Samba 不接受凭证

tag-icon tag-icon linux debian samba
Samba 不接受凭证

我有一台Debian正在运行的计算机Samba。我从另一台正在运行的计算机访问服务器Windows 7。作为访客,我可以将共享列为只读、强制用户等。但我无法使用任何凭据访问 Samba 服务器。我只能\\ip\storage 无法访问

这是我的配置:
* 用户作为真实用户存在
* samba 以 * 身份运行security = user
* 我已经添加了用户smbpasswd -a user
* 日志没有显示任何错误
* testparm 显示以下内容:

[global]
    server string = %h server
    interfaces = 127.0.0.0/8, eth1
    bind interfaces only = Yes
    map to guest = Bad User
    obey pam restrictions = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    dns proxy = No
    usershare allow guests = Yes
    panic action = /usr/share/samba/panic-action %d
    idmap config * : backend = tdb

[homes]
    comment = Home Directories
    valid users = %S
    read only = No
    create mask = 0700
    directory mask = 0700
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    create mask = 0700
    printable = Yes
    print ok = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers

[cdrom]
    comment = Samba server's CD-ROM
    path = /cdrom
    guest ok = Yes
    locking = No

[allusers]
    comment = Access to all users
    path = /home/samba-all-users
    valid users = @sambashare
    force group = sambashare
    read only = No
    create mask = 0770
    directory mask = 0771

[guest]
    comment = Read/Write Guest Account Access
    path = /home/samba-guest
    force group = sambashare
    read only = No
    create mask = 0775
    directory mask = 0775
    guest only = Yes
    guest ok = Yes

[storage]
    comment = Music
    path = /home/daniel/storage

笔记:
* samba 版本为 3.6.6
* 客户端运行的是 Windows 7 Home Premium
* 我在这台电脑上有一个带 iptables 的防火墙,但在进行这些测试时它只执行 ICS。所有规则默认设置为 ACCEPT。

答案1

Windows 7 网络客户端需要默认数据包签名(以防止中间人攻击)和 Samba禁用默认情况下,数据包签名。您的客户端和服务器可能无法就此项目相互协商。因此,您可以通过以下两种方式之一解决此问题。

服务器端解决方案:在 Samba 上启用数据包签名

将以下内容添加到您的 smb.conf:

server signing = auto

重新启动服务并重试。

你也可以尝试使用mandatoryauto阅读文档这里

客户端解决方案:在 Microsoft 网络客户端上禁用数据包签名

首先,打开本地组策略编辑器:

  1. 按下“开始”按钮
  2. gpedit.msc在开始搜索框中输入内容,然后按 Enter

在本地组策略编辑器中,转到:

Local Computer Policy->
  Computer Configuration->
    Windows Settings->
      Security Settings->
        Local Policies->
          Security Options

查找策略:

Microsoft network client: Digitally sign communications (always)

如果已启用,请将其更改为已禁用。按应用,重新启动计算机,然后重试。

答案2

您可以查看超级用户上的类似问题以寻找可能的解决方案(https://superuser.com/questions/699240/windows-7-laptop-cant-reliably-connect-to-my-linux-smb-shared-directory/699273#699273

答案3

这是我的工作配置(在 OpenSUSE 11,3 smbd 版本 3.5.4-5.11.1-2573-SUSE-SL11.3 上):

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = no
domain logons = Yes
domain master = Yes
security = users
wins support = No
hosts allow = 192.168.0.*

[personal_projects]
inherit acls = No
path = /data_storage/personal_projects
read only = No
admin users = backupcat
available = Yes
browseable = Yes
comment = Komodo projects
guest ok = No
hosts allow = 192.168.0.*
valid users = @users
write list = @users

用你的配置尝试一下。

答案4

也许可能性不大,但 idmap config * 调用 winbind,你的 nsswitch.conf 看起来怎么样?特别是关于 passwd 的几行:

如果你还没有阅读,可以参考这里: http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html

问候

相关内容