我在Ubuntu中使用system-config-samba设置了读/写权限。 我configuration我的用户也是一个smbuser。
在我所有的其他系统上(2 Win10,1 Win8,1 Ubuntu),我被提示input用户名和密码(因为在smb.conf中guest ok = no ,并且只有一个有效用户)。
问题是,Win Server 2012没有得到这个提示,更糟糕的是,可以绕过authentication,读取目标机器上的所有共享。
起初我以为这可能是一个小故障,Server 2012中的用户名与Ubuntu机器和smbuser相同,但即使更改了Win服务器的用户名,问题仍然存在。
无论如何,我看这似乎是一个巨大的安全漏洞的某种。 我已经validation没有可能正在使用的存储凭据。
smb.conf包括:
usershare allow guests = no username map = /etc/samba/smbusers security = user encrypt passwords = yes guest ok = no guest account = nobody [ShareName] path = /media/[user]/[ext4_drive]/[share folder] writeable = yes browseable = yes guest ok = no valid users = [user]
更新:
在/ var /日志/桑巴/日志:
[2015/10/29 14:49:30.544283, 2] ../source3/param/loadparm.c:3581(do_section) Processing section "[public]" [2015/10/29 14:49:30.544373, 0] ../source3/param/loadparm.c:3188(lp_do_parameter) Global parameter usershare allow guests found in service section! [2015/10/29 14:49:30.544402, 0] ../source3/param/loadparm.c:3188(lp_do_parameter) Global parameter username map found in service section! [2015/10/29 14:49:30.544428, 0] ../source3/param/loadparm.c:3188(lp_do_parameter) Global parameter security found in service section! [2015/10/29 14:49:30.544452, 0] ../source3/param/loadparm.c:3188(lp_do_parameter) Global parameter encrypt passwords found in service section! [2015/10/29 14:49:30.544489, 0] ../source3/param/loadparm.c:2376(service_ok) WARNING: No path in service public - making it unavailable! [2015/10/29 14:49:30.544513, 1] ../source3/param/loadparm.c:2383(service_ok) NOTE: Service public is flagged unavailable. [2015/10/29 14:49:30.544537, 2] ../source3/param/loadparm.c:3581(do_section) Processing section "[printers]" [2015/10/29 14:49:30.544577, 0] ../source3/param/loadparm.c:2363(service_ok) WARNING: [printers] service MUST be printable! [2015/10/29 14:49:30.544603, 0] ../source3/param/loadparm.c:2376(service_ok) WARNING: No path in service printers - making it unavailable! [2015/10/29 14:49:30.544626, 1] ../source3/param/loadparm.c:2383(service_ok) NOTE: Service printers is flagged unavailable. [2015/10/29 14:49:30.544650, 2] ../source3/param/loadparm.c:3581(do_section) Processing section "[ShareName]" [2015/10/29 14:49:30.544677, 0] ../source3/param/loadparm.c:3188(lp_do_parameter) Global parameter security found in service section! [2015/10/29 14:49:30.544860, 2] ../source3/lib/interface.c:341(add_interface) added interface eth1 ip=[IP] bcast=[BCAST] netmask=[MASK] [2015/10/29 14:51:50.380113, 2] ../source3/smbd/open.c:972(open_file) [USER] opened file test.txt read=No write=No (numopen=3) [2015/10/29 14:51:50.381445, 2] ../source3/smbd/close.c:780(close_normal_file) [USER] closed file test.txt (numopen=2) NT_STATUS_OK [2015/10/29 14:51:51.428034, 2] ../source3/smbd/open.c:972(open_file) [USER] opened file test.txt read=Yes write=No (numopen=2) [2015/10/29 14:51:51.433698, 2] ../source3/smbd/open.c:972(open_file) [USER] opened file test - Copy.txt read=Yes write=Yes (numopen=3) [2015/10/29 14:52:06.492354, 2] ../source3/smbd/close.c:780(close_normal_file) [USER] closed file test.txt (numopen=3) NT_STATUS_OK [2015/10/29 14:52:06.492925, 2] ../source3/smbd/close.c:780(close_normal_file) [USER] closed file test - Copy.txt (numopen=2) NT_STATUS_OK
你必须findWindows机器使用的凭据。 你可以尝试两种不同的(和补充)方法:
/etc/samba/smb.conf文件中添加log level = 2指令。 然后,看一下/var/log/samba/ Win2012机器find凭证用户后,应该很容易理解它发生了什么。
问题的本质是在Ubuntu系统和Windows Server中,用户名和密码都是相同的。
不知道这是一个方便还是一个安全漏洞。