Ubuntu
SAMBA:禁用匿名瀏覽共享?
使用 samba 2:4.7.6,基於 Ubuntu 18.04.3 LTS 的 Lubuntu 發行版
列舉共享時有沒有辦法強制 samba 請求有效憑據?
問題:Windows 10 版本 1903 記憶體會話憑據。
EnumShares2瀏覽 SMB 伺服器的共享時,它會使用匿名憑據列舉共享 ( ),這些憑據會被記憶體。隨後嘗試連接到需要身份驗證的共享失敗並顯示以下消息:不允許同一使用者使用多個使用者名與伺服器或共享資源建立多個連接。斷開與伺服器或共享資源的所有先前連接,然後重試。
在 Windows 10 1903 中,似乎沒有任何方法可以強制 Windows 在不重新啟動機器的情況下釋放匿名會話。
列舉遠端 Windows 電腦上的共享時不會出現此問題,因為自 Windows 1703(Server 2016?,不確定)以來已禁用共享的匿名瀏覽。
實際上,除非可以說服 samba 不使用匿名憑據列舉共享,否則 samba 共享幾乎 100% 的時間都無法在視窗 10 上訪問,因為使用者不太可能在沒有首先瀏覽伺服器共享的情況下連接到共享。
/var/log/samba 日誌文件中沒有明顯的錯誤。
@smbgroup 只包含一個使用者“smb”,它是專門為訪問共享而創建的。
我的 smb.conf 如下:
[global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = WORKGROUP # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = yes interfaces = 127.0.0.0/8 eth0 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### server role = standalone server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user # Maximum number of usershare. 0 (default) means that usershare is disabled. usershare max shares = 100 # Allow users who've been granted usershare privileges to create # public shares, not just authenticated ones usershare allow guests = yes #======================= Share Definitions ======================= # Added shares [Anonymous] path = /samba/anonymous browsable = yes writable = no read only = yes force user = nobody [SECURED] path = /samba/shares valid users = @smbgrp browsable = yes writable = yes read only = no
在您的全域部分中添加:
restrict anonymous = 2並更改允許客人,因為它取消了匿名限制:
usershare allow guests = no