当列出Samba共享时拒绝访问
当列出Samba共享时拒绝访问
提问于 2021-11-24 20:03:41
我安装了Samba来与Windows 10机器共享文件。安装程序可以正确地使用单独的共享路径(如\\myhost\sejf )访问它们,但是在\\myhost上列出共享将失败,访问被拒绝。我试图调查各种可能的选择,但没有运气。我在另一台机器(Raspbian)上有一个非常相似的设置,在那里我没有问题,所以我怀疑它可能与机器上的操作系统Ubuntu20.04有某种关系。
我的samba配置(由Ansible角色创建,但这并不重要):
[global]
# Server information
netbios name = MYHOST
workgroup = WORKGROUP
server string = Fileserver %m
# Logging
logging = syslog
# Authentication
security = user
passdb backend = tdbsam
map to guest = never
# Name resolution: make sure \\NETBIOS_NAME\ works
wins support = yes
local master = yes
domain master = yes
preferred master = yes
# Don't load printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# Fix for CVE-2017-7494 in Samba versions from 3.5.0 and before 4.6.4
# https://access.redhat.com/security/cve/cve-2017-7494
nt pipe support = no
include = /etc/samba/samba.global.conf
## Shared directories
[sejf]
path = /srv/sejf
public = no
create mode = 0664
force create mode = 0664
directory mode = 0775
force directory mode = 0775
owner = minidlna以及所包含的文件samba.global.conf:
hide files = /lost+found/
server role = standalone server
max log size = 1000000
protocol = SMB3
valid users = @sambashare
write list = @sambashare
guest ok = yes
writable = yes
browseable = yes
group = sambashare我试图使用protocol = SMB3强制执行协议,但无论是否使用它,我都会遇到相同的错误。
然后,我试着用smbclient列出股票,发现了一个奇怪的错误:
% smbclient -L //myhost/ -U guest
Unable to initialize messaging context
Enter WORKGROUP\guest's password:
Sharename Type Comment
--------- ---- -------
smb1cli_req_writev_submit: called for dialect[SMB3_11] server[192.168.49.105]
Error returning browse list: NT_STATUS_REVISION_MISMATCH
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Failed to connect with SMB1 -- no workgroup available我还得到了另一个服务器的错误Failed to connect with SMB1 -- no workgroup available,因为它的浏览功能很好,所以它显然与问题无关。
回答 1
Server Fault用户
发布于 2022-10-13 15:10:10
我使用相同的不可接受的角色来管理我的samba共享,而且我也遇到了同样的问题。我认为你所遇到的是由CVE缓解造成的
nt pipe support = no显然,RCE是有问题的,但是ansible角色中的版本检查失败了--我运行了4.13,它仍然包括缓解。在我的配置中手动禁用它
samba_mitigate_cve_2017_7494: false帮我修好东西。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1084526
复制相关文章
相似问题
腾讯云开发者
