已拥有共享和 NTFS 权限Everyone - 完全控制//10.180.102.11/Data
.
//10.180.102.11/Data
我已经在加入的文件服务器域下设置了共享。
我想访问//10.180.102.11/Data/IT_Folder/Projects
.
mount -t cifs //10.180.102.11/Data/IT_Folder/Projects /share -o username=guest,password="",vers=1.0
我正进入(状态 NT_STATUS_ACCESS_DENIED
。
我需要安装其他东西吗?我需要配置一些东西吗?
最后更新 :
SMB Session Authentication Failure
Client Name: \\xx.xx.xx.xx
Client Address: xx.xx.xx.xx:40006
User Name:
Session ID: 0x204029000002D
Status: The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested. (0xC0000234)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
答案1
首先要做的是使用有效的用户名和密码,其次是停止使用过时的 SMB v1。
尝试这样的操作,替换contoso.com
为您的 AD 域、realuser
真实有效的用户名和whatever
相应的密码。我在本示例中使用了 SMB v3.0,因为所有受支持的 Windows 服务器都直接处理此问题。
mount -t cifs //10.180.102.11/Data/IT_Folder/Projects /share -o 'domain=contoso.com,username=realuser,password=whatever,vers=3.0'
一旦此操作成功,我强烈建议您将凭据从命令行移至安全文件中。密码仍然以明文形式存储,但至少不在公开可读的文件中
cat >/etc/smb_credentials <<'EOF'
domain=contoso.com
username=realuser
password=whatever
EOF
chown root:root /etc/smb_credentials
chmod 600 /etc/smb_credentials # user: read/write, group+others: no access
mount -t cifs //10.180.102.11/Data/IT_Folder/Projects /share -o 'credentials=/etc/smb_credentials,vers=3.0'