SMB Guest access
This was a message on OmniOS-discuss in April 2016,
subject: cifs anonymous troubles
There were several bugs fixed as part of the "extended security" work: 1122 smbsrv should use SPNEGO (inbound authentication) One of those was that we used to give a client a "guest" logon if they tried to logon to SMB with _any_ unrecognized account. No, that was never a good idea. Not only was it questionable for security, but it confused issues about failed logon. Example: Windows user does NOT get the expected pop-up dialog asking for new credentials when they try to connect to a share using an invalid user name. Instead, they would get connected, but would fail to have access to anything in the share. So with that bug fixed, one can logon as "guest" only if: (1) you actually ask for guest in your logon request, (2) a local Unix account named "guest" exists, and (3) the guest account is enabled for SMB Therefore, if you were using guest access before 1122 was fixed, (and were depending on accidental guest access working), you'll need to do the following to re-enable guest access: useradd (options] guest smbadm enable-user guest The guest account password is ignored by SMB, so all that matters to SMB is whether that account is marked as enabled in /var/smb/smbpasswd To keep Unix users from using guest for login, you can set the Unix password hash to something invalid, etc.
Here's what the guest account looks like (by default) on NexentaStor:
root@ns5:/export/home/admin# grep guest /etc/passwd /etc/shadow /var/smb/smbpasswd