Ich versuche, eine Samba-Freigabe von einem Debian 10-Server bereitzustellen, die ich sowohl mit Windows, Mac OS X als auch mit anderen Debian 10-Rechnern verwenden möchte.
Ich beschäftige mich jetzt schon seit einigen Tagen damit und konnte mit keiner Maschine (weder einer öffentlichen noch einer privaten Freigabe) eine Verbindung dazu herstellen.
Ein Teil des Problems besteht darin, dass ich nicht weiß, was ich in meine Samba-Konfigurationsdatei einfügen soll.
Wie viel muss ich mindestens in die Konfiguration eingeben, damit etwas Grundlegendes funktioniert? (Öffentliche Freigabe, keine Sicherheit – das ist mir im Moment egal.)
Ich habe die Theorie, dass Samba mit Nextcloud in Konflikt steht. Ich glaube, das ist der Fall, weil es, wenn ich es smbtreevon einem anderen Linux-Rechner im Netzwerk aus ausführe, die IP-Adresse des Nextcloud-Servers aufnimmt, der auf einer VM auf dem Debian 10-Server läuft (oder lief).
Ich habe diese VM jetzt deaktiviert, während ich versuche, das herauszufinden, aber noch immer ohne Erfolg.
Dies ist meine Ausgabe von smbclient, die ich auf dem Server unter Verwendung der IP des Servers (selbst) ausgeführt habe.
smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password:
Sharename Type Comment
--------- ---- -------
share Disk
IPC$ IPC IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available
Hier ist der Inhalt meiner/etc/samba/smb.conf
[global]
log level = 3
workgroup = WORKGROUP
hosts allow = 192.168.1.
security = user
max protocol = SMB3
min protocol = SMB2
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
valid users = @smbgroup
Das ist meintestparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
security = USER
server min protocol = SMB2
server role = standalone server
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
hosts allow = 192.168.1.
[share]
create mask = 0770
directory mask = 0770
path = /smbshare
read only = No
valid users = @smbgroup
Ich bin für jede Hilfe dankbar. Ich bin ziemlich neu hier und weiß nicht wirklich, wie man etwas debuggt. Ich habe die Dienste smbd und nmbd neu gestartet und den Status überprüft. Es gab keine offensichtlichen Probleme.
Ich betreibe auf diesem Rechner auch eine NFS-Freigabe, und die funktioniert einwandfrei. Ich gehe davon aus, dass dies keine Konflikte verursacht.
Protokolle
Ich spiele immer noch mit der Konfigurationsdatei, um zu versuchen, etwas zum Laufen zu bringen ... so sah es aus, als diese Protokolle generiert wurden.
[global]
log level = 3
workgroup = WORKGROUP
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[Share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
guest ok = yes
erstes Logbuch...
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
und ein anderer
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110
[2020/08/12 13:34:30.779090, 3] ../source3/smbd/oplock.c:1389(init_oplocks)
init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2020/08/12 13:34:30.782362, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.935674, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.935928, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.936030, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.936070, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302, 3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461, 3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488, 3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519, 3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834, 2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017, 3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.939241, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.939493, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.939582, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.939611, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656, 3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695, 3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}
Antwort1
Ich glaube, ich habe das Problem herausgefunden: Sie erwähnen, dass Sie keine Sicherheit wünschen, also nehme ich an, dass Sie keinen Benutzer hinzugefügt und ausgeführt haben smbpasswd. Benutzer userkann der Benutzer sein, mit dem Sie sich bei Ihrem Debian-System anmelden.
Doch in Ihrer Konfiguration haben Sie security = user, was Benutzerauthentifizierung bedeutet.
Für keine Authentifizierung benötigen Sie also nur:
[global]
map to guest = Bad User
[Share]
path = /smbshare
read only = no
guest ok = yes
guest only = yes
(Ich überprüfteSamba-Wikifür die erforderliche Konfiguration)
Antwort2
Okay, hier ist das Minimum, das Sie für eine Nur-Gast-Freigabe benötigen, die SMBv1 nicht verwendet:
[global]
security = USER
map to guest = Bad User
client min protocol = SMB2
server min protocol = SMB2
[share]
path = /smbshare
read only = No
guest ok = yes
guest only = yes
Wenn das funktioniert und Sie authentifizierte Benutzer wünschen, lesen Sie „man smb.conf“.