服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Samba:只能从Windows访问IP
Intereting Posts
试图讨好Linux配额,数据存储在哪里? Postgresql与端口636上的ldaps:/// url 如何使用sshd_config – PermitUserEnvironment选项 FSRM – 设置文件屏幕以阻止已经在某些文件夹内的文件types 用iptables拦截ddosstring SIP – Linksys和没有语音 使用Centos 7的kickstarter文件,没有任何进展会影响VM的安装 永久更改gitlab服务器端口 CentOS6 – httpd – mod_file_cache 房间邮箱和房间日历 Exchange 2007重新安装 – OST NginX只有一个后端与ip_hash启用…? Apache:使用不区分大小写的pathredirect? 我应该为每个应用程序服务器设置出站电子邮件服务器,还是为其中一个? 使用MS SQL Expresslogin:成功! 迁移工具包login:失败?

Samba:只能从Windows访问IP

我有几台运行Samba v3.6的CentOS 7服务器,他们join到Windows Server 2008 R2 Active Directory域,我的客户端是Windows 10.我无法使用主机名访问某些服务器上的samba共享通过IP地址。

我已经检查的东西:

  • DNS工作正常。 当我尝试通过主机名访问服务器时,有在samba中生成的客户端日志。
  • “wbinfo -u”列出所有的Active Directory用户
  • “getent passwd”用Unix访问列出本地用户和Active Directory用户。 来自客户端的SSH访问与尝试访问共享的同一用户一起工作。
  • 时间通过NTP与域控制器同步

Sambaconfiguration: 

[global] netbios name = SERVERNAME workgroup = DOMAIN realm = DOMAIN.INT security = ads idmap config * : backend = nss idmap config * : range = 500-100000000 idmap config DOMAIN : backend = ad idmap config DOMAIN : default = yes idmap config DOMAIN : range = 500-100000000 idap config DOMAIN : schema_mode = rfc2307 template shell = /bin/bash template homedir = /home/%U winbind nss info = rfc2307 winbind use default domain = yes winbind offline logon = true winbind enum users = yes winbind enum groups = yes winbind nested groups = yes log file = /var/log/samba/log.%m log level = 3 max log size = 50 client use spnego = yes Kerberos method = secrets and keytab guest account = nobody restrict anonymous = 1 name resolve order = lmhosts host wins

当通过主机名访问时,Sambalogin客户端: 

 [2016/06/21 15:55:43.137781, 3] ../source3/smbd/oplock.c:1307(init_oplocks) init_oplocks: initializing messages. [2016/06/21 15:55:43.137893, 3] ../source3/smbd/process.c:1879(process_smb) Transaction 0 of length 178 (0 toread) [2016/06/21 15:55:43.138067, 3] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot) Selected protocol SMB3_00 [2016/06/21 15:55:43.233326, 1] ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token) gss_accept_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Request ticket server cifs/[email protected] kvno 2 enctype aes256-cts found in keytab but cannot decrypt ticket] [2016/06/21 15:55:43.233431, 1] ../auth/gensec/spnego.c:533(gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE [2016/06/21 15:55:43.233576, 2] ../auth/gensec/spnego.c:708(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_LOGON_FAILURE [2016/06/21 15:55:43.251411, 3] ../source3/smbd/server_exit.c:249(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)

当通过IP访问时,Sambalogin客户端: 

 [2016/06/21 16:01:13.641761, 3] ../source3/smbd/oplock.c:1307(init_oplocks) init_oplocks: initializing messages. [2016/06/21 16:01:13.641862, 3] ../source3/smbd/process.c:1879(process_smb) Transaction 0 of length 159 (0 toread) [2016/06/21 16:01:13.641911, 3] ../source3/smbd/process.c:1489(switch_message) switch message SMBnegprot (pid 21421) conn 0x0 [2016/06/21 16:01:13.642768, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2016/06/21 16:01:13.642812, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [LANMAN1.0] [2016/06/21 16:01:13.642838, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2016/06/21 16:01:13.642857, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [LM1.2X002] [2016/06/21 16:01:13.642887, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [LANMAN2.1] [2016/06/21 16:01:13.642907, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [NT LM 0.12] [2016/06/21 16:01:13.642930, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [SMB 2.002] [2016/06/21 16:01:13.642953, 3] ../source3/smbd/negprot.c:576(reply_negprot) Requested protocol [SMB 2.???] [2016/06/21 16:01:13.643119, 3] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot) Selected protocol SMB2_FF [2016/06/21 16:01:13.644183, 3] ../source3/smbd/negprot.c:684(reply_negprot) Selected protocol SMB 2.??? [2016/06/21 16:01:13.651953, 3] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot) Selected protocol SMB3_00 [2016/06/21 16:01:13.664615, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 [2016/06/21 16:01:13.885538, 3] ../auth/ntlmssp/ntlmssp_server.c:449(ntlmssp_server_preauth) Got user=[username] domain=[DOMAIN] workstation=[CLIENT] len1=24 len2=294 [2016/06/21 16:01:13.885688, 3] ../source3/param/loadparm.c:3653(lp_load_ex) lp_load_ex: refreshing parameters [2016/06/21 16:01:13.885828, 3] ../source3/param/loadparm.c:544(init_globals) Initialising global parameters [2016/06/21 16:01:13.885979, 3] ../source3/param/loadparm.c:2596(lp_do_section) Processing section "[global]" [2016/06/21 16:01:13.886255, 2] ../source3/param/loadparm.c:2613(lp_do_section) Processing section "[httpd]" [2016/06/21 16:01:13.886373, 2] ../source3/param/loadparm.c:2613(lp_do_section) Processing section "[sites]" [2016/06/21 16:01:13.886469, 2] ../source3/param/loadparm.c:2613(lp_do_section) Processing section "[jenkins]" [2016/06/21 16:01:13.886579, 3] ../source3/param/loadparm.c:1493(lp_add_ipc) adding IPC service [2016/06/21 16:01:13.887686, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [DOMAIN]\[username]@[CLIENT] with the new password interface [2016/06/21 16:01:13.887727, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [DOMAIN]\[username]@[CLIENT] [2016/06/21 16:01:13.891180, 3] ../source3/auth/auth.c:249(auth_check_ntlm_password) check_ntlm_password: winbind authentication for user [username] succeeded [2016/06/21 16:01:13.891249, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password) check_ntlm_password: authentication for user [username] -> [username] -> [DOMAIN\username] succeeded [2016/06/21 16:01:13.891305, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2016/06/21 16:01:13.891331, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 [2016/06/21 16:01:13.891384, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2016/06/21 16:01:13.891408, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 [2016/06/21 16:01:13.892047, 3] ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias) pdb_create_builtin_alias: Could not get a gid out of winbind [2016/06/21 16:01:13.892087, 2] ../source3/auth/token_util.c:564(finalize_local_nt_token) WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? [2016/06/21 16:01:13.892293, 3] ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias) pdb_create_builtin_alias: Could not get a gid out of winbind [2016/06/21 16:01:13.892330, 2] ../source3/auth/token_util.c:589(finalize_local_nt_token) WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids? [2016/06/21 16:01:13.927041, 3] ../source3/smbd/password.c:144(register_homes_share) Adding homes service for user 'DOMAIN\username' using home directory: '/home/username'