无法从其他子网访问 Samba 共享

无法从其他子网访问 Samba 共享

感谢您查看我的问题并与我一起思考解决方案。我在子网 172.23.3.55/23 (2.0 --> 3.255) 上有一个 samba 服务器,在该子网内我可以毫无问题地访问该服务器。此外,位于同一核心交换机上的 172.23.4.0/23 子网也可以毫无问题地访问服务器。即使我们的Office子网129.228.114.0/23也可以毫无问题地通过防火墙访问系统。但是,当我连接到我们的 VPN 网络 172.23.45.0/24 或当我来自具有完全不同范围的不同办公室时,我无法访问服务器。服务器响应,我需要登录,但登录总是被拒绝。

这是我的 smb.conf 的 [global] 和 [share] 部分

        workgroup = localdomain.nmc
        netbios name = AMS-QTGW02
        server string = %h server (Samba %v)
#        hosts allow = 172.23.202.0/24 172.23.45.0/24 129.228.114.0/23 
129.228.70.0/24 129.228.109.42 129.228.109.83
        force user = nobody
        force group = nobody
        force create mode = 0666
        force directory mode = 0777
        create mode = 0666
        directory mode = 0777
        guest account = vimn

        security = user
        passdb backend = tdbsam
        ntlm auth = yes

        log file = /var/log/samba/log.%m
        log level = 2 passdb:5 auth:5
        max log size = 50M

        #Performance Tuning:
        use sendfile = true
        kernel oplocks = no
        strict locking = no

        #FUCK OSX!
        veto files = /.DS_Store/.AppleDesktop/.AppleDB/.AppleDouble/.Temporary Items/
        delete veto files = yes

        printing = cups
        printcap name = cups
        load printers = no
        cups options = raw

[AMS-HATCH]
        comment = HATCH Storage Share (AutoCleaned 30 Days)
        path = /quantum/AMS-HATCH
        browseable = yes
        writable = yes
        guest ok = yes
        force user = nobody
        force group = nobody
        valid users = @LinuxAdmins, vimn, mll

正如你所看到的,我对“主机允许”行进行了哈希处理,以便所有 IP 都可以访问它们,稍后当一切正常时,我想限制通过该行的访问(或“主机拒绝”)。

凭据已被多次检查,并且输入正确。我红色了一些有关 samba-winbond 的内容以禁用非域服务器,但我没有安装它,是否有一个我不知道的设置是我错误或应该使用的?

在本次会话的日志文件中,我有以下内容:

[2018/02/19 11:21:07.724423,  5] 
../source3/auth/server_info_sam.c:122(make_server_info_sam)
  make_server_info_sam: made server info for user vimn -> vimn
[2018/02/19 11:21:07.724461,  3] 
../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: sam authentication for user [vimn] succeeded
[2018/02/19 11:21:07.724516,  5] 
../source3/auth/auth.c:292(auth_check_ntlm_password)
  check_ntlm_password:  PAM Account for user [vimn] succeeded
[2018/02/19 11:21:07.724537,  2] 
../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [vimn] -> [vimn] -> [vimn] 
succeeded
[2018/02/19 11:21:07.725216,  5] 
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
  lookup_global_sam_rid: looking up RID 513.
[2018/02/19 11:21:07.725264,  5] 
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2018/02/19 11:21:07.725300,  5] 
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
  Can't find a unix id for an unmapped group
[2018/02/19 11:21:07.725317,  5] 
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
  SID S-1-5-21-3363938291-73671434-3978610123-513 belongs to our domain, but 
there is no corresponding object in the database.

密码验证正确,但连接仍然中断。

非常感谢大家。

编辑:添加了日志部分。

答案1

没有人提供答案,但问题不再存在。

相关内容