列出 Samba 共享时访问被拒绝

tag-icon tag-icon samba file-sharing samba4 ubuntu-20.04
列出 Samba 共享时访问被拒绝

我已安装 Samba 来与 Windows 10 计算机共享文件。该设置可以正常工作,可以使用其路径(例如)访问单个共享\\myhost\sejf,但列出共享\\myhost会失败,并拒绝访问。我尝试调查各种可能的选项,但都没有成功。我在另一台机器(Raspbian)上有一个非常相似的设置,在那里我没有遇到任何问题,所以我怀疑它可能与机器上的操作系统 Ubuntu 20.04 有关。

我的 samba 配置(由 Ansible 角色创建,但这并不重要):

[global]
  # Server information
  netbios name = MYHOST
  workgroup = WORKGROUP
  server string = Fileserver %m


  # Logging
  logging = syslog

  # Authentication
  security = user
  passdb backend = tdbsam
  map to guest = never

  # Name resolution: make sure \\NETBIOS_NAME\ works
  wins support = yes
  local master = yes
  domain master = yes
  preferred master = yes

  # Don't load printers
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes

  # Fix for CVE-2017-7494 in Samba versions from 3.5.0 and before 4.6.4
  # https://access.redhat.com/security/cve/cve-2017-7494
  nt pipe support = no

  include = /etc/samba/samba.global.conf


## Shared directories
[sejf]
  path = /srv/sejf
  public = no
  create mode = 0664
  force create mode = 0664
  directory mode = 0775
  force directory mode = 0775
  owner = minidlna

以及包含的文件samba.global.conf

hide files = /lost+found/
server role = standalone server
max log size = 1000000

protocol = SMB3

valid users = @sambashare
write list = @sambashare
guest ok = yes
writable = yes
browseable = yes
group = sambashare

我尝试强制使用该协议protocol = SMB3,但无论是否使用该协议,都会出现相同的错误。

然后我尝试列出股票smbclient并收到这个奇怪的错误:

% smbclient -L //myhost/ -U guest
Unable to initialize messaging context
Enter WORKGROUP\guest's password:

        Sharename       Type      Comment
        ---------       ----      -------
smb1cli_req_writev_submit: called for dialect[SMB3_11] server[192.168.49.105]
Error returning browse list: NT_STATUS_REVISION_MISMATCH
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available

我在另一台可以进行浏览的服务器上也遇到了这个错误Failed to connect with SMB1 -- no workgroup available,所以这显然与该问题无关。

答案1

我也用同样的ansible 角色管理我的 Samba 共享,我也遇到了同样的问题。我认为您遇到的问题是由 CVE 缓解措施引起的

  nt pipe support = no

显然,RCE 是有问题的,但 ansible 角色中的版本检查有问题——我运行的是 4.13,它仍然包含缓解措施。在我的配置中手动禁用它

samba_mitigate_cve_2017_7494: false

帮我修好了东西。

相关内容