통나무

통나무

Windows, Mac OS X 및 기타 Debian 10 컴퓨터에서 사용할 Debian 10 서버에서 Samba 공유를 배포하려고 합니다.

며칠 동안 이 작업을 수행했는데 어떤 컴퓨터(공용 공유든 개인 공유든)를 사용하여 연결할 수 없습니다.

문제의 일부는 삼바 구성 파일에 무엇을 넣어야 할지 모른다는 것입니다.

몇 가지 기본 기능이 작동하려면 구성에 최소한 몇 가지를 추가해야 합니까? (공개적으로 공유되며 보안이 없습니다. 지금은 신경 쓰지 않습니다.)

Samba가 nextcloud와 충돌한다는 이론이 있습니다. smbtree나는 이것이 네트워크의 다른 Linux 머신에서 실행될 때 Debian 10 서버의 가상 머신에서 실행 중이거나 실행되었던 nextcloud 서버의 IP 주소를 얻기 때문에 이것이 사실이라고 생각합니다 .

이제 이 문제를 해결하려고 시도하는 동안 가상 머신을 비활성화했지만 여전히 성공하지 못했습니다.

smbclient이것은 서버 IP를 사용하여 서버에서 실행되는 출력입니다. (그 자체)

smbclient -L 192.168.1.111 -U smbuser
Unable to initialize messaging context
Enter WORKGROUP\smbuser's password: 

    Sharename       Type      Comment
    ---------       ----      -------
    share           Disk      
    IPC$            IPC       IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available

이건 내 콘텐츠야/etc/samba/smb.conf

[global]

   log level = 3

   workgroup = WORKGROUP
   hosts allow = 192.168.1.
   security = user
   max protocol = SMB3
   min protocol = SMB2

   log file = /var/log/samba/log.%m

   max log size = 1000

   logging = file

   panic action = /usr/share/samba/panic-action %d

   server role = standalone server

   obey pam restrictions = yes


   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .


   pam password change = yes

   map to guest = bad user
   usershare allow guests = yes

[share]
  path = /smbshare
  writable = yes
  create mode = 0770
  directory mode = 0770
  share modes = yes
  guest ok = no
  valid users = @smbgroup

이 내 꺼야testparm

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
    log file = /var/log/samba/log.%m
    logging = file
    map to guest = Bad User
    max log size = 1000
    obey pam restrictions = Yes
    pam password change = Yes
    panic action = /usr/share/samba/panic-action %d
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    passwd program = /usr/bin/passwd %u
    security = USER
    server min protocol = SMB2
    server role = standalone server
    unix password sync = Yes
    usershare allow guests = Yes
    idmap config * : backend = tdb
    hosts allow = 192.168.1.


[share]
    create mask = 0770
    directory mask = 0770
    path = /smbshare
    read only = No
    valid users = @smbgroup

어떤 도움이라도 대단히 감사하겠습니다. 나는 이것에 매우 익숙하지 않기 때문에 실제로 디버깅하는 방법을 모릅니다. smbd 및 nmbd 서비스를 다시 시작하고 상태를 확인했습니다. 명백한 문제는 발생하지 않습니다.

나는 또한 이 컴퓨터에서 nfs 공유를 실행하고 있는데 훌륭하게 작동합니다. 나는 이것이 어떤 갈등을 일으킬 것이라고 생각하지 않습니다.

통나무

저는 아직도 뭔가 작동하도록 구성 파일을 가지고 놀고 있습니다. 이러한 로그가 생성되면 다음과 같이 보입니다.


[global]

   log level = 3

   workgroup = WORKGROUP

   log file = /var/log/samba/log.%m

   max log size = 1000

   logging = file

   panic action = /usr/share/samba/panic-action %d

   server role = standalone server

   obey pam restrictions = yes

   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

   map to guest = bad user

   usershare allow guests = yes


[Share]
  path = /smbshare
  writable = yes
  create mode = 0770
  directory mode = 0770
  guest ok = yes

첫 번째 로그...

[2020/08/12 13:34:31.940912,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997,  3] ../source3/smbd/service.c:603(make_connection_snum)
  make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2020/08/12 13:34:31.941081,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226,  3] ../source3/smbd/service.c:849(make_connection_snum)
  debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097,  3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
  api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132,  3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
  check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158,  3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
  check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207,  3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
  api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286,  1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
  Failed to fetch record!
[2020/08/12 13:34:31.944309,  1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
  pcap cache not loaded
[2020/08/12 13:34:31.945757,  3] ../source3/smbd/service.c:1129(close_cnum)
  debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)

그리고 또 다른

[2020/08/12 13:34:31.940912,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.1.110 (192.168.1.110)
[2020/08/12 13:34:31.940997,  3] ../source3/smbd/service.c:603(make_connection_snum)
  make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2020/08/12 13:34:31.941050,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2020/08/12 13:34:31.941081,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2020/08/12 13:34:31.941226,  3] ../source3/smbd/service.c:849(make_connection_snum)
  debian (ipv4:192.168.1.110:33412) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 3744)
[2020/08/12 13:34:31.943097,  3] ../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
  api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.943132,  3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
  check_bind_req for srvsvc context_id=0
[2020/08/12 13:34:31.943158,  3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
  check_bind_req: srvsvc -> srvsvc rpc service
[2020/08/12 13:34:31.944207,  3] ../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
  api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2020/08/12 13:34:31.944286,  1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
  Failed to fetch record!
[2020/08/12 13:34:31.944309,  1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
  pcap cache not loaded
[2020/08/12 13:34:31.945757,  3] ../source3/smbd/service.c:1129(close_cnum)
  debian (ipv4:192.168.1.110:33412) closed connection to service IPC$
[2020/08/12 13:34:31.949744,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)
root@proton:/var/log/samba# cat log.192.168.1.110 
[2020/08/12 13:34:30.779090,  3] ../source3/smbd/oplock.c:1389(init_oplocks)
  init_oplocks: initializing messages.
[2020/08/12 13:34:30.779168,  3] ../source3/smbd/process.c:1956(process_smb)
  Transaction 0 of length 222 (0 toread)
[2020/08/12 13:34:30.779370,  3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_11
[2020/08/12 13:34:30.782362,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2020/08/12 13:34:30.782395,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2020/08/12 13:34:30.782415,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2020/08/12 13:34:30.782433,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'spnego' registered
[2020/08/12 13:34:30.782451,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'schannel' registered
[2020/08/12 13:34:30.782469,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2020/08/12 13:34:30.782487,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2020/08/12 13:34:30.782505,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2020/08/12 13:34:30.782523,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/08/12 13:34:30.782541,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_basic' registered
[2020/08/12 13:34:30.782559,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2020/08/12 13:34:30.782577,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_negotiate' registered
[2020/08/12 13:34:30.782599,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'krb5' registered
[2020/08/12 13:34:30.782618,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2020/08/12 13:34:31.934118,  3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.935422,  3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
  Got user=[user] domain=[WORKGROUP] workstation=[DEBIAN] len1=24 len2=306
[2020/08/12 13:34:31.935480,  3] ../source3/param/loadparm.c:3872(lp_load_ex)
  lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.935564,  3] ../source3/param/loadparm.c:548(init_globals)
  Initialising global parameters
[2020/08/12 13:34:31.935674,  3] ../source3/param/loadparm.c:2786(lp_do_section)
  Processing section "[global]"
[2020/08/12 13:34:31.935928,  2] ../source3/param/loadparm.c:2803(lp_do_section)
  Processing section "[Share]"
[2020/08/12 13:34:31.936030,  3] ../source3/param/loadparm.c:1621(lp_add_ipc)
  adding IPC service
[2020/08/12 13:34:31.936070,  3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[user]@[DEBIAN] with the new password interface
[2020/08/12 13:34:31.936093,  3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WORKGROUP]\[user]@[DEBIAN]
[2020/08/12 13:34:31.936302,  3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for user
[2020/08/12 13:34:31.936461,  3] ../libcli/auth/ntlm_check.c:403(ntlm_password_check)
  ntlm_password_check: NTLMv2 password check failed
[2020/08/12 13:34:31.936488,  3] ../libcli/auth/ntlm_check.c:449(ntlm_password_check)
  ntlm_password_check: Lanman passwords NOT PERMITTED for user user
[2020/08/12 13:34:31.936519,  3] ../libcli/auth/ntlm_check.c:595(ntlm_password_check)
  ntlm_password_check: LM password and LMv2 failed for user user, and NT MD4 password in LM field not permitted
[2020/08/12 13:34:31.936748,  2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [user] -> [user] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/08/12 13:34:31.936834,  2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
  Auth: [SMB2,(null)] user [WORKGROUP]\[user] at [Wed, 12 Aug 2020 13:34:31.936815 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [DEBIAN] remote host [ipv4:192.168.1.110:33412] mapped to [WORKGROUP]\[user]. local host [ipv4:192.168.1.111:445] 
  {"timestamp": "2020-08-12T13:34:31.936924+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "user", "workstation": "DEBIAN", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2937}}
[2020/08/12 13:34:31.937017,  3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
  gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/08/12 13:34:31.937072,  3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/08/12 13:34:31.938149,  3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2020/08/12 13:34:31.939042,  3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
  Got user=[] domain=[] workstation=[] len1=0 len2=0
[2020/08/12 13:34:31.939078,  3] ../source3/param/loadparm.c:3872(lp_load_ex)
  lp_load_ex: refreshing parameters
[2020/08/12 13:34:31.939142,  3] ../source3/param/loadparm.c:548(init_globals)
  Initialising global parameters
[2020/08/12 13:34:31.939241,  3] ../source3/param/loadparm.c:2786(lp_do_section)
  Processing section "[global]"
[2020/08/12 13:34:31.939493,  2] ../source3/param/loadparm.c:2803(lp_do_section)
  Processing section "[Share]"
[2020/08/12 13:34:31.939582,  3] ../source3/param/loadparm.c:1621(lp_add_ipc)
  adding IPC service
[2020/08/12 13:34:31.939611,  3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2020/08/12 13:34:31.939630,  3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2020/08/12 13:34:31.939656,  3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
  auth_check_ntlm_password: anonymous authentication for user [] succeeded
[2020/08/12 13:34:31.939695,  3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
  Auth: [SMB2,(null)] user []\[] at [Wed, 12 Aug 2020 13:34:31.939680 BST] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:192.168.1.110:33412] became [PROTON]\[nobody] [S-1-5-21-535964934-3898815840-3937253692-501]. local host [ipv4:192.168.1.111:445] 
  {"timestamp": "2020-08-12T13:34:31.939739+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.1.111:445", "remoteAddress": "ipv4:192.168.1.110:33412", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "nobody", "becameDomain": "PROTON", "becameSid": "S-1-5-21-535964934-3898815840-3937253692-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 1726}}

답변1

나는 문제를 해결했다고 생각합니다. 보안이 필요하지 않다고 하셨기 때문에 사용자를 추가하지 않고 실행한 것 같습니다 smbpasswd. 사용자는 user아마도 데비안 시스템에 로그인한 사용자일 것입니다.

그러나 구성에는 security = user사용자 인증을 의미하는 이 있습니다.

따라서 인증이 필요하지 않은 경우 다음이 필요합니다.

[global]
        map to guest = Bad User

[Share]
        path = /smbshare
        read only = no
        guest ok = yes
        guest only = yes

(나는 확인했다삼바 위키필수 구성의 경우)

답변2

좋습니다. SMBv1을 사용하지 않고 게스트 전용 공유에 필요한 최소한의 사항은 다음과 같습니다.

[global]
    security = USER
    map to guest = Bad User
    client min protocol = SMB2
    server min protocol = SMB2

[share]
    path = /smbshare
    read only = No
    guest ok = yes
    guest only = yes

작업이 완료되고 인증된 사용자가 필요하면 "man smb.conf"를 읽으십시오.

관련 정보