使用 AD 的 Samba Share 问题

【问题标题】:Samba Share problems using AD使用 AD 的 Samba Share 问题
【发布时间】:2016-08-11 14:39:03
【问题描述】:

我在 Windows Server Enterprise 2008 R2 中有一个 AD 域。 域名是 ferreiradias.local 我已经安装了一个 xubuntu box 16.04 并完成了所有更新。 我已经安装了 samba、winbind 和 krb5-client 和 ntp 并配置了它们。 krb5.conf:

[libdefaults]
ticket_lifetime = 24h
default_realm = FERREIRADIAS.LOCAL
forwardable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FERREIRADIAS.LOCAL = {
kdc = 192.168.1.3:88
admin_server = DC-FD.FERREIRADIAS.LOCAL
default_domain = FERREIRADIAS.LOCAL
}
[domain_realm]
.FERREIRADIAS.LOCAL = FERREIRADIAS.LOCAL
FERREIRADIAS.LOCAL = FERREIRADIAS.LOCAL
.ferreiradias.local = FERREIRADIAS.LOCAL
ferreiradias.local = FERREIRADIAS.LOCAL
[kdc]
profile = /etc/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

nssswitch.conf

passwd:         files winbind
group:          files winbind
shadow:         files winbind

主机名

nas1

主机

127.0.0.1   localhost
127.0.1.1   nas1.ferreiradias.local nas1.ferreiradias nas1

我可以将 linux 框添加到 AD。在那之前一切都很好。

smb.conf

[global]
security = ADS
realm = FERREIRADIAS.LOCAL
password server = 192.168.1.3
workgroup = ferreiradias
idmap config * : range = 10000-20000
server string = Linuxserver
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind use default domain = yes
winbind nested groups = yes
template homedir = /home/%U
template shell = /bin/bash
client use spnego = yes
ntlm auth = yes
lanman auth = no
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
os level = 0
map to guest = bad user
guest account = nobody
unix extensions = yes

[partilha1]
comment = Marketing
path = /sharing/
valid users =@FERREIRADIAS\jorgcar
writable = yes
read only = no
force create mode = 0777
create mask = 0777
directory mask = 0777
force directory mode = 0777
access based share enum = yes
hide unreadable = yes

问题是当我尝试通过 Windows 10 / 7 访问 linux 机器时,出现“访问被拒绝”错误。有人可以指点我一些指南吗?真的坚持这个

【问题讨论】:

    标签: linux active-directory samba


    【解决方案1】:

    尝试添加行

    client max protocol = SMB3


    /etc/samba/smb.conf

    [global]部分。

    可能不支持您的 samba 版本。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2013-11-20
      • 1970-01-01
      • 1970-01-01
      • 2012-02-29
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode