我无法使用 Windows 或 smbclient 访问远程驱动器;根据 samba 日志文件,我的身份验证似乎成功,但getpwuid失败了。服务器(远程)正在运行 CentOS 7.2 和 Samba 4.2.3。客户端是 CentOS 7.2 和 smbclient 4.2.3。日志文件显示:
[2017/05/06 22:57:48.729284, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [developer_prod] -> [developer_prod] -> [developer_prod] succeeded
[2017/05/06 22:57:48.731091, 1] ../source3/auth/token_util.c:430(add_local_groups)
SID S-1-5-21-4007675785-2624567327-467545301-1000 -> getpwuid(16777216) failed
[2017/05/06 22:57:48.731164, 1] ../source3/smbd/sesssetup.c:280(reply_sesssetup_and_X_spnego)
Failed to generate session_info (user and group token) for session setup: NT_STATUS_UNSUCCESSFUL
奇怪的是,SID 对应的是本地用户:
# wbinfo -s S-1-5-21-4007675785-2624567327-467545301-1000
NY4010\developer_prod 1
(ny4010 是我的 samba 服务器机器)即使在客户端我使用域用户登录:
$ smbclient -U 'my_domain\developer_prod' \\\\ny4010\\release 'password'
session setup failed: NT_STATUS_UNSUCCESSFUL
这是我的 smb.conf 文件:
[global]
workgroup = MYDOMAIN
password server = my_domain_server.mydomain.local
realm = MYDOMAIN.LOCAL
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = false
log level = 2
encrypt passwords = yes
unix extensions = no
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = ads
passdb backend = tdbsam
realm = MYDOMAIN.LOCAL
password server = my_domain_server.mydomain.local
local master = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[release]
comment = Shared directory: /prod
path = /prod
browseable = yes
read only = no
valid users = developer_prod
guest ok = yes
public = yes
follow symlinks = yes
wide links = yes
force user = developer_prod
[log]
comment = Shared directory: /prod/log
path = /prod/log
browseable = yes
read only = yes
guest ok = yes
public = yes
我的 nsswitch.conf 文件如下所示: passwd: files winbind
我认为这里的确凿证据是本地用户的 SID 出现在 getpwuid 失败的那行中...
答案1
对于我们来说,在 Centos 7 上的 Samba 版本 4.8.3 之前一切都运行正常,但 Samba 更新 samba-4.9.1-6.el7.x86_64 后它就崩溃了。
我收到了这个错误:
[2019/10/04 11:28:52.458451, 2] ../source3/auth/auth.c:316(auth_check_ntlm_password) check_ntlm_password: 用户 [singh] -> [singh] -> [singh] 的身份验证成功
[2019/10/04 11:28:52.458736, 1]../source3/auth/token_util.c:561(add_local_groups) SID S-1-5-21-xxxxxxx-xxxxxxx-xxxxxxx-16811 -> getpwuid(50000) 失败
因此经过数小时的故障排除后添加温宾代替社保局到“/etc/nsswitch.conf”起作用了。
passwd: files winbind
shadow: files
group: files winbind
还将这些新选项添加到 smb.conf
idmap config *:backend = tdb
idmap config *:range = 1000-9999
## map ids from the domain the ranges may not overlap !
idmap config LIBRARY : backend = rid
idmap config LIBRARY : range = 10000-999999
答案2
清除 Winbind 缓存
如何清除 Winbind 缓存
停止 Winbind 服务:
[root@danny root]# service winbind stop
如果有的话,请停止 Samba 服务:
[root@danny root]# service smb stop
清除 Samba Net 缓存:
[root@danny root]# net cache flush
删除 Winbind 缓存:
[root@danny samba]# cd /var/lib/samba/
# mkdir old && mv *.tdb old/.
如果有的话,启动 samba 服务:
[root@danny samba]# service smb start
启动 Winbind 服务
[root@danny samba]# service winbind start
现在您可以检查一下。