我无法使用Windows或smbclient访问远程驱动器; 根据samba日志文件,我的身份validation显示成功,但getpwuid失败。 服务器(远程)正在运行CentOS 7.2和Samba 4.2.3。 客户端是CentOS 7.2和smbclient 4.2.3。 日志文件显示:
[2017/05/06 22:57:48.729284, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password) check_ntlm_password: authentication for user [developer_prod] -> [developer_prod] -> [developer_prod] succeeded [2017/05/06 22:57:48.731091, 1] ../source3/auth/token_util.c:430(add_local_groups) SID S-1-5-21-4007675785-2624567327-467545301-1000 -> getpwuid(16777216) failed [2017/05/06 22:57:48.731164, 1] ../source3/smbd/sesssetup.c:280(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_UNSUCCESSFUL
奇怪的是,SID对应一个本地用户:
# wbinfo -s S-1-5-21-4007675785-2624567327-467545301-1000 NY4010\developer_prod 1
(ny4010是我的samba服务器机器)即使在客户端上我使用域用户login:
$ smbclient -U 'my_domain\developer_prod' \\\\ny4010\\release 'password' session setup failed: NT_STATUS_UNSUCCESSFUL
这是我的smb.conf文件:
[global] workgroup = MYDOMAIN password server = my_domain_server.mydomain.local realm = MYDOMAIN.LOCAL security = ads idmap config * : range = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash kerberos method = secrets only winbind use default domain = true winbind offline logon = false log level = 2 encrypt passwords = yes unix extensions = no server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads passdb backend = tdbsam realm = MYDOMAIN.LOCAL password server = my_domain_server.mydomain.local local master = no [homes] comment = Home Directories browseable = no writable = yes [release] comment = Shared directory: /prod path = /prod browseable = yes read only = no valid users = developer_prod guest ok = yes public = yes follow symlinks = yes wide links = yes force user = developer_prod [log] comment = Shared directory: /prod/log path = /prod/log browseable = yes read only = yes guest ok = yes public = yes
我的nsswitch.conf文件看起来像:passwd:files winbind
我认为这里的吸枪是一个本地用户的SID出现在getpwuid失败的行…