Linux

Debian 10 samba (smb) 共享 - 無法與任何作業系統連接

  • September 22, 2020

我正在嘗試從 Debian 10 伺服器部署 samba 共享,我打算將其用於 Windows、Mac OS X 和其他 Debian 10 機器。

我已經在這里工作了幾天,無法使用任何機器連接到它,無論是公共共享還是私人共享。

部分問題是我不知道應該在我的 samba 配置文件中添加什麼。

我需要在配置中放入最少多少東西才能使某些基本工作正常工作。(公開分享,沒有安全性——我現在不在乎。)

我有一個理論認為 samba 與 nextcloud 衝突。我相信是這種情況,因為當我smbtree從網路上的另一台 Linux 機器執行時,它會獲取 nextcloud 伺服器的 IP 地址,該伺服器正在(或曾經)在 Debian 10 伺服器上的 VM 上執行。

我現在在嘗試解決這個問題時禁用了這個虛擬機,但仍然沒有成功。

這是我smbclient使用伺服器 IP 在伺服器上執行的輸出。(本身)

smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password: 

   Sharename       Type      Comment
   ---------       ----      -------
   share           Disk      
   IPC$            IPC       IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available

以下是我的內容/etc/samba/smb.conf

[global]

  log level = 3

  workgroup = WORKGROUP
  hosts allow = 192.168.1.
  security = user
  max protocol = SMB3
  min protocol = SMB2

  log file = /var/log/samba/log.%m

  max log size = 1000

  logging = file

  panic action = /usr/share/samba/panic-action %d

  server role = standalone server

  obey pam restrictions = yes


  unix password sync = yes

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .


  pam password change = yes

  map to guest = bad user
  usershare allow guests = yes

[share]
 path = /smbshare
 writable = yes
 create mode = 0770
 directory mode = 0770
 share modes = yes
 guest ok = no
 valid users = @smbgroup

這是我的testparm

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
   log file = /var/log/samba/log.%m
   logging = file
   map to guest = Bad User
   max log size = 1000
   obey pam restrictions = Yes
   pam password change = Yes
   panic action = /usr/share/samba/panic-action %d
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   passwd program = /usr/bin/passwd %u
   security = USER
   server min protocol = SMB2
   server role = standalone server
   unix password sync = Yes
   usershare allow guests = Yes
   idmap config * : backend = tdb
   hosts allow = 192.168.1.


[share]
   create mask = 0770
   directory mask = 0770
   path = /smbshare
   read only = No
   valid users = @smbgroup

任何幫助,將不勝感激。我對此很陌生,所以我真的不知道如何調試任何東西。我重新啟動了 smbd 和 nmbd 服務,並檢查了狀態。沒有明顯的問題。

我還在這台機器上執行了一個 nfs 共享,效果很好。我認為這不會引起任何衝突。

日誌

我仍在使用配置文件來嘗試讓某些東西正常工作……這是生成這些日誌時的樣子。


[global]

  log level = 3

  workgroup = WORKGROUP

  log file = /var/log/samba/log.%m

  max log size = 1000

  logging = file

  panic action = /usr/share/samba/panic-action %d

  server role = standalone server

  obey pam restrictions = yes

  unix password sync = yes

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

  pam password change = yes

  map to guest = bad user

  usershare allow guests = yes


[Share]
 path = /smbshare
 writable = yes
 create mode = 0770
 directory mode = 0770
 guest ok = yes

第一個日誌…

[2020/08/12 13:34:31.940912,  3] ../lib/util/access.c:365(allow_access)
 Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997,  3] ../source3/smbd/service.c:603(make_connection_snum)
 make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
 Initialising default vfs hooks
[2020/08/12 13:34:31.941081,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
 Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226,  3] ../source3/smbd/service.c:849(make_connection_snum)
 debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097,  3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
 api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132,  3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
 check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158,  3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
 check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207,  3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
 api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286,  1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
 Failed to fetch record!
[2020/08/12 13:34:31.944309,  1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
 pcap cache not loaded
[2020/08/12 13:34:31.945757,  3] ../source3/smbd/service.c:1129(close_cnum)
 debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
 Server exit (NT_STATUS_END_OF_FILE)

