为什么 Samba 拒绝客户端浏览访问,因为没有加密/签名,即使已禁用?

tag-icon tag-icon networking server 20.04 samba
为什么 Samba 拒绝客户端浏览访问,因为没有加密/签名,即使已禁用?

我在 Ubuntu 20.04 LTS Server 上运行 Samba 版本 4.11.6。Ubuntu 和 Windows 10 客户端能够直接按名称访问共享,但尝试浏览服务器的共享失败,因为客户端对 IPC$ 共享的请求由于缺乏加密或请求签名而被拒绝,即使服务器配置为不需要加密或签名:

smb.conf:

[global]
   nt pipe support = no
   netbios name = fileserver
   workgroup = WORKGROUP
   server string = %h
   dns proxy = yes
   name resolve order = lmhosts host wins bcast
   interfaces = enp1s0 lo
   bind interfaces only = yes
   log level = 9
   max log size = 1000
   panic action = /usr/share/samba/panic-action %d
   security = user
   map to guest = bad user
   guest account = nobody
   force group = +mydocs
   encrypt passwords = true
   passdb backend = tdbsam
   invalid users = root
   domain logons = no
   load printers = no
   socket options = TCP_NODELAY
   client max protocol = default
   local master = yes
   preferred master = yes
   os level = 65
   guest ok = yes
   client ipc signing = off
   smb encrypt = off


[my_documents]
   comment = My Documents
   path = /export/share/my_documents
   browseable = yes
   writable = yes
   create mask = 0775
   guest ok = yes

日志.smbd:

[2020/08/02 16:17:36.842128,  4] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2020/08/02 16:17:36.842185,  5] ../../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2020/08/02 16:17:36.842221,  5] ../../source3/auth/token_util.c:873(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2020/08/02 16:17:36.842282,  5] ../../source3/smbd/uid.c:503(smbd_change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2020/08/02 16:17:36.842361,  1] ../../source3/smbd/smb2_tcon.c:229(smbd_smb2_tree_connect)
  smbd_smb2_tree_connect: reject request to share [IPC$] as 'FILESERVER\james' without encryption or signing. Disconnecting.
[2020/08/02 16:17:36.842405,  3] ../../source3/smbd/smb2_server.c:3254(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_tcon.c:142

我还尝试在路径 /tmp 上明确定义一个 IPC$ 共享(尽管这不是必需的),并禁用加密和签名并启用访客访问,没有区别。

有任何想法吗?

或者,我可以使用一些 Windows-fu 来使其签署和/或加密 IPC$ 请求吗?

相关内容