我在 Debian Buster 上有一個從 Debian Stretch 升級的 samba 伺服器。這將 Samba 從 4.5.16 升級到 4.9.5。在這個過程中的某個地方,對群體的處理似乎改變了。以前可以透過正確的群組成員身分存取共用的使用者無法再存取它們。
- 使用者可以存取他們的主目錄
- 使用者可以存取訪客共享
- 用戶可以存取其主要群組的共享
- 使用者無法存取其輔助群組的共享
smb.conf 檔案其實如下:
[global]
workgroup = EXAMPLE
realm = WIN.EXAMPLE.COM
security = ADS
server string = %h
wins server = 10.0.1.10 10.0.2.20
panic action = /usr/share/samba/panic-action %d
invalid users = root
server signing = required
ntlm auth = no
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
min protocol = SMB2
[guestshare]
path = /srv/guestshare
guest ok = yes
writeable = yes
[working]
path = /srv/working
guest ok = no
writable = yes
create mask = 0660
directory mask = 0770
valid users = +working
[notworking]
path = /srv/notworking
guest ok = no
writable = yes
create mask = 0660
directory mask = 0770
valid users = +notworking
用戶可以訪問賓客分享和在職的股,但不是不工作分享。
使用者的群組成員資格如下所示:
# id user
uid=1234(user) gid=10000(working) groups=10000(working),10010(notworking),10020(othergroup)
請告訴我我在這裡缺少什麼。