Samba:只能从 Windows 通过 IP 访问共享

tag-icon tag-icon samba centos7
Samba:只能从 Windows 通过 IP 访问共享

我有几个运行 Samba v3.6 的 CentOS 7 服务器,它们加入了 Windows Server 2008 R2 Active Directory 域,我的客户端是 Windows 10。我无法使用主机名访问某些服务器上的 samba 共享,只能通过 IP 地址访问。

我已经检查过的内容:

  • DNS 工作正常。当我尝试通过主机名访问服务器时,samba 中会生成客户端日志。
  • “wbinfo -u”列出所有 Active Directory 用户
  • “getent passwd” 列出了具有 Unix 访问权限的本地用户和 Active Directory 用户。客户端的 SSH 访问适用于尝试访问共享的同一用户。
  • 时间通过 NTP 与域控制器同步

Samba 配置:

[global]
  netbios name = SERVERNAME
  workgroup = DOMAIN
  realm = DOMAIN.INT
  security = ads
  idmap config * : backend = nss
  idmap config * : range = 500-100000000
  idmap config DOMAIN : backend = ad
  idmap config DOMAIN : default = yes
  idmap config DOMAIN : range = 500-100000000
  idap config DOMAIN : schema_mode = rfc2307
  template shell = /bin/bash
  template homedir = /home/%U
  winbind nss info = rfc2307
  winbind use default domain = yes
  winbind offline logon = true
  winbind enum users = yes
  winbind enum groups = yes
  winbind nested groups = yes
  log file = /var/log/samba/log.%m
  log level = 3
  max log size = 50
  client use spnego = yes
  Kerberos method = secrets and keytab
  guest account = nobody
  restrict anonymous = 1
  name resolve order = lmhosts host wins

客户端通过主机名访问时的 Samba 日志:

[2016/06/21 15:55:43.137781,  3] ../source3/smbd/oplock.c:1307(init_oplocks)
  init_oplocks: initializing messages.
[2016/06/21 15:55:43.137893,  3] ../source3/smbd/process.c:1879(process_smb)
  Transaction 0 of length 178 (0 toread)
[2016/06/21 15:55:43.138067,  3] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_00
[2016/06/21 15:55:43.233326,  1] ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token)
  gss_accept_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: Request ticket server cifs/[email protected] kvno 2 enctype aes256-cts found in keytab but cannot decrypt ticket]
[2016/06/21 15:55:43.233431,  1] ../auth/gensec/spnego.c:533(gensec_spnego_parse_negTokenInit)
  SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2016/06/21 15:55:43.233576,  2] ../auth/gensec/spnego.c:708(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2016/06/21 15:55:43.251411,  3] ../source3/smbd/server_exit.c:249(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)

客户端通过 IP 访问时的 Samba 日志:

[2016/06/21 16:01:13.641761,  3] ../source3/smbd/oplock.c:1307(init_oplocks)
  init_oplocks: initializing messages.
[2016/06/21 16:01:13.641862,  3] ../source3/smbd/process.c:1879(process_smb)
  Transaction 0 of length 159 (0 toread)
[2016/06/21 16:01:13.641911,  3] ../source3/smbd/process.c:1489(switch_message)
  switch message SMBnegprot (pid 21421) conn 0x0
[2016/06/21 16:01:13.642768,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2016/06/21 16:01:13.642812,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [LANMAN1.0]
[2016/06/21 16:01:13.642838,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2016/06/21 16:01:13.642857,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [LM1.2X002]
[2016/06/21 16:01:13.642887,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [LANMAN2.1]
[2016/06/21 16:01:13.642907,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [NT LM 0.12]
[2016/06/21 16:01:13.642930,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [SMB 2.002]
[2016/06/21 16:01:13.642953,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [SMB 2.???]
[2016/06/21 16:01:13.643119,  3] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2016/06/21 16:01:13.644183,  3] ../source3/smbd/negprot.c:684(reply_negprot)
  Selected protocol SMB 2.???
[2016/06/21 16:01:13.651953,  3] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_00
[2016/06/21 16:01:13.664615,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2016/06/21 16:01:13.885538,  3] ../auth/ntlmssp/ntlmssp_server.c:449(ntlmssp_server_preauth)
  Got user=[username] domain=[DOMAIN] workstation=[CLIENT] len1=24 len2=294
[2016/06/21 16:01:13.885688,  3] ../source3/param/loadparm.c:3653(lp_load_ex)
  lp_load_ex: refreshing parameters
[2016/06/21 16:01:13.885828,  3] ../source3/param/loadparm.c:544(init_globals)
  Initialising global parameters
[2016/06/21 16:01:13.885979,  3] ../source3/param/loadparm.c:2596(lp_do_section)
  Processing section "[global]"
[2016/06/21 16:01:13.886255,  2] ../source3/param/loadparm.c:2613(lp_do_section)
  Processing section "[httpd]"
[2016/06/21 16:01:13.886373,  2] ../source3/param/loadparm.c:2613(lp_do_section)
  Processing section "[sites]"
[2016/06/21 16:01:13.886469,  2] ../source3/param/loadparm.c:2613(lp_do_section)
  Processing section "[jenkins]"
[2016/06/21 16:01:13.886579,  3] ../source3/param/loadparm.c:1493(lp_add_ipc)
  adding IPC service
[2016/06/21 16:01:13.887686,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [DOMAIN]\[username]@[CLIENT] with the new password interface
[2016/06/21 16:01:13.887727,  3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [DOMAIN]\[username]@[CLIENT]
[2016/06/21 16:01:13.891180,  3] ../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: winbind authentication for user [username] succeeded
[2016/06/21 16:01:13.891249,  2] ../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [username] -> [username] -> [DOMAIN\username] succeeded
[2016/06/21 16:01:13.891305,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2016/06/21 16:01:13.891331,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088215
[2016/06/21 16:01:13.891384,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2016/06/21 16:01:13.891408,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088215
[2016/06/21 16:01:13.892047,  3] ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2016/06/21 16:01:13.892087,  2] ../source3/auth/token_util.c:564(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate gids?
[2016/06/21 16:01:13.892293,  3] ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2016/06/21 16:01:13.892330,  2] ../source3/auth/token_util.c:589(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2016/06/21 16:01:13.927041,  3] ../source3/smbd/password.c:144(register_homes_share)
  Adding homes service for user 'DOMAIN\username' using home directory: '/home/username'

相关内容