错误消息 CIFS VFS:协议重新验证 - 安全设置不匹配

tag-icon tag-icon debian samba xubuntu
错误消息 CIFS VFS:协议重新验证 - 安全设置不匹配

服务器:Debian 8,客户端:一些 Windows 和一些 Xubuntu 16.04

由于我将一个 Xubuntu 客户端更新到 4.13.0-26,我无法挂载 samba 共享。

[20390.135208] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[20390.161744] CIFS VFS: protocol revalidation - security settings mismatch
[20390.162553] CIFS VFS: session ffffa06a57c23a00 has no tcon available for a dfs referral request
[20390.163395] CIFS VFS: cifs_mount failed w/return code = -5

我知道这与 smb-Protokoll 有关,但是当我使用

testparm -v | grep protocol

在我的服务器上它说:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[firmendaten]"
Processing section "[downloads]"

Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

    server max protocol = SMB3
    server min protocol = LANMAN1
    client max protocol = default
    client min protocol = CORE
    client ipc max protocol = default
    client ipc min protocol = default

这是我的 smb.conf:

[global]
    workgroup = MYGROUP
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = Yes
        os level = 20
        netbios name = SERVER
    server string = Linux Server 2013
    domain master = yes
        load printers = yes
        allow insecure wide links = yes
        follow symlinks = yes
        wide links = yes
    unix extensions = no


[homes]
    recycle:touch = Yes
    browseable = No
    writeable = yes
    invalid users = daten
    vfs object = recycle 
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    recycle:keeptree = Yes
    comment = Home Directories
    valid users = %S,%D%w%S
    recycle:repository = .Papierkorb
    recycle:versions = Yes
    recycle:directory_mode = 0700
    inherit acls = Yes


[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700


[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon


[printers]
    browseable = no
    writeable = yes
    printable = yes
    path = /var/tmp
    create mask = 0700
    comment = Alle Drucker
    public = yes

[print$]
    path = /var/lib/samba/drivers
    write list = root,@ntadmin
    force group = ntadmin
    create mask = 0664
    comment = Printer Drivers
    directory mask = 0775
    valid users = @firma,@privat

[firmendaten]
    write list = @users
    recycle:excludedir = /tmp,/temp,/cache,.Papierkorb
    force directory mode = 0770
    force group = firma
    recycle:keeptree = Yes
    inherit acls = Yes
    recycle:touch = Yes
    vfs objects = recycle
    writeable = yes
    path = /home/files/firma
    preexec = mkdir -p .Papierkorb
    force create mode = 0770
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    comment = Firmendaten
    valid users = @firma
    create mode = 0770
    recycle:repository = .Papierkorb
    recycle:versions = Yes
    recycle:directory_mode = 0770
    directory mode = 0770

[downloads]
    recycle:excludedir = /tmp,/temp,/cache,.Papierkorb
    write list = @users
    force group = firma
    recycle:keeptree = Yes
    create mask = 0770
    inherit acls = Yes
    recycle:touch = Yes
    vfs objects = recycle
    writable = yes
    path = /home/files/downloads
    preexec = mkdir -p .Papierkorb
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    directory mask = 0770
    comment = Firmendaten
    recycle:versions = Yes
    recycle:directory_mode = 0770
    recycle:repository = .Papierkorb

据我了解,服务器是否支持 SMB2 和 SMB3。我尝试了这个添加

[home]
min protocol = SMB2

分别

[home]
min protocol = SMB3

比我在服务器中看到的:

server max protocol = SMB3
server min protocol = SMB3

分别

server max protocol = SMB3
server min protocol = SMB2

但客户端还是无法挂载。

这是客户端 fstab 的一部分:

//192.168.0.251/firmendaten /home/username/server/firmendaten cifs gid=1000,uid=1000,file_mode=0660,dir_mode=0770,user,noauto,credentials=/home/username/.smbcredentials

如何使用安全协议 SMB2 / SMB3 进行安装?

提前致谢!

答案1

我找到了解决方案。它适用于在客户端安装时添加版本

//192.168.0.251/firmendaten /home/username/server/firmendaten cifs gid=1000,uid=1000,file_mode=0660,dir_mode=0770,user,noauto,vers=2.1,credentials=/home/username/.smbcredentials

我以为我可以在服务器的 smb.conf 上做一些事情,但这也有效。

相关内容