如何启用 SAMBA 加密并且不需要用户身份验证

如何启用 SAMBA 加密并且不需要用户身份验证

我有一个在 ubuntu 上托管的、运行良好的 SAMBA(版本 4.3.11)共享。

SAMBA 共享对任何用户开放(本地内联网)

我添加加密设置后,流量已加密但突然间开始提示输入凭证

[global]
server signing = mandatory
smb encrypt = mandatory
client signing = mandatory
...

以下是共享设置示例:

[Share1]
path = /mnt1/Share1
guest ok = Yes
browseable = no
writable = yes
force user = ShareUser
force group = ShareGroup
create mask = 0770
directory mask = 0770
hosts allow = ...list of IPs for white-listing....
hosts deny = 0.0.0.0/0
delete readonly = yes

以下是全局设置:

[global]
server signing = mandatory
smb encrypt = mandatory
client signing = mandatory
oplocks = yes
level2 oplocks = no

# New Windows switches
dos filemode = yes
dos filetime resolution = yes
dos filetimes = yes
map acl inherit = yes
inherit acls = yes
inherit owner = yes
inherit permissions = yes
store dos attributes = yes

follow symlinks=yes
wide links = yes
unix extensions = no

strict locking = no
aio read size = 16384
aio write size = 16384

log file = /var/log/samba/samba.log
log level = 2

guest account = nobody
map to guest = Bad User

case sensitive = yes

我想要一个有加密但不需要身份验证的共享

任何帮助都将受到赞赏。

答案1

线路加密需要使用唯一密钥来加密数据包,并在另一端使用相同的唯一密钥进行解密。签名和加密密钥对于每个用户都是唯一的,并且在用户每次连接时验证自身身份时生成。

答案2

还弄清楚了更多细节。

无法同时开启加密和开启访客(无需身份验证)。

证明(来自 SAMBA 来源):

if (guest && x->global->encryption_required) {
        DEBUG(1,("reject guest session as encryption is required\n"));
        return NT_STATUS_ACCESS_DENIED;
    }

if (guest_session && encryption_required) {
        DEBUG(1,("reject guest as encryption is required for service %s\n",
             service));
        return NT_STATUS_ACCESS_DENIED;
    }

相关内容