Mount windows 10 folder shared for everyone from linux PC

I'm trying - from a linux PC - to mount a folder of a windows PC in the local network, that was shared for everyone. So the setup is:

linux PC: Ubuntu 18.04 with smbclient and cifs-tools installed, at IP 192.168.178.3,

Windows PC: Win10, C:\mqtt shared for everyone as \\DEEPTHOUGHT3\mqtt, IP 192.168.178.113

I can successfully mount the share providing an existing user of the Win10 box with sudo mount -t cifs //192.168.178.113/mqtt /home/xyz/mnt -o user=xyz,password=***

However, when I want to mount the folder anonymously, I am not successful. In the target setup, I will not have the user credentials, so I need to find a solution for this.

I've tried several approaches / options:

Starting with sudo mount -t cifs //192.168.178.113/mqtt /home/xyz/mnt -o guest,sec=none, also only one of the two -o options
adding option uid=1000,gid=1000 with the numbers corresponding to the current user
-vv to make more verbose output,
user=,password= and also with guest for both entries (-user=guest,password=guest). The same I also tried for username=...
sec=none and other values for sec (like discussed here https://unix.stackexchange.com/questions/124342/mount-error-13-permission-denied)
domain=. or domain=WORKGROUP after confirming that the name of the windows domain is WORKGROUP

all without success.Also after a lot of googling I didn't find an answer.

I would greatly appreciate if someone knowledgeable has a solution for this!

Thomas Bobek

Posted 2019-11-16T16:30:13.197

Reputation: 1

Answers

On Windows, Everyone is equivalent to Authenticated Users. For this reason, it is required that the user be authenticated to access any Windows file share.

This behavior can be modified by changing the following registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CuurentControlSet\Control\LSA\everyoneincludesanonymous = 1

This is equivalent to setting the following group policy:

Network access: Let Everyone permissions apply to anonymous users found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

A reboot may be required for the changes to take affect.

This change introduces a significant security risk to Windows computers allowing anonymous connections to enumerate details about the computer that can be used for subsequent attacks.

It is also important to note that there are both Share Permissions and NTFS permissions in Windows. You said the folder is, "Shared for Everyone." Everyone will need to be granted permissions at both the share level and NTFS level. Both of which are configured by right-clicking the folder and accessing it's properties.

Appleoddity

Posted 2019-11-16T16:30:13.197

Reputation: 9 360

A possible solution is running the Local Group Policy Editor (gpedit.msc), and navigating to:

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options

Double-click the option of "Accounts: Guest account status" and set it to Enabled, then click OK.

This option is defined as:

This security setting determines if the Guest account is enabled or disabled.

Default: Disabled.

harrymc

Posted 2019-11-16T16:30:13.197

Reputation: 306 093