使用 AD 对 samba 用户进行身份验证

使用 AD 对 samba 用户进行身份验证

因此,我有一台 ubuntu 20.04 机器,我想将其用作使用 samba 的域的存储服务器。服务器不是 DC,但它像任何其他使用realmd和的计算机一样加入域sssd(我使用了本指南https://computingforgeeks.com/join-ubuntu-debian-to-active-directory-ad-domain/)。这部分有效,我可以作为域用户登录,并且可以查看 Windows 广告服务器中设置的所有用户组。我试图创建一个测试目录(每个人都可以读/写)只是为了测试连接,但我什至无法让 samba 运行。我已经尝试过了passdb backend = ldapsam:\\security = ads但无法让它工作:两者都会使smbd.service.以下是两次尝试的日志:

  pdb backend ldapsam:"ldap://domain.com" did not correctly init (error was NT_STATUS_NO_MEMORY)
[2020/12/16 11:59:00.312383,  0] ../../source3/smbd/server.c:1775(main)
  smbd version 4.11.6-Ubuntu started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
[2020/12/16 11:59:00.314300,  0] ../../source3/passdb/secrets.c:364(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2020/12/16 11:59:00.314376,  0] ../../source3/passdb/pdb_ldap.c:6653(pdb_init_ldapsam_common)
  pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb
[2020/12/16 11:59:00.314397,  0] ../../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
  pdb backend ldapsam:"ldap://domain.com" did not correctly init (error was NT_STATUS_NO_MEMORY)
[2020/12/16 12:06:22.284853,  0] ../../source3/smbd/server.c:1775(main)
  smbd version 4.11.6-Ubuntu started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
[2020/12/16 12:06:22.295245,  0] ../../source3/auth/auth_util.c:1384(make_new_session_info_guest)
  create_local_token failed: NT_STATUS_INVALID_PARAMETER_MIX
[2020/12/16 12:06:22.295361,  0] ../../source3/smbd/server.c:2034(main)
  ERROR: failed to setup guest info.

配置文件(第一次)

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
    workgroup = domain
    kerberos method = secrets and keytab
    passdb backend = ldapsam:"ldap://domain.com"
    realm = domain.com

第二次配置文件


## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
    workgroup = WORKGROUP
    realm = domain.com
    security = ads

测试分享

[test]
    comment = test
    path = /test/
    browsable = yes
    valid users = +"HOME\Domain Users"

相关内容