我已安装 Samba 来与 Windows 10 计算机共享文件。该设置可以正常工作,可以使用其路径(例如)访问单个共享\\myhost\sejf
,但列出共享\\myhost
会失败,并拒绝访问。我尝试调查各种可能的选项,但都没有成功。我在另一台机器(Raspbian)上有一个非常相似的设置,在那里我没有遇到任何问题,所以我怀疑它可能与机器上的操作系统 Ubuntu 20.04 有关。
我的 samba 配置(由 Ansible 角色创建,但这并不重要):
[global]
# Server information
netbios name = MYHOST
workgroup = WORKGROUP
server string = Fileserver %m
# Logging
logging = syslog
# Authentication
security = user
passdb backend = tdbsam
map to guest = never
# Name resolution: make sure \\NETBIOS_NAME\ works
wins support = yes
local master = yes
domain master = yes
preferred master = yes
# Don't load printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# Fix for CVE-2017-7494 in Samba versions from 3.5.0 and before 4.6.4
# https://access.redhat.com/security/cve/cve-2017-7494
nt pipe support = no
include = /etc/samba/samba.global.conf
## Shared directories
[sejf]
path = /srv/sejf
public = no
create mode = 0664
force create mode = 0664
directory mode = 0775
force directory mode = 0775
owner = minidlna
以及包含的文件samba.global.conf
:
hide files = /lost+found/
server role = standalone server
max log size = 1000000
protocol = SMB3
valid users = @sambashare
write list = @sambashare
guest ok = yes
writable = yes
browseable = yes
group = sambashare
我尝试强制使用该协议protocol = SMB3
,但无论是否使用该协议,都会出现相同的错误。
然后我尝试列出股票smbclient
并收到这个奇怪的错误:
% smbclient -L //myhost/ -U guest
Unable to initialize messaging context
Enter WORKGROUP\guest's password:
Sharename Type Comment
--------- ---- -------
smb1cli_req_writev_submit: called for dialect[SMB3_11] server[192.168.49.105]
Error returning browse list: NT_STATUS_REVISION_MISMATCH
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available
我在另一台可以进行浏览的服务器上也遇到了这个错误Failed to connect with SMB1 -- no workgroup available
,所以这显然与该问题无关。
答案1
我也用同样的ansible 角色管理我的 Samba 共享,我也遇到了同样的问题。我认为您遇到的问题是由 CVE 缓解措施引起的
nt pipe support = no
显然,RCE 是有问题的,但 ansible 角色中的版本检查有问题——我运行的是 4.13,它仍然包含缓解措施。在我的配置中手动禁用它
samba_mitigate_cve_2017_7494: false
帮我修好了东西。