我有一个在 ubuntu 上托管的、运行良好的 SAMBA(版本 4.3.11)共享。
SAMBA 共享对任何用户开放(本地内联网)
我添加加密设置后,流量已加密但突然间开始提示输入凭证。
[global]
server signing = mandatory
smb encrypt = mandatory
client signing = mandatory
...
以下是共享设置示例:
[Share1]
path = /mnt1/Share1
guest ok = Yes
browseable = no
writable = yes
force user = ShareUser
force group = ShareGroup
create mask = 0770
directory mask = 0770
hosts allow = ...list of IPs for white-listing....
hosts deny = 0.0.0.0/0
delete readonly = yes
以下是全局设置:
[global]
server signing = mandatory
smb encrypt = mandatory
client signing = mandatory
oplocks = yes
level2 oplocks = no
# New Windows switches
dos filemode = yes
dos filetime resolution = yes
dos filetimes = yes
map acl inherit = yes
inherit acls = yes
inherit owner = yes
inherit permissions = yes
store dos attributes = yes
follow symlinks=yes
wide links = yes
unix extensions = no
strict locking = no
aio read size = 16384
aio write size = 16384
log file = /var/log/samba/samba.log
log level = 2
guest account = nobody
map to guest = Bad User
case sensitive = yes
我想要一个有加密但不需要身份验证的共享
任何帮助都将受到赞赏。
答案1
线路加密需要使用唯一密钥来加密数据包,并在另一端使用相同的唯一密钥进行解密。签名和加密密钥对于每个用户都是唯一的,并且在用户每次连接时验证自身身份时生成。
答案2
还弄清楚了更多细节。
无法同时开启加密和开启访客(无需身份验证)。
证明(来自 SAMBA 来源):
if (guest && x->global->encryption_required) {
DEBUG(1,("reject guest session as encryption is required\n"));
return NT_STATUS_ACCESS_DENIED;
}
和
if (guest_session && encryption_required) {
DEBUG(1,("reject guest as encryption is required for service %s\n",
service));
return NT_STATUS_ACCESS_DENIED;
}