ID 도메인에 CentOS 서버가 가입되어 있습니다.영역(8)사용솔리드 스테이트 드라이브(8). 하지만 winbind가 설치되어 있지 않습니다. 일반적으로 AD 도메인 사용자를 사용하여 이 CentOS 서버에 로그인할 수 있습니다. 저는 도메인의 사용자에게 파일을 제공하기 위해 이 서버에 삼바 공유를 설정했습니다. 많은 삼바 구성을 시도했는데 마지막 구성은 다음과 같습니다.
[global]
workgroup = MYDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYDOMAIN.LOCAL.FQDN
security = ads
log file = /var/log/samba/log.%m
log level =3
passdb backend = tdbsam
encrypt passwords = yes
[myshare]
path = /myshare/
browsable =yes
write list=@mygroup
writable = yes
read only = yes
# below are 3 attempts to allow my group
valid users=@"[email protected]" @"mygroup" @"mydomain\mygroup"
Windows 10 PC를 사용하는 경우 \myCentOSserver\에 액세스하여 myshare가 포함된 공유 서버 목록을 엽니다. 더블클릭하면 로그인 실패 메시지와 함께 사용자 이름과 비밀번호를 묻는 창이 뜹니다. 그런데 저는 이미 해당 mygroup AD 그룹의 사용자 구성원으로 로그인되어 있습니다.
내 삼바 로그 파일은 다음과 같습니다
# cat /var/log/samba/log.192.168.15.123
[2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 159 (0 toread)
[2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 34286) conn 0x0
[2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN1.0]
[2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LM1.2X002]
[2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN2.1]
[2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.002]
[2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.???]
[2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
Selected protocol SMB 2.???
[2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
[2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [[email protected]]
[2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[myshare]"
[2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
idmap range not specified for domain '*'
[2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
[2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
[2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path \mycentosserver\myshare is not a dfs root.
[2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path \mycentosserver\myshare is not a dfs root.
[2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path \mycentosserver\myshare is not a dfs root.
[2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path \mycentosserver\myshare is not a dfs root.
[2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path \mycentosserver\myshare is not a dfs root.
[2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path \mycentosserver\myshare is not a dfs root.
[2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @[email protected] is not in a valid format
[2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomain\mygroup is not in a valid format
[2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
[2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
AD그룹을 이용해서 3번 시도한다고 나와요잘못된 형식. 이제 내 사용자 이름을 "@" 기호 없이 smb.conf유효한 사용자 섹션 에 직접 입력하면 @"Domain Users"문제 없이 공유에 액세스할 수 있습니다. 그렇다면 AD 그룹을 하나만 지정하려면 어떻게 해야 할까요?