![Samba 配置,状态[NT_STATUS_ACCESS_DENIED],](https://linux22.com/image/718580/Samba%20%E9%85%8D%E7%BD%AE%EF%BC%8C%E7%8A%B6%E6%80%81%5BNT_STATUS_ACCESS_DENIED%5D%EF%BC%8C.png)
我正在尝试使用 centos7 配置 samba 以便从 windows 10 客户端访问。
日志级别 = 1重新安装 centos 后,我使用了来自同一服务器的以前正常工作的 smb.conf。
日志级别 = 10 您实际上可以跳过阅读此内容,这是第 10 级详细信息。
开始
我对配置 Linux 服务器还很陌生,我熟悉基本的 Linux 命令ls chmod chown ...,
我跟着本文在 wlan 网络上配置安全共享,然后与同事一起测试,一切正常,只是他没有共享的执行权限,路径是/home/CompanyFiles/All
所以我执行了cd /home/
然后chmod -R 777 /
然后我成功更改了整个 centos 文件的权限并破坏了 centos 安装。
经过一番谷歌搜索后,我决定重新安装 centos 比尝试从 chmod 命令中恢复更好,而且由于我只在其上安装了 samba,因此这是可行的,所以我将 smb.conf 复制到另一台机器,重新安装了 centos 并重新安装了 samba,然后我使用了旧的 smb.conf。
结尾
smb.conf:
[global]
workgroup = WORKGROUP
security = user
map to guest = Bad User
printing = cups
printcap name = cups
load printers = yes
cups options = raw
log level = 4
#ntlm auth = yes
passdb backend = tdbsam
netbios name = adServer
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browsable = No
read only = No
inherit acls = Yes
[CompanyFiles]
path = /home/CompanyFiles
guest ok = yes
browsable = no
writable = yes
[All]
comment = Company Access
path = /home/CompanyFiles/All
guest ok = no
browsable = yes
writable = yes
#access based share enum = yes
文件夹的权限是:
drwxrwx--x. 3 everyad adusers 17 Feb 26 09:32 CompanyFiles
drwxrwx--x. 2 everyad adusers 42 Feb 26 11:43 All
其中所有用户都是 adusers 组的成员。
尝试访问的用户也是在 smb 上使用以下方式创建的smbpasswd -a username
但是当我尝试从 Windows 10 访问服务器时出现以下错误
您没有权限访问服务器...
请注意,我删除了 Samba 并重新安装,但没有成功。
当制作日志级别 4 时我收到status[NT_STATUS_ACCESS_DENIED],但使用较低级别时我没有收到错误。
[2018/03/07 12:16:46.480678, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2018/03/07 12:16:46.480788, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.480835, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.480864, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.480913, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.481098, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2018/03/07 12:16:46.481145, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.481172, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.481202, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.481244, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.481407, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.481671, 4] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair)
Create of internal pipe srvsvc requested
[2018/03/07 12:16:46.485044, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.485191, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485232, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485286, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.485387, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.485519, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2018/03/07 12:16:46.485564, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485593, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.485617, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.485662, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.486887, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.647037, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.647199, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.647244, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.647280, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.647399, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.647849, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.648141, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2018/03/07 12:16:46.648192, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req)
check_bind_req for srvsvc context_id=0
[2018/03/07 12:16:46.648242, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2018/03/07 12:16:46.762983, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2018/03/07 12:16:46.807647, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.807736, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.807758, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.807777, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.807808, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.816357, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.816537, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(1006, 1014) : sec_ctx_stack_ndx = 1
[2018/03/07 12:16:46.816566, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 1
[2018/03/07 12:16:46.816606, 4] ../source3/rpc_server/srv_pipe.c:1434(api_rpcTNP)
api_rpcTNP: srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO
[2018/03/07 12:16:46.816664, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
pop_sec_ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.845244, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.845361, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.845381, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.845393, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.845409, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.845461, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.859382, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.859442, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.859458, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:46.859467, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:46.859482, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2449
[2018/03/07 12:16:46.859547, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:46.859580, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_FS_DRIVER_REQUIRED] || at ../source3/smbd/smb2_ioctl.c:309
[2018/03/07 12:16:48.603901, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1006, 1014) - sec_ctx_stack_ndx = 0
[2018/03/07 12:16:48.604057, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:48.604105, 4] ../source3/smbd/vfs.c:874(vfs_ChDir)
vfs_ChDir to /home/CompanyFiles/All
[2018/03/07 12:16:48.604171, 3] ../source3/smbd/service.c:102(set_current_service)
chdir (/home/CompanyFiles/All) failed, reason: Permission denied
[2018/03/07 12:16:48.604228, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c
在线搜索总是导致 selinux 内容、防火墙或权限:
selinux 是宽容的
防火墙已禁用
仍然遇到同样的问题
答案1
我终于解决了这个问题。
首先,我使用net use * /delete命令行从 Windows 10 中删除了现有连接,因为凭据已保存,并且我在服务器上更改了它们
另外由于某种原因,我必须smbpasswd在 /etc/samba/smb.conf 中指定:passdb backend = smbpasswd在[global]部分中
/home 权限也是错误的,并且我的所有共享都在 /home 中,因此我将权限重置为 755:chmod -R 755 /home
然后我根据需要重置所有共享权限和组访问。
答案2
我们遇到了 [NT_STATUS_ACCESS_DENIED] 错误,用户可以访问他们的 HOME 共享,但不能访问任何其他共享。
/var/log/samba/__ffff_172.16.0.35.log:
[2019/03/05 11:26:53.914706,1] smbd/service.c:678(make_connection_snum)create_connection_server_info 失败:NT_STATUS_ACCESS_DENIED
这是由于 SAMBA 和 WINBIND 服务器运行时域控制器重新启动而导致的。只需重新启动 winbind 和 smb 服务即可解决该问题。
一个小修复;但值得一提
答案3
我也遇到过这种情况,使用 Fedora 上的最新 Samba。当我尝试从 Windows 创建/写入/删除 Samba 共享子目录中的文件和文件夹时,莫名其妙地收到“访问被拒绝”响应。奇怪的是,更改根文件夹中的文件却没有问题。
我将设置从 更改passdb backend = tdbsam为passdb backend = smbpasswd,然后smbpasswd -a myuser重新添加我的用户和密码,并重新启动 smb 服务。这为我解决了问题。
答案4
Apparmor 也可能是原因。您需要将所有共享位置列入白名单,否则您将始终收到“权限被拒绝”错误。
修复正在添加到/etc/apparmor.d/local/usr.sbin.smbd:
"/path_to_share/" rk,
"/path_to_share/**" lrwk,
对于每个共享。(第一行允许对基目录进行读访问,第二行递归地允许对该基目录中的所有内容进行读写访问)
来源:https://wiki.archlinux.org/title/Samba#Permission_issues_on_AppArmor