If you follow the FAQ link from JasonAzze, you will see there is a "map to guest" line which is also required, so you need both of these lines:

security = user
map to guest = Bad Password

I had the same problem as the OP, and I have tested that this solution works on Fedora 18

Answer from banjo67xxx on serverfault.com
🌐
Linux Questions
linuxquestions.org › questions › linux-software-2 › samba-deprecating-security=share-946879
[SOLVED] Samba--deprecating "security=share"
An alert displayed by nmblookup has been informing me that the Samba security param "security=share" is being "deprecated". I am
🌐
Samba
lists.samba.org › archive › samba › 2010-December › 160046.html
[Samba] "security = share" is deprecated? (a simple question for a newbie)
Although "security = share" is not explicitly marked as "deprecated" in SWAT (or loadparm.c), this is same security mode as Windows 9x and will be deprecated sooner or later. At least smb signing is not supported with share level security, because of the specification of SMB.
🌐
Samba
samba.samba.narkive.com › kSLUDcBR › behavior-of-deprecated-share-security-with-user-security
[Samba] Behavior of deprecated share security with user security
pam password change = yes map to guest = bad user guest account = nobody invalid users = root usershare max shares = 0 use sendfile = yes deadtime = 15 [Local] comment = Media Share path = /var/www/local browseable = yes guest ok = yes create mask = 0744 inherit owner = yes hide dot files = yes writeable = no veto files = /lost+found/ [LocalW] comment = Media Share path = /var/www/local browseable = yes guest ok = no create mask = 0744 inherit owner = yes hide dot files = yes writeable = yes veto files = /lost+found/ [Public] comment = Public Share path = /var/tmp/Common browseable = yes writeable = yes guest ok = yes create mask = 0744 · L.P.H. van Belle ... Permalink hai, this setup sets the samba shares open so no password are asked.
🌐
Samba
samba.org › samba › docs › 3.6 › man-html › smb.conf.5.html
smb.conf
This option allows smbd to create the required UNIX users ON DEMAND when a user accesses the Samba server. In order to use this option, smbd(8) must NOT be set to security = share and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create.
🌐
Ask Ubuntu
askubuntu.com › questions › 1061705 › samba-smb-conf-errors-syslog-deprecated-invalid-value-for-security
Samba smb.conf errors syslog deprecated, invalid value for security - Ask Ubuntu
August 2, 2018 - njegosh@njegosh-notebook:~/Desktop$ sudo smbpasswd -a user WARNING: Ignoring invalid value 'share' for parameter 'security' Can't load /etc/samba/smb.conf - run testparm to debug it njegosh@njegosh-notebook:~/Desktop$ testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "syslog" option is deprecated WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services.
🌐
Samba
lists.samba.org › archive › samba › 2014-May › 181609.html
[Samba] Behavior of deprecated share security with user security
July 28, 2022 - Next message: [Samba] Behavior of deprecated share security with user security
🌐
Red Hat
bugzilla.redhat.com › show_bug.cgi
security = share stops working when samba-3.6.23-43. ...
Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla · RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue ...
Find elsewhere
🌐
Narkive
linux.samba.narkive.com › TjdcAadG › samba-security-share
[Samba] security = SHARE
Post by George.Yao I also encounter this problem that the user security mode work fine, but on share security level, it always return NT_STATUS_WRONG_PASSWORD. Is SHARE on samba 3.4 deprecated ? Can anybody give some advice? user = share is like Windoze95/98 type file share.
🌐
Fredshack
fredshack.com › docs › samba.html
Introduction to Samba
Here's /etc/samba/smb.conf: [global] workgroup = WORKGROUP · ;netbios name = LINUX · ;Note: security = share is deprecated · security = user · map to guest = bad user · ;required to make this host master browser and WINS server · wins support = yes · local master = yes ·
🌐
Hidden Base
vicidi.wordpress.com › 2012 › 01 › 23 › set-up-samba-without-using-deprecated-share-security-setting
Set up Samba without using Deprecated “share” Security Setting | Hidden Base
June 18, 2013 - I was trying to set up Samba file sharing in the office. It works somehow but there are two things I don't quite happy about. The setting I tried uses the "share" as the security setting which is deprecated. When the user click on a password protected folder, the user name is pre-filled in ...
🌐
Oracle
docs.oracle.com › cd › E37670_01 › E41138 › html › ol_standalone_samba.html
20.3.2.1 Configuring Samba as a Standalone Server
The server security model, where the Samba server relies on another server to authenticate user names and passwords, is deprecated as it has numerous security and interoperability issues.
🌐
Stack Exchange
unix.stackexchange.com › questions › 765411 › anonymous-access-to-samba-server-not-share
Anonymous Access to Samba Server (not share) - Unix & Linux Stack Exchange
December 23, 2023 - An example: security = user which is the default anyway.) This person had the same issue: https://samba.samba.narkive.com/kSLUDcBR/behavior-of-deprecated-share-security-with-user-security Their solution was using "map to guest = bad password" instead of "bad user".
🌐
Gentoo Forums
forums.gentoo.org › board index › assistance › networking & security
[SOLVED] Samba issue - Page 3 - Gentoo Forums
There must be at least on smbd ... 4800H, 32GB, 22TB ... igor@IgorReinCloud ~/wxWidgets $ smbclient -L localhost -U igor WARNING: The security=share option is deprecated ......
🌐
iknowlab
iknowlab.wordpress.com › 2015 › 11 › 15 › samba-smb-conf-update-security-server-share-all-are-deprecated
Samba smb.conf update , security = server / share all are deprecated | iknowlab
November 15, 2015 - After I setup Fedora Core 22 , I find out security = server / share all are deprecated. The answer is “map to guest = Bad User” by reading “man smb.conf” . This time , don’t use smbpasswd to create any samba user account .
Top answer
1 of 5
36

