[Samba] 转发: 答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?

Rowland Penny rpenny at samba.org
Wed Feb 8 13:22:39 UTC 2017


On Wed, 8 Feb 2017 12:10:00 +0000
Chenyehua via samba <samba at lists.samba.org> wrote:

> Thanks for your response, Rowland.
> Sorry for the late reply.
> Here is my smb.conf:
> 
> [global]
>    workgroup = grouptest1
> 
>    server string = %h server (Samba NAS)
> 
>    dns proxy = no
> 
>    log file = /var/log/samba/log.%m
> 
>    max log size = 10000
> 
>    syslog = 0
> 
>    panic action = /usr/share/samba/panic-action %d
> 
>    server role = standalone server
> 
>    obey pam restrictions = yes
> 
>    unix password sync = yes
> 
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> 
>    pam password change = yes
>    map to guest = bad password
> 
>    usershare allow guests = yes
>    max protocol = SMB3
>    large readwrite = yes
>    use sendfile = yes
>    aio read size = 1024
>    oplocks = no
>    deadtime = 10
>    aio write behind = true
>    load printers = no
>    clustering = yes
>    idmap config *:backend = tdb2
>    store dos attributes = yes
>    vfs objects = acl_xattr
>    idmap config *:range = 1000000-1999999
>    acl_xattr:ignore system acls = yes
>    socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
>    netbios name = netaaa1
>    ctdbd socket = /var/run/ctdb/ctdbd.socket
>    log level = 2
>    security = user
> 

Ok, this is a standalone server, so I suggest you remove these lines:

   idmap config *:backend = tdb2
   idmap config *:range = 1000000-1999999
   socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072

But I think your problem is being caused by this line (and possibly fat
fingers):

    map to guest = bad password

If you read 'man smb.conf' you will find this:

           ·   Bad Password - Means user logins with an invalid password are
               treated as a guest login and mapped into the guest account.
               Note that this can cause problems as it means that any user
               incorrectly typing their password will be silently logged on as
               "guest" - and will not know the reason they cannot access files
               they think they should - there will have been no message given
               to them that they got their password wrong. Helpdesk services
               will hate you if you set the map to guest parameter this way
               :-).

This means if the users windows password isn't the same as the one on
the Samba server, they will get logged in, but as the 'Guest' user.

Rowland



More information about the samba mailing list