저는 Windows, Mac OS X 및 기타 Debian 10 컴퓨터에서 모두 사용하려는 Debian 10 서버에서 삼바 공유를 배포하려고 합니다.
나는 며칠 동안 이 일을 해왔지만 공개 공유나 비공개 공유 등 어떤 컴퓨터로도 연결할 수 없었습니다.
문제의 일부는 삼바 구성 파일에 무엇을 넣어야 할지 모른다는 것입니다.
기본적인 작업을 수행하기 위해 구성에 넣어야 하는 최소한의 항목은 얼마입니까? (공개 공유, 보안 없음 - 지금은 신경 쓰지 않습니다.)
Samba가 nextcloud와 충돌한다는 이론이 있습니다. 나는 smbtree네트워크의 다른 Linux 시스템에서 실행할 때 Debian 10 서버의 VM에서 실행 중이거나 실행 중이었던 nextcloud 서버의 IP 주소를 선택하기 때문에 이것이 사실이라고 생각합니다 .
이제 이 문제를 해결하려고 시도하는 동안 이 VM을 비활성화했지만 여전히 성공하지 못했습니다.
smbclient이것은 서버의 IP를 사용하여 서버에서 실행한 의 출력입니다 . (그 자체)
smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password:
Sharename Type Comment
--------- ---- -------
share Disk
IPC$ IPC IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available
내 내용은 다음과 같습니다./etc/samba/smb.conf
[global]
log level = 3
workgroup = WORKGROUP
hosts allow = 192.168.1.
security = user
max protocol = SMB3
min protocol = SMB2
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
valid users = @smbgroup
이것은 나의testparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
security = USER
server min protocol = SMB2
server role = standalone server
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
hosts allow = 192.168.1.
[share]
create mask = 0770
directory mask = 0770
path = /smbshare
read only = No
valid users = @smbgroup
어떤 도움이라도 주시면 감사하겠습니다. 나는 이것에 아주 익숙하지 않기 때문에 실제로 디버깅하는 방법을 모릅니다. smbd 및 nmbd 서비스를 다시 시작하고 상태를 확인했습니다. 명백한 문제는 없었습니다.
또한 이 컴퓨터에서 nfs 공유를 실행했는데 잘 작동합니다. 나는 이것이 어떤 충돌도 일으키지 않는다고 가정합니다.
로그
저는 여전히 뭔가 작동하도록 구성 파일을 가지고 놀고 있습니다. 로그가 생성되었을 때의 모습은 다음과 같습니다.
[global]
log level = 3
workgroup = WORKGROUP
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[Share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
guest ok = yes
첫 번째 로그...
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
그리고 또 다른
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110
[2020/08/12 13:34:30.779090, 3] ../source3/smbd/oplock.c:1389(init_oplocks)
init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2020/08/12 13:34:30.782362, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.935674, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.935928, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.936030, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.936070, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302, 3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461, 3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488, 3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519, 3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834, 2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017, 3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.939241, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.939493, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.939582, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.939611, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656, 3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695, 3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}
답변1
문제를 파악한 것 같습니다. 보안을 원하지 않는다고 언급했기 때문에 사용자를 추가하지 않고 실행한 것 같습니다 smbpasswd. 사용자는 user데비안 시스템에 로그인한 사용자일 수 있습니다.
그러나 구성에는 security = user사용자 인증을 의미하는 이 있습니다.
따라서 인증이 필요하지 않은 경우 다음만 필요합니다.
[global]
map to guest = Bad User
[Share]
path = /smbshare
read only = no
guest ok = yes
guest only = yes
(나는 확인했다삼바 위키필요한 구성을 위해)
답변2
좋습니다. SMBv1을 사용하지 않는 게스트 전용 공유에 필요한 최소값은 다음과 같습니다.
[global]
security = USER
map to guest = Bad User
client min protocol = SMB2
server min protocol = SMB2
[share]
path = /smbshare
read only = No
guest ok = yes
guest only = yes
작동이 완료되고 인증된 사용자를 원할 때 'man smb.conf'를 읽으십시오.