自 Windows 10 1709 更新以来,我必须在所有 Windows 10 客户端上设置注册表项,因为 MS 默认禁用了来宾帐户访问超级用户 多发性硬化症 科技之旅:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001
MS 建议:
推荐的解决方案是在您的 NAS 设备上添加一个明确的帐户和密码 [...]
我已经进行了此设置。要访问 Samba 服务器上的共享,您必须输入用户名和密码,但如果不设置上述注册表项,客户端 PC 甚至无法列出 Samba 服务器上可用的文件共享。我的配置有什么问题?
[global]
workgroup = <censored>
server string = <censored>
interfaces = lo enp3s0 <censored>/25
bind interfaces only = yes
hosts allow = 127. <censored>
allow insecure wide links = yes
log file = /var/log/samba/log.%m
max log size = 50
log level = 1
# Standalone Server Options
security = user
passdb backend = tdbsam
map to guest = Bad User
guest account = nobody
smb encrypt = auto
# Browser Control Options
local master = yes
os level = 255
preferred master = yes
domain master = yes
# Name Resolution
wins support = yes
# Share Definitions
[home]
comment = <censored>
path = /home
public = no
browseable = yes
writable = yes
create mode = 0660
directory mode = 0770
veto files = /lost+found/pub/user/backupbot/
[public]
comment = <censored>
path = /home/pub/
public = no
browseable = yes
writable = yes
create mode = 0660
directory mode = 2770
veto files = /TempDrive/Papierkorb/
inherit permissions = Yes
# allow access from public to media/extra/Software
follow symlinks = yes
wide links = yes
答案1
解决方案:
map to guest = Never
问题是
map to guest = Bad User
桑巴说
请注意,设置“Guest”共享服务时需要此参数。这是因为在这些模式下,请求的资源名称直到服务器成功验证客户端后才会发送到服务器,因此服务器无法在正确的时间(连接到共享)为“Guest”共享做出身份验证决定。
禁用映射到客户机(即使用默认的“映射到客户机 = 从不”)后,Windows 10(1709 及以上)客户端计算机可以连接,但我也不完全明白为什么。如果您能解释这一点,请发表评论。
答案2
上述解决方案对我没有帮助。我在另一个网站的评论:
**ADD THESE LINES**
[global]
client min protocol = SMB3
client max protocol = SMB3
restrict anonymous = 2
**REMOVE ANY**
map to guest
guest ok
这似乎提高了 Windows10 客户端的安全标准,并强制使用正确的连接。这也应该适用于 Windows8 客户端,因为它们也支持3. SMB3(超级存储3)。