在最近的服务器版本中,我遇到了SAMBA问题。 以下是我多次使用没有问题的configuration。
Sambaconfiguration – (匿名被注释掉,但启用时工作正常)
[global] workgroup = SAMBA security = user map to guest = Bad User passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw log file = /var/log/samba/%m log level = 1 #[Anonymous] #comment = Anonymous File Server Share #path = /tmp #browsable =yes #writable = yes #guest ok = yes #read only = no [hes] comment = stuff path = /u01/app2 valid users = hesowner, oracle writable = yes browsable = yes printable = no invalid users = None 使用smbclient在本地testing股份工作得很好。
[root@test1 ~]# smbclient -U hesowner //test1/hes Enter SAMBA\hesowner's password: Domain=[TEST1] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> ls . D 0 Tue Aug 29 14:39:32 2017 .. D 0 Tue Aug 29 14:33:15 2017 reports D 0 Tue Aug 29 14:33:15 2017 forms D 0 Tue Aug 29 14:33:53 2017 eis_ws_approvals D 0 Tue Aug 29 14:45:20 2017 52403200 blocks of size 1024. 36431144 blocks available smb: \>
因此,当试图通过\\ test1 \ hes访问共享时,Windows10 Pro出现了问题。我只是反复提示用户/传递,无法访问共享。
这是日志
[2017/09/07 11:54:20.051608, 2] ../source3/smbd/service.c:319(create_connection_session_info) guest user (from session setup) not permitted to access this share (hes) [2017/09/07 11:54:20.051670, 1] ../source3/smbd/service.c:502(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2017/09/07 11:54:20.125206, 2] ../source3/smbd/service.c:319(create_connection_session_info) guest user (from session setup) not permitted to access this share (hes) [2017/09/07 11:54:20.125265, 1] ../source3/smbd/service.c:502(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2017/09/07 11:54:20.161800, 2] ../source3/smbd/service.c:319(create_connection_session_info) guest user (from session setup) not permitted to access this share (hes) [2017/09/07 11:54:20.161824, 1] ../source3/smbd/service.c:502(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2017/09/07 11:54:20.237828, 2] ../source3/smbd/service.c:319(create_connection_session_info) guest user (from session setup) not permitted to access this share (hes) [2017/09/07 11:54:20.237851, 1] ../source3/smbd/service.c:502(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
我看到这是提到“奇怪的客人用户”。 删除“map to guest = Bad User”时没有任何作用
我完全丧失了…
谢谢您的帮助。
如果其他人遇到这个问题,我的解决scheme是调整Windows客户端上的安全策略。
运行> Secpol.msc
然后将本地策略>安全选项>networking安全:LANpipe理器身份validation级别设置为“仅发送NTLMv2响应。 拒绝LM&NTLM'
否则,您可以编辑SAMABA。
将以下行添加到smb.conf文件的全局部分。
ntlm auth = yes
没有解决我自己。 在这里find解决scheme。
我不build议启用传统协议,如NTLM。 这在Ubuntu 14/samba-4.3.11 Active Directory上的Win7环境(仅支持SMB2.10)下工作。 它还为能够连接到任何共享的较低Windows版本设置了“自然”障碍。
$ grep -E "m[ai][xn] protocol" /etc/samba/smb.conf client ipc max protocol = SMB3 client ipc min protocol = SMB2_10 client max protocol = SMB3 client min protocol = SMB2_10 server max protocol = SMB3 server min protocol = SMB2_10
configuration优化和整合可以确保 – 确保您已经启用了最高的SMB版本支持:
$ testparm -l --show-all-parameters | grep -E "m[ai][xn] protocol|smb encrypt" smb encrypt=P_ENUM,default|No|False|0|Off|disabled|if_required|Yes|True|1|On|enabled|auto|desired|required|mandatory|force|forced|enforced, server max protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, max protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, server min protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, min protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, client max protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, client min protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, client ipc max protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+, client ipc min protocol=P_ENUM,default|SMB2|SMB3|SMB3_11|SMB3_10|SMB3_02|SMB3_00|SMB2_24|SMB2_22|SMB2_10|SMB2_02|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+,
生产环境的一些相关输出:
$smbstatus | grep -E "SMB|NTLM|^PID|\-\-{1,}" PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 11724 AD-User-ID User-Group XXXX (ipvX:XXXX:51177) SMB2_10 4834 AD-User-ID User-Group XXXX (ipvX:XXXX:54652) SMB2_10 1512 AD-User-ID User-Group XXXX (ipvX:XXXX:50496) SMB2_10 21140 AD-User-ID User-Group XXXX (ipvX:XXXX:62753) SMB2_10 26057 AD-User-ID User-Group XXXX (ipvX:XXXX:54410) SMB2_10 1513 AD-User-ID User-Group XXXX (ipvX:XXXX:50498) SMB2_10 11351 AD-User-ID User-Group XXXX (ipvX:XXXX:51152) SMB2_10 11464 AD-User-ID User-Group XXXX (ipvX:XXXX:65059) SMB2_10 5056 AD-User-ID User-Group XXXX (ipvX:XXXX:54671) SMB2_10 1511 AD-User-ID User-Group XXXX (ipvX:XXXX:50494) SMB2_10
…和实验室之一Centos7/samba-4.4.4 Active Directlry 。 您应该能够使用您的SAMBA和Win10版本的encryption,确保参数smb encrypt已经适当地configuration为混合的SMB2 / 3环境。
PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 10884 AD-User-ID User-Group XXXX (ipvX:XXXX:4867) SMB2_10 - HMAC-SHA256