如何在 ADS 安全模式下启用对 Samba 共享的匿名访问?

如何在 ADS 安全模式下启用对 Samba 共享的匿名访问?

我正在尝试在 Samba 配置中启用对单个服务的匿名访问。授权用户访问运行正常,但当我尝试无密码连接时,我收到以下消息:

Anonymous login successful
Domain=[...] OS=[Unix] Server=[Samba
3.3.8-0.51.el5] tree connect failed: NT_STATUS_LOGON_FAILURE

消息日志显示此错误:

... smbd[21262]: [2010/05/24 21:26:39,  0] smbd/service.c:make_connection_snum(1004)
... smbd[21262]:   Can't become connected user!

smb.conf配置如下:

[global]
   security = ads
   obey pam restrictions = Yes
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = true
   valid users = "@domain admins", "@domain users"
   guest account = nobody
   map to guest = Bad User

[evilshare]
   path = /evil/share
   guest ok = yes
   read only = No
   browseable = No

鉴于我已指定“映射到访客 = 错误用户”和“访客正常”,我不明白它为何试图“成为已连接用户”。它不应该试图“成为访客用户”吗?

答案1

消除

有效用户 = “@domain admins”、“@domain users”

来自 [全局],仅在未启用“来宾”的共享中使用它

答案2

查看本教程

您记得重新启动 samba 来提取配置,此外该文件夹的本地权限是什么?

答案3

对我来说,解决方案是设置:

auth methods = guest sam winbind
restrict anonymous = 0
guest account = nobody

当然,请确保nobody创建的用户没有密码:

auth methods = guest sam winbind

相关内容