我有一台Debian正在运行的计算机Samba。我从另一台正在运行的计算机访问服务器Windows 7。作为访客,我可以将共享列为只读、强制用户等。但我无法使用任何凭据访问 Samba 服务器。我只能\\ip\storage 无法访问。
这是我的配置:
* 用户作为真实用户存在
* samba 以 * 身份运行security = user
* 我已经添加了用户smbpasswd -a user
* 日志没有显示任何错误
* testparm 显示以下内容:
[global]
server string = %h server
interfaces = 127.0.0.0/8, eth1
bind interfaces only = Yes
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[cdrom]
comment = Samba server's CD-ROM
path = /cdrom
guest ok = Yes
locking = No
[allusers]
comment = Access to all users
path = /home/samba-all-users
valid users = @sambashare
force group = sambashare
read only = No
create mask = 0770
directory mask = 0771
[guest]
comment = Read/Write Guest Account Access
path = /home/samba-guest
force group = sambashare
read only = No
create mask = 0775
directory mask = 0775
guest only = Yes
guest ok = Yes
[storage]
comment = Music
path = /home/daniel/storage
笔记:
* samba 版本为 3.6.6
* 客户端运行的是 Windows 7 Home Premium
* 我在这台电脑上有一个带 iptables 的防火墙,但在进行这些测试时它只执行 ICS。所有规则默认设置为 ACCEPT。
答案1
Windows 7 网络客户端需要默认数据包签名(以防止中间人攻击)和 Samba禁用默认情况下,数据包签名。您的客户端和服务器可能无法就此项目相互协商。因此,您可以通过以下两种方式之一解决此问题。
服务器端解决方案:在 Samba 上启用数据包签名
将以下内容添加到您的 smb.conf:
server signing = auto
重新启动服务并重试。
你也可以尝试使用mandatory。auto阅读文档这里。
客户端解决方案:在 Microsoft 网络客户端上禁用数据包签名
首先,打开本地组策略编辑器:
- 按下“开始”按钮
gpedit.msc在开始搜索框中输入内容,然后按 Enter
在本地组策略编辑器中,转到:
Local Computer Policy->
Computer Configuration->
Windows Settings->
Security Settings->
Local Policies->
Security Options
查找策略:
Microsoft network client: Digitally sign communications (always)
如果已启用,请将其更改为已禁用。按应用,重新启动计算机,然后重试。
答案2
答案3
这是我的工作配置(在 OpenSUSE 11,3 smbd 版本 3.5.4-5.11.1-2573-SUSE-SL11.3 上):
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = no
domain logons = Yes
domain master = Yes
security = users
wins support = No
hosts allow = 192.168.0.*
[personal_projects]
inherit acls = No
path = /data_storage/personal_projects
read only = No
admin users = backupcat
available = Yes
browseable = Yes
comment = Komodo projects
guest ok = No
hosts allow = 192.168.0.*
valid users = @users
write list = @users
用你的配置尝试一下。
答案4
也许可能性不大,但 idmap config * 调用 winbind,你的 nsswitch.conf 看起来怎么样?特别是关于 passwd 的几行:
如果你还没有阅读,可以参考这里: http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
问候