我在 Debian Buster 上有一个从 Debian Stretch 升级的 Samba 服务器。这将 Samba 从 4.5.16 升级到 4.9.5。在此过程中,似乎对组的处理方式发生了变化。以前可以访问具有正确组成员身份的共享的用户现在无法再访问它们。
- 用户可以访问自己的主目录
- 用户可以访问访客共享
- 用户可以访问其主组的共享
- 用户无法访问其次要组的共享
smb.conf 文件的有效内容如下:
[global]
workgroup = EXAMPLE
realm = WIN.EXAMPLE.COM
security = ADS
server string = %h
wins server = 10.0.1.10 10.0.2.20
panic action = /usr/share/samba/panic-action %d
invalid users = root
server signing = required
ntlm auth = no
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
min protocol = SMB2
[guestshare]
path = /srv/guestshare
guest ok = yes
writeable = yes
[working]
path = /srv/working
guest ok = no
writable = yes
create mask = 0660
directory mask = 0770
valid users = +working
[notworking]
path = /srv/notworking
guest ok = no
writable = yes
create mask = 0660
directory mask = 0770
valid users = +notworking
用户可以访问客人共享和在职的股票,但不是不工作分享。
用户的组成员身份如下所示:
# id user
uid=1234(user) gid=10000(working) groups=10000(working),10010(notworking),10020(othergroup)
请告诉我这里缺少什么。