Я пытаюсь развернуть общий ресурс Samba с сервера Debian 10, который я собираюсь использовать как с Windows, так и с Mac OS X и другими машинами Debian 10.
Я занимаюсь этим уже несколько дней и не могу подключиться к нему ни с одной машины, ни с публичной, ни с частной.
Часть проблемы в том, что я не знаю, что мне следует указать в файле конфигурации Samba.
Какой минимальный объем данных мне нужно добавить в конфигурацию, чтобы что-то работало? (Общедоступный, без безопасности — на данный момент меня это не волнует.)
У меня есть теория, что samba конфликтует с nextcloud. Я считаю, что это так, потому что когда я запускаю smbtreeс другой машины Linux в сети, она подхватывает IP-адрес сервера nextcloud, который запущен (или работал) на виртуальной машине на сервере Debian 10.
Я отключил эту виртуальную машину, пока пытаюсь разобраться, но все равно безуспешно.
Это мой вывод smbclient, который я запустил на сервере, используя IP-адрес сервера. (сам)
smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password:
Sharename Type Comment
--------- ---- -------
share Disk
IPC$ IPC IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available
Вот содержимое моего/etc/samba/smb.conf
[global]
log level = 3
workgroup = WORKGROUP
hosts allow = 192.168.1.
security = user
max protocol = SMB3
min protocol = SMB2
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
valid users = @smbgroup
Это моеtestparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
security = USER
server min protocol = SMB2
server role = standalone server
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
hosts allow = 192.168.1.
[share]
create mask = 0770
directory mask = 0770
path = /smbshare
read only = No
valid users = @smbgroup
Буду признателен за любую помощь. Я совсем новичок в этом деле, поэтому не знаю, как отлаживать что-либо. Я перезапустил службы smbd и nmbd и проверил статус. Явных проблем не было.
Я также запускаю nfs share на этой машине, и это работает нормально. Я предполагаю, что это не вызывает никаких конфликтов.
Журналы
Я все еще экспериментирую с файлом конфигурации, чтобы попытаться заставить что-то работать... вот как это выглядело, когда были сгенерированы эти логи.
[global]
log level = 3
workgroup = WORKGROUP
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[Share]
path = /smbshare
writable = yes
create mode = 0770
directory mode = 0770
guest ok = yes
первый журнал...
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
и другой
[2020/08/12 13:34:31.940912, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997, 3] ../source3/smbd/service.c:603(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2020/08/12 13:34:31.941081, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226, 3] ../source3/smbd/service.c:849(make_connection_snum)
debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097, 3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207, 3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2020/08/12 13:34:31.944309, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2020/08/12 13:34:31.945757, 3] ../source3/smbd/service.c:1129(close_cnum)
debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110
[2020/08/12 13:34:30.779090, 3] ../source3/smbd/oplock.c:1389(init_oplocks)
init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2020/08/12 13:34:30.782362, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.935674, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.935928, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.936030, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.936070, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302, 3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461, 3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488, 3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519, 3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834, 2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017, 3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078, 3] ../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142, 3] ../source3/param/loadparm.c:548(init_globals)
Initialising global parameters
[2020/08/12 13:34:31.939241, 3] ../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2020/08/12 13:34:31.939493, 2] ../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[Share]"
[2020/08/12 13:34:31.939582, 3] ../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/08/12 13:34:31.939611, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656, 3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695, 3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445]
{"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}
решение1
Думаю, я понял, в чем проблема: вы говорите, что не хотите никакой безопасности, поэтому, полагаю, вы не добавили ни одного пользователя и запустили smbpasswd. Пользователь userможет быть тем пользователем, под которым вы входите в систему Debian.
Однако в вашей конфигурации есть security = user, что означает аутентификацию пользователя.
Таким образом, для отсутствия аутентификации вам понадобится только:
[global]
map to guest = Bad User
[Share]
path = /smbshare
read only = no
guest ok = yes
guest only = yes
(Я проверилсамба викидля необходимой конфигурации)
решение2
Хорошо, вот минимум, который вам нужен для гостевого общего доступа, не использующего SMBv1:
[global]
security = USER
map to guest = Bad User
client min protocol = SMB2
server min protocol = SMB2
[share]
path = /smbshare
read only = No
guest ok = yes
guest only = yes
Когда вы заставите все это работать и захотите аутентифицированных пользователей, прочтите «man smb.conf»