在客户端上使用“AllowInsecureGuestAuth”即可访问 Samba (Linux) 文件共享

在客户端上使用“AllowInsecureGuestAuth”即可访问 Samba (Linux) 文件共享

自 Windows 10 1709 更新以来,我必须在所有 Windows 10 客户端上设置注册表项,因为 MS 默认禁用了来宾帐户访问超级用户 多发性硬化症 科技之旅

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001

MS 建议:

推荐的解决方案是在您的 NAS 设备上添加一个明确的帐户和密码 [...]

我已经进行了此设置。要访问 Samba 服务器上的共享,您必须输入用户名和密码,但如果不设置上述注册表项,客户端 PC 甚至无法列出 Samba 服务器上可用的文件共享。我的配置有什么问题?

[global]
workgroup = <censored>
server string = <censored>
interfaces = lo enp3s0 <censored>/25
bind interfaces only = yes
hosts allow = 127. <censored>

allow insecure wide links = yes

log file = /var/log/samba/log.%m
max log size = 50
log level = 1

# Standalone Server Options 
security = user
passdb backend = tdbsam

map to guest = Bad User
guest account = nobody

smb encrypt = auto

# Browser Control Options 
local master = yes
os level = 255
preferred master = yes
domain master = yes

# Name Resolution 
wins support = yes

# Share Definitions 
[home]
comment = <censored>
path = /home
public = no
browseable = yes
writable = yes
create mode = 0660
directory mode = 0770
veto files = /lost+found/pub/user/backupbot/

[public]
comment = <censored>
path = /home/pub/
public = no
browseable = yes
writable = yes
create mode = 0660
directory mode = 2770
veto files = /TempDrive/Papierkorb/
inherit permissions = Yes

# allow access from public to media/extra/Software 
follow symlinks = yes
wide links = yes

答案1

解决方案:

map to guest = Never

问题是

map to guest = Bad User

桑巴

请注意,设置“Guest”共享服务时需要此参数。这是因为在这些模式下,请求的资源名称直到服务器成功验证客户端后才会发送到服务器,因此服务器无法在正确的时间(连接到共享)为“Guest”共享做出身份验证决定。

禁用映射到客户机(即使用默认的“映射到客户机 = 从不”)后,Windows 10(1709 及以上)客户端计算机可以连接,但我也不完全明白为什么。如果您能解释这一点,请发表评论。

答案2

上述解决方案对我没有帮助。我在另一个网站的评论

**ADD THESE LINES**
[global]
client min protocol = SMB3
client max protocol = SMB3
restrict anonymous = 2

**REMOVE ANY**
map to guest
guest ok

这似乎提高了 Windows10 客户端的安全标准,并强制使用正确的连接。这也应该适用于 Windows8 客户端,因为它们也支持3. SMB3(超级存储3)

相关内容