OK, I have found an answer myself.

As this is absolutely not obvious from the docs and HOWTOs and whatever, the reason this thing asks for password is because it cannot map guest user to the owner of the directory being shared.

I have NTFS partitions which I need to mount RW so I used the following setup in my /etc/fstab:

/dev/sdb1  /media/disk1  ntfs defaults,noexec,noatime,relatime,utf8,uid=1000,gid=1000 0       2
/dev/sdb2  /media/disk2  ntfs defaults,noexec,noatime,relatime,utf8,uid=1000,gid=1000 0       2

The most important pieces of config are uid and gid (maybe only uid, don't know). They are set to the UID and GID of the user jonnie set up on the server (obviously not root). So, when ntfs-3g will mount these disks, everything will be owned by him.

After that, I have added this user to the Samba registry (or maybe created new identical one, don't care):

# smbpasswd -a jonnie

It asked for password, I have entered the same as for the main system.

After that, I have added the force user and force group settings to the smb.conf:

[global]
  workgroup = WORKGROUP
  netbios name = HOMESERV
  security = user
  map to guest = Bad User

[disk1]
  comment = Disk 1 on 400GB HDD
  path = /media/disk1
  browsable = yes
  guest ok = yes
  read only = no
  create mask = 666
  directory mask = 777
  force user = jonnie
  force group = jonnie

[disk2]
  comment = Disk 2 on 400GB HDD
  path = /media/disk2
  browsable = yes
  guest ok = yes
  read only = no
  create mask = 666
  directory mask = 777
  force user = jonnie
  force group = jonnie

So, most important piece of config relevant to me was force user.

Courtesy of the Samba HOWTO

2 of 5
6

The config can be shorter:

Create unix user jonnie

sudo useradd jonnie -s /usr/sbin/nologin

Create smbuser

sudo smbpasswd -a jonnie

Create the Linux directory to share

mkdir /mysmbshare

Change the owner of the directory to jonnie

sudo chown jonnie /mysmbshare

smb.conf

[global]
  workgroup = MyWorkGroup
  server string = Hello, use me
  security = user
  map to guest = Bad User
  guest account = jonnie
  passdb backend = tdbsam
  
[the_public_share]
   path = /mysmbshare
   writable = yes
   printable = no
   public = yes

All files are owned by jonnie and everyone has rw access to the files.

🌐
Samba
samba.org › samba › docs › server_security.html
Samba Server Security
That means that those clients will not be able to browse shares, and may also be unable to access some other resources.