ASUSWRT does a decent job at providing Samba shares to the Windows clients on the network and this will work in most cases. However, if you need to mix password protected with public (open) folders, the firmware cannot handle this scenario.
Fortunately, Asus made a decent job at making the firmware customizable enough that this functionality can be enabled with a bit of custom tweaking.
Prerequisites
Enable password-protected Samba functionality and add the necessary users you want to use for login (the admin user is included by default). Configuring the shared folder can be done at this point but is not necessary as this can also be done later.
Start by enabling SSH access to the router – to be able to modify internal configuration files.
Either use SSH (with the built-in vi editor) or a SCP file manager to edit the necessary files on the router’s filesystem:
Make Samba’s configuration changes permanent
We’ll need a script to restore the customized samba configuration file after every (re)boot. David Longenecker already did all the hard work and found the necessary steps for this. Thanks, David!
I used the fixsamba script from David’s Github and placed it in the router’s /jffs (non-volatile) storage. The script takes care of killing Samba, restoring the tweaked configuration file from the backup copy and then restarting Samba with the customized configuration file.
For make the router run the script when necessary, execute the following 3 commands via SSH:
chmod 775 /jffs/fixsamba nvram set script_usbmount="/jffs/fixsamba" nvram commit
Tweak Samba’s configuration
Copy Samba’s configuration file to the jffs storage:
cp /etc/smb.conf /jffs/smb.conf
Edit the /jffs/smb.conf configuration file to re-enable guest access (by mapping bad users to the guest user) by editing the map to guest parameter:
map to guest = Bad User
Now define your shared folders with their appropriate configuration and access. In the example below, the first folder is password protected with read/write access, while the second one has public read-only access:
[data] comment = My Stick path = /tmp/mnt/Data/media dos filetimes = yes fake directory create times = yes valid users = admin, user invalid users = read list = admin, user write list = admin, user [public] path = /tmp/mnt/Data/media/public read list = guest, nobody browsable = yes guest ok = yes read only = yes create mask = 0755
See the official documentation for more configuration parameters.
Notes
- By default, the script waits for 3 minutes before restarting Samba. If that is too long (and you restart your router often) the value can be tweaked down. I changed it to 30s and it was enough for my AC58U router.
- Files stored on the /jffs partition are kept across reboots. However, they can get lost during firmware resets or updates, so keep a copy of those files somewhere safe.
- Modifying Samba’s configuration via the web interface options can override some or all of the tweaks. The tweaks will be restored on reboot (from the separate configuration file) and any changes made via the web interface will be lost – you’ll need to compare/transfer any of the needed configuration changes to the /jffs/smb.conf file.
- After prolonged runtime Samba may lose the configuration tweaks or restart without them – configuring the router to periodically restart (weekly?) ensures the tweaks are reapplied.