Registros

Registros

Estoy intentando implementar un recurso compartido de samba desde un servidor Debian 10, que pretendo usar con Windows, Mac OS X y otras máquinas Debian 10.

He estado en esto durante unos días y no he podido conectarme con ninguna máquina, ya sea pública o privada.

Parte del problema es que no sé qué debo poner en mi archivo de configuración de samba.

¿Cuál es la cantidad mínima de cosas que necesito poner en la configuración para que algo básico funcione? (Compartición pública, sin seguridad; eso no me importa en este momento).

Tengo la teoría de que samba entra en conflicto con nextcloud. Creo que este es el caso porque cuando ejecuto smbtreedesde otra máquina Linux en la red, recoge la dirección IP del servidor nextcloud, que se está ejecutando (o estaba) ejecutándose en una máquina virtual en el servidor Debian 10.

Ahora deshabilité esta máquina virtual mientras intento resolver esto, pero todavía no tuve éxito.

Este es mi resultado de smbclient, que ejecuté en el servidor, usando la IP del servidor. (sí mismo)

smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password: 

    Sharename       Type      Comment
    ---------       ----      -------
    share           Disk      
    IPC$            IPC       IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available

Aquí está el contenido de mi/etc/samba/smb.conf

[global]

   log level = 3

   workgroup = WORKGROUP
   hosts allow = 192.168.1.
   security = user
   max protocol = SMB3
   min protocol = SMB2

   log file = /var/log/samba/log.%m

   max log size = 1000

   logging = file

   panic action = /usr/share/samba/panic-action %d

   server role = standalone server

   obey pam restrictions = yes


   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .


   pam password change = yes

   map to guest = bad user
   usershare allow guests = yes

[share]
  path = /smbshare
  writable = yes
  create mode = 0770
  directory mode = 0770
  share modes = yes
  guest ok = no
  valid users = @smbgroup

Este es mitestparm

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
    log file = /var/log/samba/log.%m
    logging = file
    map to guest = Bad User
    max log size = 1000
    obey pam restrictions = Yes
    pam password change = Yes
    panic action = /usr/share/samba/panic-action %d
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    passwd program = /usr/bin/passwd %u
    security = USER
    server min protocol = SMB2
    server role = standalone server
    unix password sync = Yes
    usershare allow guests = Yes
    idmap config * : backend = tdb
    hosts allow = 192.168.1.


[share]
    create mask = 0770
    directory mask = 0770
    path = /smbshare
    read only = No
    valid users = @smbgroup

Cualquier ayuda sería apreciada. Soy bastante nuevo en esto, así que realmente no sé cómo depurar nada. Reinicié los servicios smbd y nmbd y verifiqué el estado. No hubo problemas obvios.

También ejecuto un recurso compartido nfs en esta máquina y funciona bien. Supongo que esto no causa ningún conflicto.

Registros

Todavía estoy jugando con el archivo de configuración para intentar que algo funcione... así es como se veía cuando se generaron estos registros.


[global]

   log level = 3

   workgroup = WORKGROUP

   log file = /var/log/samba/log.%m

   max log size = 1000

   logging = file

   panic action = /usr/share/samba/panic-action %d

   server role = standalone server

   obey pam restrictions = yes

   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

   map to guest = bad user

   usershare allow guests = yes


[Share]
  path = /smbshare
  writable = yes
  create mode = 0770
  directory mode = 0770
  guest ok = yes

primer registro...

[2020/08/12 13:34:31.940912,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997,  3] ../source3/smbd/service.c:603(make_connection_snum)
  make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2020/08/12 13:34:31.941081,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226,  3] ../source3/smbd/service.c:849(make_connection_snum)
  debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097,  3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
  api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132,  3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
  check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158,  3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
  check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207,  3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
  api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286,  1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
  Failed to fetch record!
[2020/08/12 13:34:31.944309,  1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
  pcap cache not loaded
[2020/08/12 13:34:31.945757,  3] ../source3/smbd/service.c:1129(close_cnum)
  debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)

y otro

[2020/08/12 13:34:31.940912,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997,  3] ../source3/smbd/service.c:603(make_connection_snum)
  make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2020/08/12 13:34:31.941081,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226,  3] ../source3/smbd/service.c:849(make_connection_snum)
  debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097,  3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
  api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132,  3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
  check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158,  3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
  check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207,  3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
  api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286,  1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
  Failed to fetch record!
[2020/08/12 13:34:31.944309,  1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
  pcap cache not loaded
[2020/08/12 13:34:31.945757,  3] ../source3/smbd/service.c:1129(close_cnum)
  debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110 
[2020/08/12 13:34:30.779090,  3] ../source3/smbd/oplock.c:1389(init_oplocks)
  init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168,  3] ../source3/smbd/process.c:1956(process_smb)
  Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370,  3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_11
[2020/08/12 13:34:30.782362,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118,  3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422,  3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
  Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480,  3] ../source3/param/loadparm.c:3872(lp_load_ex)
  lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564,  3] ../source3/param/loadparm.c:548(init_globals)
  Initialising global parameters
[2020/08/12 13:34:31.935674,  3] ../source3/param/loadparm.c:2786(lp_do_section)
  Processing section "[global]"
[2020/08/12 13:34:31.935928,  2] ../source3/param/loadparm.c:2803(lp_do_section)
  Processing section "[Share]"
[2020/08/12 13:34:31.936030,  3] ../source3/param/loadparm.c:1621(lp_add_ipc)
  adding IPC service
[2020/08/12 13:34:31.936070,  3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093,  3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302,  3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461,  3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
  ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488,  3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
  ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519,  3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
  ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748,  2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834,  2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
  Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445] 
  {"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017,  3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
  gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072,  3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149,  3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042,  3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
  Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078,  3] ../source3/param/loadparm.c:3872(lp_load_ex)
  lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142,  3] ../source3/param/loadparm.c:548(init_globals)
  Initialising global parameters
[2020/08/12 13:34:31.939241,  3] ../source3/param/loadparm.c:2786(lp_do_section)
  Processing section "[global]"
[2020/08/12 13:34:31.939493,  2] ../source3/param/loadparm.c:2803(lp_do_section)
  Processing section "[Share]"
[2020/08/12 13:34:31.939582,  3] ../source3/param/loadparm.c:1621(lp_add_ipc)
  adding IPC service
[2020/08/12 13:34:31.939611,  3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630,  3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656,  3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
  auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695,  3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
  Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445] 
  {"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}

Respuesta1

Creo que descubrí el problema: mencionas que no quieres seguridad, así que supongo que no agregaste ningún usuario y ejecutaste smbpasswd. El usuario userpuede ser el usuario con el que inicia sesión en su sistema Debian.

Sin embargo, en su configuración tiene security = user, lo que significa autenticación de usuario.

Entonces, para no autenticar solo necesitas:

[global]
        map to guest = Bad User

[Share]
        path = /smbshare
        read only = no
        guest ok = yes
        guest only = yes

(Lo comprobéwiki de sambapara la configuración necesaria)

Respuesta2

Bien, aquí está el mínimo que necesitas para compartir solo para invitados, que no usa SMBv1:

[global]
    security = USER
    map to guest = Bad User
    client min protocol = SMB2
    server min protocol = SMB2

[share]
    path = /smbshare
    read only = No
    guest ok = yes
    guest only = yes

Cuando tengas eso funcionando y luego quieras usuarios autenticados, lee 'man smb.conf'

información relacionada