Setup Samba Share for no-authentication write access for one IP; authentication for all others

SoonerLater

Explorer
Joined
Mar 7, 2013
Messages
80
Goal: create a samba share on FreeNAS (11.2) that a dumb device (scanner) at one particular local IP address can write to without any type of authentication, but all other IPs accessing that samba share would have to authenticate.

I have a Fujitsu Scansnap ix1600. It is possible to setup a "scan profile" to write to a local UNC destination (e.g. \\Jessie\Scans), but it's not smart enough to be able to store and use a username and password to access that share. I suppose I could setup that samba share to let anonymous users write to it, but that seems like it's asking for trouble if any unwanted user/process ever gets in my LAN and discovers that share. So I'd like for the Scansnap to be able to write freely (using its static IP address as a form of security), but all other users to have to authenticate to read or write to that share.

I find it challenging (to say the least) to keep straight in my head the parameters and permissions that have to be set in a Pool vs. a Dataset vs. a Share in order to get desired results. There used to be Guides for a lot of this stuff. Even when what I want to do doesn't 100% fit a given guide, just starting from a guide and then tweaking settings has worked for me in the past. But now the Guides section of this forum is empty.

If anyone would like to suggest some "best practice" settings for this goal, I'll buy them a six pack.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Goal: create a samba share on FreeNAS (11.2) that a dumb device (scanner) at one particular local IP address can write to without any type of authentication, but all other IPs accessing that samba share would have to authenticate.

I have a Fujitsu Scansnap ix1600. It is possible to setup a "scan profile" to write to a local UNC destination (e.g. \\Jessie\Scans), but it's not smart enough to be able to store and use a username and password to access that share. I suppose I could setup that samba share to let anonymous users write to it, but that seems like it's asking for trouble if any unwanted user/process ever gets in my LAN and discovers that share. So I'd like for the Scansnap to be able to write freely (using its static IP address as a form of security), but all other users to have to authenticate to read or write to that share.

I find it challenging (to say the least) to keep straight in my head the parameters and permissions that have to be set in a Pool vs. a Dataset vs. a Share in order to get desired results. There used to be Guides for a lot of this stuff. Even when what I want to do doesn't 100% fit a given guide, just starting from a guide and then tweaking settings has worked for me in the past. But now the Guides section of this forum is empty.

If anyone would like to suggest some "best practice" settings for this goal, I'll buy them a six pack.
You can create a second SMB share to the same path (different name for share) with "browseable" unchecked (so it's not visible in share listing), add a "hosts allow" entry for the scanner's IP address, and toggle guest access for the share.
 
Top