Estou tentando implantar um compartilhamento samba de um servidor Debian 10, que pretendo usar com Windows, Mac OS X e outras máquinas Debian 10.
Já estou nisso há alguns dias e não consegui me conectar a ele com nenhuma máquina, seja pública ou privada.
Parte do problema é que não sei o que devo colocar no meu arquivo de configuração do samba.
Qual é a quantidade mínima de coisas que preciso colocar na configuração para que algo básico funcione. (Compartilhamento público, sem segurança - não me importo com isso no momento.)
Tenho uma teoria de que o samba entra em conflito com o nextcloud. Acredito que seja esse o caso porque quando executo smbtreede outra máquina Linux na rede ele pega o endereço IP do servidor nextcloud, que está (ou estava) rodando em uma VM no servidor Debian 10.
Agora desabilitei esta VM enquanto tento descobrir isso, mas ainda não tive sucesso.
Esta é a minha saída do smbclient, que executei no servidor, usando o IP do servidor. (em si)
smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password:
Sharename Type Comment
--------- ---- -------
share Disk
IPC$ IPC IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available
Aqui está o conteúdo do meu/etc/samba/smb.conf
[global]
log level = 3
workgroup = WORKGROUP
hosts allow = 192.168.1.
security = user
max protocol = SMB3
min protocol = SMB2
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
valid users = @smbgroup
Este é meutestparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
security = USER
server min protocol = SMB2
server role = standalone server
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
hosts allow = 192.168.1.
[share]
create mask = 0770
directory mask = 0770
path = /smbshare
read only = No
valid users = @smbgroup
Qualquer ajuda seria apreciada. Sou muito novo nisso, então não sei como depurar nada. Reiniciei os serviços smbd e nmbd e verifiquei o status. Não houve problemas óbvios.
Também executo um compartilhamento nfs nesta máquina e funciona bem. Presumo que isso não cause nenhum conflito.
Histórico
Ainda estou brincando com o arquivo de configuração para tentar fazer algo funcionar... aqui está o que parecia quando esses logs foram gerados.
[global]
log level = 3
workgroup = WORKGROUP
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[Share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
guest ok = yes
primeiro registro...
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
e outro
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110
[2020/08/12 13:34:30.779090, 3] ../source3/smbd/oplock.c:1389(init_oplocks)
init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2020/08/12 13:34:30.782362, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.935674, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.935928, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.936030, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.936070, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302, 3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461, 3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488, 3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519, 3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834, 2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017, 3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.939241, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.939493, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.939582, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.939611, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656, 3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695, 3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}
Responder1
Acho que descobri o problema: você mencionou que não quer segurança, então acho que não adicionou nenhum usuário e executou smbpasswd. Usuário userpode ser o usuário com quem você faz login em seu sistema Debian.
Ainda na sua configuração você tem security = user, o que significa autenticação do usuário.
Portanto, para nenhuma autenticação, você só precisa de:
[global]
map to guest = Bad User
[Share]
path = /smbshare
read only = no
guest ok = yes
guest only = yes
(Eu chequeiWiki do sambapara a configuração necessária)
Responder2
Ok, aqui está o mínimo necessário para um compartilhamento somente para convidados, que não usa SMBv1:
[global]
security = USER
map to guest = Bad User
client min protocol = SMB2
server min protocol = SMB2
[share]
path = /smbshare
read only = No
guest ok = yes
guest only = yes
Quando você tiver feito isso funcionar e quiser usuários autenticados, leia 'man smb.conf'