SAMBA:禁用共享的匿名浏览?

tag-icon tag-icon ubuntu lubuntu shared-folders samba4
SAMBA:禁用共享的匿名浏览?

使用 samba 2:4.7.6,基于 Ubuntu 18.04.3 LTS 的 Lubuntu 发行版

有没有办法强制 samba 在枚举共享时请求有效的凭据?

问题:Windows 10 版本 1903 缓存会话凭据。当浏览 SMB 服务器的共享时,它会使用EnumShares2匿名凭据枚举共享 ( ),这些凭据会被缓存。随后尝试连接到需要身份验证的共享失败并显示以下消息:

不允许同一用户使用多个用户名多次连接到服务器或共享资源。断开之前与服务器或共享资源的所有连接,然后重试。

在 Windows 10 1903 中,除了重新启动计算机之外,似乎没有任何方法可以强制 Windows 释放匿名会话。

枚举远程 Windows 计算机上的共享时不会出现此问题,因为自 Windows 1703(Server 2016?,不确定)以来已禁用共享的匿名浏览。

实际上,除非可以说服 samba 不枚举具有匿名凭据的共享,否则 samba 共享在 Windows 10 上几乎 100% 的时间都无法访问,因为用户不可能在没有首先浏览服务器共享的情况下连接到共享。

/var/log/samba 日志文件中没有明显错误。

@smbgroup 只包含一个用户“smb”,该用户是专门为访问共享而创建的。

我的 smb.conf 如下:

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
    server string = %h server (Samba, Ubuntu)

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = yes

   interfaces = 127.0.0.0/8 eth0

   log file = /var/log/samba/log.%m

   max log size = 1000

   syslog = 0
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######
   server role = standalone server

   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

   map to guest = bad user


# Maximum number of usershare. 0 (default) means that usershare is disabled.
   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#======================= Share Definitions =======================


# Added shares

[Anonymous]
 path = /samba/anonymous
 browsable = yes
 writable = no
 read only = yes
 force user = nobody

[SECURED]
 path = /samba/shares
 valid users = @smbgrp
 browsable = yes
 writable = yes
 read only = no

答案1

在您的全局部分中添加:

restrict anonymous = 2

并更改允许来宾,因为它取消了匿名限制:

usershare allow guests = no

相关内容