我在 Linux 机器上设置了一个 Samba 共享,只有当 Windows 关闭时才可以访问它Microsoft 网络客户端:数字签名通信(总是)
他们希望我配置 Linux 端,以允许他们在启用此设置的情况下进行连接。我需要做哪些最低限度的事情才能让 Windows 用户访问此共享,而无需关闭他们端的任何安全选项?
可能相关信息:
- Linux 机器运行的是 SLES 11 SP2 和 Samba 3.6.3
- Windows 机器运行的是带有 Active Directory 的 Windows Server 2008
这是我的 smb.conf:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2012-02-03
[global]
workgroup = $WINDOWS_DOMAIN_NAME
passdb backend = tdbsam
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = domain
idmap gid = 10000-20000
idmap uid = 10000-20000
wins support = No
wins server =
encrypt passwords = yes
[$shareName]
comment = linux share
inherit acls = Yes
path = /home/$user/$shareName
read only = No
available = yes
browseable = yes
public = yes
writable = yes
当他们尝试当前访问共享时,/var/log/messages 中的错误如下:
linux smbd[3336]: [2014/01/24 11:23:25.214046, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
linux smbd[3336]: get_schannel_session_key: could not fetch trust account password for domain '$WINDOWS_DOMAIN_NAME'
linux smbd[3336]: [2014/01/24 11:23:25.216148, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
linux smbd[3336]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server $DOMAIN_CONTROLLER for domain $WINDOWS_DOMAIN_NAME.
linux smbd[3336]: [2014/01/24 11:23:25.219196, 0] auth/auth_domain.c:193(connect_to_domain_password_server)
linux smbd[3336]: connect_to_domain_password_server: unable to open the domain client session to machine $DOMAIN_CONTROLLER. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
答案1
/etc/samba/smb.conf 文件中缺少两个关键语句:
server signing = auto
client signing = auto
这应该可以。