account name is
not specified or the specified user account does not exist. Guest connections are not authenticated except when the guest
account has a password (more details below). Windows systems typically use a predefined local account called Guest to
represent guest connections, although this account can be renamed. On Solaris, the system administrator can define an
idmap name-based rule to map Guest to any local Solaris username, such as guest or nobody. For example:
# idmap add winname:Guest unixuser:guest
If the local account has a SMB password in /var/smb/smbpasswd the guest connection will be authenticated against
that password. Any connection over SMB made using an account that maps to the local guest account will be designated as
a guest connection. In the absence of an idmap rule for Guest, an ephemeral ID will be generated for this Windows account
by idmap service.