使用 samba 2:4.7.6,基于 Ubuntu 18.04.3 LTS 的 Lubuntu 发行版
枚举共享时有没有办法强制 samba 请求有效凭据?
问题:Windows 10 版本 1903 缓存会话凭据。EnumShares2
浏览 SMB 服务器的共享时,它会使用匿名凭据枚举共享 ( ),这些凭据会被缓存。随后尝试连接到需要身份验证的共享失败并显示以下消息:
不允许同一用户使用多个用户名与服务器或共享资源建立多个连接。断开与服务器或共享资源的所有先前连接,然后重试。
在 Windows 10 1903 中,似乎没有任何方法可以强制 Windows 在不重新启动机器的情况下释放匿名会话。
枚举远程 Windows 计算机上的共享时不会出现此问题,因为自 Windows 1703(Server 2016?,不确定)以来已禁用共享的匿名浏览。
实际上,除非可以说服 samba 不使用匿名凭据枚举共享,否则 samba 共享几乎 100% 的时间都无法在窗口 10 上访问,因为用户不太可能在没有首先浏览服务器共享的情况下连接到共享。
/var/log/samba 日志文件中没有明显的错误。
@smbgroup 只包含一个用户“smb”,它是专门为访问共享而创建的。
我的 smb.conf 如下:
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = %h server (Samba, Ubuntu)
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = yes
interfaces = 127.0.0.0/8 eth0
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
# Maximum number of usershare. 0 (default) means that usershare is disabled.
usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
# Added shares
[Anonymous]
path = /samba/anonymous
browsable = yes
writable = no
read only = yes
force user = nobody
[SECURED]
path = /samba/shares
valid users = @smbgrp
browsable = yes
writable = yes
read only = no
在您的全局部分中添加:
并更改允许客人,因为它取消了匿名限制: