使用samba 2:4.7.6,基于Ubuntu 18.04.3 LTS的Lubuntu发行版
枚举共享时,是否有一种方法可以强制samba请求有效的凭据?
问题:Windows 10版本1903缓存会话凭据。浏览SMB服务器的共享时,它将枚举EnumShares2
具有匿名凭据的共享(),该凭据将被缓存。随后尝试连接到需要身份验证的共享的尝试失败,并显示以下消息:
不允许同一用户使用多个用户名与服务器或共享资源建立多个连接。断开与服务器或共享资源的所有先前连接,然后重试。
在Windows 10 1903中,似乎没有任何方法可以迫使Windows在重新启动计算机后释放匿名会话。
在远程Windows计算机上枚举共享时,不会发生此问题,因为自Windows 1703(服务器2016,不确定)以来,已禁用匿名的共享浏览。
实际上,除非可以说服samba不要枚举具有匿名凭据的共享,否则在窗口10上几乎100%的时间都无法访问samba共享,因为用户无需先浏览服务器共享就不可能连接到该共享。
/ var / log / samba日志文件中没有明显的错误。
@smbgroup仅包含一个用户“ smb”,该用户是专门为访问共享而创建的。
我的smb.conf如下:
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = %h server (Samba, Ubuntu)
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = yes
interfaces = 127.0.0.0/8 eth0
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
# Maximum number of usershare. 0 (default) means that usershare is disabled.
usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
# Added shares
[Anonymous]
path = /samba/anonymous
browsable = yes
writable = no
read only = yes
force user = nobody
[SECURED]
path = /samba/shares
valid users = @smbgrp
browsable = yes
writable = yes
read only = no
在您的全局部分中添加:
restrict anonymous = 2
并更改允许访客,因为它取消了匿名限制:
usershare allow guests = no
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句