Samba 公共共享 - 访问被拒绝

Samba 公共共享 - 访问被拒绝

我正在尝试配置 Samba 以共享公共文件夹 - 无需登录。我正在使用 Fedora 16。

$ smbd --version
Version 3.6.1-74.fc16

配置:

[global]
   workgroup = WORKGROUP
   security = share
   hosts allow =  192.168.
   load printers = yes
   guest account = nobody
   log file = /var/log/samba/log.%m
   max log size = 50
   domain master = no
   local master = yes
   os level = 35
   null passwords = true
   username map = /etc/samba/smbusers
   name resolve order = hosts wins bcast
   dns proxy = no

[test]
   comment = Pliki Estomedu
   path = /tmp/test/share
   public = yes
   writable = yes
   browseable = yes
   force user = nobody
   force group = nogroup
   create mask = 0777
   directory mask = 0777
   available = yes

小路:

ls -la /tmp/test/share/
total 8
drwxr-xr-x. 2 root root 4096 Nov 14 13:09 .
drwxrwxrwx. 3 root root 4096 Nov 14 13:09 ..

smbusers:

# Unix_name = SMB_name1 SMB_name2 ...
root = admin
nobody = guest pcguest smbguest

当我尝试连接时(提供空密码)得到的结果:

$ smbclient \\\\localhost\\test
WARNING: The security=share option is deprecated
Enter root's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.1-74.fc16]
Server not using user level security and no password supplied.
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*

请帮忙。共享在 WinXP 和 Win7 中可见,但也收到访问被拒绝的消息。

答案1

我发现一条警报:

SELinux is preventing /usr/sbin/smbd from read access on the directory share.

最好的解决方案是仅允许共享选定的目录:

/usr/sbin/semanage fcontext -a -t samba_share_t <path>

您还可以允许 SAMBA 共享所有目录:

setsebool -P samba_export_all_ro 1

答案2

我和你有同样的问题,我在 smb.conf 中看到了这一点。它解决​​了我的问题

安全增强型 Linux (SELinux) 注意事项:

#
# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
# and groupadd family of binaries. Run the following command as the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share home
# directories via Samba. Run the following command as the root user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level directory, label it
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
# not label system directories, such as /etc/ and /home/, with samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
# directories. To share such directories and only allow read-only permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
# their existing SELinux labels, which may be labels that SELinux does not allow
# smbd to run. Copying the scripts will result in the correct SELinux labels.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
# apply the correct SELinux labels to these files.

相关内容