我有一个 samba 共享设置。我想允许任何人无需任何身份验证即可访问 /mypool/shared 上的公共共享。我还想限制对 /mypool/restricted 的访问。我还创建了一个 /mypool/test 共享,以查看这是否是目录权限问题。
目前,我还没有通过 smbpasswd 添加任何用户。用户“max”是 Linux 服务器上的有效用户。当我通过“smbpasswd -a max; smbpasswd -e max”添加用户“max”并尝试在 Windows 资源管理器中连接到 \sambaserver 时,我收到了密码请求。如果我输入 Max 的凭据,我会收到一条错误消息,提示 \sambaserver 无法访问。如果我不输入用户名和密码,也会发生这种情况。
我至少希望始终能够看到公共共享。如何修复此问题,以便让任何人都能看到 /mypool/shared 目录,但只有经过身份验证的用户才能看到 /mypool/restricted 目录?
顺便说一句,如果我从 samba 中删除用户“max”,我就可以像预期的那样无需任何身份验证即可访问 /mypool/shared 目录。
这是使用从 Ubuntu 22.04 服务器上的 apt install 安装的 samba。我正尝试从 Windows 10 计算机连接到共享。如果我跳转到 Ubuntu 服务器并通过 smbpasswd 添加最大用户,我就可以使用 smbclient 连接到受限共享——但 Windows 无法连接。
我整晚都在玩这个,我感觉身份验证有些奇怪,但我无法确定是什么。任何调试方面的帮助都将不胜感激。
[global]
force user = nobody
min_protocol = SMB3
workgroup = WorkGroup
netbios name = sambaserver
server string = %h server (Samba, Ubuntu)
wins support = yes
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
# My file shares!
[public share]
comment = File Server Share
path = /mypool/shared
browseable = yes
guest ok = yes
read only = no
create mask = 0755
[restricted share]
comment = Restricted Server Share
path = /mypool/restricted
browseable = yes
guest ok = no
read only = no
create mask = 0755
valid users = max
[test share]
comment = Test Server Share
path = /mypool/test
browseable = yes
guest ok = no
read only = no
create mask = 0755
valid users = max
目录列表:
max@sambaserver:/mypool$ ls -la
drwxr-xr-x 5 root root 5 Jan 1 01:52 ./
drwxr-xr-x 20 root root 4096 Dec 30 02:37 ../
drwxr-sr-x 4 max max 4 Dec 31 23:10 restricted/
drwxr-sr-x 12 nobody users 12 Jan 1 01:14 shared/
drwxrwsr-x 2 nobody users 3 Jan 1 01:52 test/
答案1
我终于让它工作了。以下是我必须更改的内容:
- 出于安全原因,Windows 10/11 已禁用 SMB1 协议。这是件好事。虽然您可以将 SMB1 添加到 Windows,但正如您在帖子中看到其他人建议的那样,这非常不安全。相反,我们将 samba 服务器设置为至少使用 SMB2,并使用“最小协议 = SMB2”。
- 通过提高日志级别,我发现即使启用了 SMB2,连接也不会使用加密,这会导致拒绝。因此我们添加了“server smb encrypt = desire”。
- 最后,Windows 将在连接时向 samba 发送当前登录的用户名。因此,对于您想要授予共享访问权限的每个用户名,请确保 Linux 系统上有相应的用户,方法是通过“sudo useradd [用户名]”和 samba 中的“sudo smbpasswd -a [用户]; sudo smbpasswd -e [用户]”。
- 完成后,可以使用“sudo systemctl restart smbd.service nmbd.service”重新启动 samba 服务器
smb.conf 下面是。
另外,如果您无法让 Windows 看到您的 samba 服务器,请尝试安装 avahi-daemon 和 wsdd。我需要这两个程序才能让机器正确公布其名称。您可以使用“sudo apt install avahi-daemon wsdd”安装它们
仅供参考:您可以在共享名称中添加空格,但我还是将其删除了。
smb.conf:
[global]
encrypt passwords = yes
server smb encrypt = desired
min_protocol = SMB2
workgroup = WorkGroup
netbios name = sambaserver
# Uncomment the following line for detailed logs in /var/log/samba
# log level = 5
server string = %h server (Samba, Ubuntu)
wins support = yes
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
# My file shares!
[public]
comment = File Server Share
path = /mypool/shared
browseable = yes
guest ok = yes
read only = no
create mask = 0755
force user = nobody
[restricted]
comment = Restricted Server Share
path = /mypool/restricted
browseable = yes
guest ok = no
read only = no
create mask = 0755
valid users = max