[Samba] 转发: 答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?
Rowland Penny
rpenny at samba.org
Wed Feb 8 13:22:39 UTC 2017
On Wed, 8 Feb 2017 12:10:00 +0000
Chenyehua via samba <samba at lists.samba.org> wrote:
> Thanks for your response, Rowland.
> Sorry for the late reply.
> Here is my smb.conf:
>
> [global]
> workgroup = grouptest1
>
> server string = %h server (Samba NAS)
>
> dns proxy = no
>
> log file = /var/log/samba/log.%m
>
> max log size = 10000
>
> syslog = 0
>
> panic action = /usr/share/samba/panic-action %d
>
> server role = standalone server
>
> obey pam restrictions = yes
>
> unix password sync = yes
>
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>
> pam password change = yes
> map to guest = bad password
>
> usershare allow guests = yes
> max protocol = SMB3
> large readwrite = yes
> use sendfile = yes
> aio read size = 1024
> oplocks = no
> deadtime = 10
> aio write behind = true
> load printers = no
> clustering = yes
> idmap config *:backend = tdb2
> store dos attributes = yes
> vfs objects = acl_xattr
> idmap config *:range = 1000000-1999999
> acl_xattr:ignore system acls = yes
> socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
> netbios name = netaaa1
> ctdbd socket = /var/run/ctdb/ctdbd.socket
> log level = 2
> security = user
>
Ok, this is a standalone server, so I suggest you remove these lines:
idmap config *:backend = tdb2
idmap config *:range = 1000000-1999999
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
But I think your problem is being caused by this line (and possibly fat
fingers):
map to guest = bad password
If you read 'man smb.conf' you will find this:
· Bad Password - Means user logins with an invalid password are
treated as a guest login and mapped into the guest account.
Note that this can cause problems as it means that any user
incorrectly typing their password will be silently logged on as
"guest" - and will not know the reason they cannot access files
they think they should - there will have been no message given
to them that they got their password wrong. Helpdesk services
will hate you if you set the map to guest parameter this way
:-).
This means if the users windows password isn't the same as the one on
the Samba server, they will get logged in, but as the 'Guest' user.
Rowland
More information about the samba
mailing list