我正在尝试配置 Samba 以共享公共文件夹 - 无需登录。我正在使用 Fedora 16。
$ smbd --version
Version 3.6.1-74.fc16
配置:
[global]
workgroup = WORKGROUP
security = share
hosts allow = 192.168.
load printers = yes
guest account = nobody
log file = /var/log/samba/log.%m
max log size = 50
domain master = no
local master = yes
os level = 35
null passwords = true
username map = /etc/samba/smbusers
name resolve order = hosts wins bcast
dns proxy = no
[test]
comment = Pliki Estomedu
path = /tmp/test/share
public = yes
writable = yes
browseable = yes
force user = nobody
force group = nogroup
create mask = 0777
directory mask = 0777
available = yes
小路:
ls -la /tmp/test/share/
total 8
drwxr-xr-x. 2 root root 4096 Nov 14 13:09 .
drwxrwxrwx. 3 root root 4096 Nov 14 13:09 ..
smbusers:
# Unix_name = SMB_name1 SMB_name2 ...
root = admin
nobody = guest pcguest smbguest
当我尝试连接时(提供空密码)得到的结果:
$ smbclient \\\\localhost\\test
WARNING: The security=share option is deprecated
Enter root's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.1-74.fc16]
Server not using user level security and no password supplied.
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
请帮忙。共享在 WinXP 和 Win7 中可见,但也收到访问被拒绝的消息。
答案1
我发现一条警报:
SELinux is preventing /usr/sbin/smbd from read access on the directory share.
最好的解决方案是仅允许共享选定的目录:
/usr/sbin/semanage fcontext -a -t samba_share_t <path>
您还可以允许 SAMBA 共享所有目录:
setsebool -P samba_export_all_ro 1
答案2
我和你有同样的问题,我在 smb.conf 中看到了这一点。它解决了我的问题
安全增强型 Linux (SELinux) 注意事项:
#
# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
# and groupadd family of binaries. Run the following command as the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share home
# directories via Samba. Run the following command as the root user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level directory, label it
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
# not label system directories, such as /etc/ and /home/, with samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
# directories. To share such directories and only allow read-only permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
# their existing SELinux labels, which may be labels that SELinux does not allow
# smbd to run. Copying the scripts will result in the correct SELinux labels.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
# apply the correct SELinux labels to these files.