Public Samba Share On An Asuswrt Merlin Router

I decided to switch my Asus RT-AC68U’s firmware from DD-WRT to Asuswrt-Merlin. Unfortunately, Asuswrt-Merlin’s web GUI doesn’t allow the configuration of non-authenticated (i.e., guests or public) access to a Samba share.

Since I have some experience with Samba, I decided to write a quick bash script to modify the shares configuration.

Requirements

  • Asuswrt-Merlin router - I have tested this on an RT-AC68U and an RT-AC5300. Check the firmware’s support page for the other Asus routers that are supported.
  • SSH or telnet access - Configurable in the Administration page under the System tab.
  • Persistent JFFS2 partition - Configurable in the Administration page under the System tab.
  • JFFS custom scripts - Configurable in the Administration page under the System tab.
  • Samba shares configured - Configurable in the USB Application page under Network Place (Samba) Share.

Task at hand

I have a Samba share called public. Let’s look at the configuration file in /tmp/etc/smb.conf and isolate the stanza we care about by using sed:

root@router:/tmp/etc# sed -n '/\[public\]/,/^\[/p' smb.conf
[public]
comment = sda2's public in Seagate Expansion
path = /tmp/mnt/sda2/public
dos filetimes = yes
fake directory create times = yes
valid users = root, karen
invalid users = root, karen
read list =
write list =
[distros]

In order to make the share allow non-authenticated full access, we need to do two things:

  1. Add the guestonly and writable options
  2. Remove user ACL options (valid users, invalid users, read list, and write list)

Once that’s changed, we need to reload the configuration by restarting Samba.

Bash script

Keeping in mind our goals above, I wrote up this script:

Now that we have our script, we need a way to trigger the script. Luckily, Asuswrt-Merlin supports postconf scripts. All we need to do is save the script in /jffs/scripts/smb.postconf and we’re set.

After that’s done, we need to reboot our router so the script could do its thing.

Confirmation

First thing we should look at is the share’s configuration stanza. We could do that with the sed command we used previously:

root@router:/jffs/scripts# sed -n '/\[public\]/,/^\[/p' /etc/smb.conf
[public]
comment = sda2's public in Seagate Expansion
path = /tmp/mnt/sda2/public
dos filetimes = yes
fake directory create times = yes
guest only = yes
writable = yes
[distros]

If the guest only and writable options are set to yes, you’re in business.

To test the functionality on the client side, we could do the following on Windows:

C:\Users\belminf>net use y: \\router.apt2b.lan\public
The command completed successfully.

For Linux, the following will work:

belminf@bf-t420s $ smbclient //router.apt2b.lan/public -N

smb: \> ls
 .        D    0  Sun Dec 13 15:26:48 2015
 foo.txt  N 3049  Thu Dec 24 12:03:34 2015

 smb: \>

Feedback or issues

If you have any issues or feedback, feel free to comment on the Github Gist.