和另一個

[2020/08/12 13:34:31.940912,  3] ../lib/util/access.c:365(allow_access)
 Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997,  3] ../source3/smbd/service.c:603(make_connection_snum)
 make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
 Initialising default vfs hooks
[2020/08/12 13:34:31.941081,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
 Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226,  3] ../source3/smbd/service.c:849(make_connection_snum)
 debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097,  3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
 api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132,  3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
 check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158,  3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
 check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207,  3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
 api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286,  1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
 Failed to fetch record!
[2020/08/12 13:34:31.944309,  1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
 pcap cache not loaded
[2020/08/12 13:34:31.945757,  3] ../source3/smbd/service.c:1129(close_cnum)
 debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
 Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110 
[2020/08/12 13:34:30.779090,  3] ../source3/smbd/oplock.c:1389(init_oplocks)
 init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168,  3] ../source3/smbd/process.c:1956(process_smb)
 Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370,  3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
 Selected protocol SMB3_11
[2020/08/12 13:34:30.782362,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
 GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118,  3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
 Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422,  3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
 Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480,  3] ../source3/param/loadparm.c:3872(lp_load_ex)
 lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564,  3] ../source3/param/loadparm.c:548(init_globals)
 Initialising global parameters
[2020/08/12 13:34:31.935674,  3] ../source3/param/loadparm.c:2786(lp_do_section)
 Processing section "[global]"
[2020/08/12 13:34:31.935928,  2] ../source3/param/loadparm.c:2803(lp_do_section)
 Processing section "[Share]"
[2020/08/12 13:34:31.936030,  3] ../source3/param/loadparm.c:1621(lp_add_ipc)
 adding IPC service
[2020/08/12 13:34:31.936070,  3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
 check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093,  3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
 check_ntlm_password:  mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302,  3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
 Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461,  3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
 ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488,  3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
 ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519,  3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
 ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748,  2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
 check_ntlm_password:  Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834,  2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
 Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445] 
 {"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017,  3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
 gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072,  3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
 smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149,  3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
 Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042,  3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
 Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078,  3] ../source3/param/loadparm.c:3872(lp_load_ex)
 lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142,  3] ../source3/param/loadparm.c:548(init_globals)
 Initialising global parameters
[2020/08/12 13:34:31.939241,  3] ../source3/param/loadparm.c:2786(lp_do_section)
 Processing section "[global]"
[2020/08/12 13:34:31.939493,  2] ../source3/param/loadparm.c:2803(lp_do_section)
 Processing section "[Share]"
[2020/08/12 13:34:31.939582,  3] ../source3/param/loadparm.c:1621(lp_add_ipc)
 adding IPC service
[2020/08/12 13:34:31.939611,  3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
 check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630,  3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
 check_ntlm_password:  mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656,  3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
 auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695,  3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
 Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445] 
 {"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}

我想我找到了問題所在:您提到您不需要安全性,所以我猜您沒有添加任何使用者並執行smbpasswd. 使用者user可能是您登錄 Debian 系統的使用者。

然而,在您的配置中,您擁有security = user,這意味著使用者身份驗證。

因此,對於沒有身份驗證,您只需要:

[global]
       map to guest = Bad User

[Share]
       path = /smbshare
       read only = no
       guest ok = yes
       guest only = yes

(我檢查了samba wiki以獲取所需的配置)

好的,這是不使用 SMBv1 的僅限訪客共享所需的最低要求:

[global]
   security = USER
   map to guest = Bad User
   client min protocol = SMB2
   server min protocol = SMB2

[share]
   path = /smbshare
   read only = No
   guest ok = yes
   guest only = yes

當您開始工作並想要經過身份驗證的使用者時,請閱讀“man smb.conf”

引用自:https://unix.stackexchange.com/questions/604137

相關問答

Linux

Samba Fileshare:是否可以創建受密碼保護的公共(訪客)共享?

  • August 17, 2020
檢視問答
Debian

QEMU:將 Tails-VM 連接到主機上的 Samba 網路共享時出現問題

  • May 19, 2019
檢視問答
Linux

如何更改 Samba 伺服器描述

  • August 21, 2018
檢視問答
Linux

基於 Linux 的 SMB 共享:只能使用 Windows 的所有者帳戶訪問

  • June 9, 2018
檢視問答
Linux

將最舊的文件放在 smbclient 上的 log.txt 中

  • March 8, 2018
檢視問答
Debian

Tails:如何將 Tails 連接到 Samba 網路共享?

  • January 21, 2018
檢視問答