歡迎您光臨本站 註冊首頁

急死我了,看看我的samba配置

←手機掃碼閱讀     火星人 @ 2014-03-05 , reply:0

急死我了,看看我的samba配置

我在虛擬機上做試驗,user級別的,在windows下我用用戶beyond登陸,可試看了好幾天了
就是登陸不上去,提示許可權不夠,可以看到登陸對話框,
大家幫我看下配置文件,

samba.con





# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = workgroup

# server string is the equivalent of the NT Description field
   server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   printcap name = /etc/printcap
   load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
    guest account = beyond

                                                                                                         
# this tells Samba to use a separate log file for each machine
# that connect
   log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
   max log size = 0

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
                                                            



# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.

   pam password change = yes

# Unix users can map to different SMB User names
;  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
   include = /etc/samba/smb.conf.%m

# This parameter will control whether or not Samba should obey PAM's
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes

  obey pam restrictions = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
#       a specific host or from / to a whole subnet (see below)
;   remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
;   remote announce = 192.168.1.255 192.168.2.44

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
                                                                                    



# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
                                                                              

;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no

# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
;  preserve case = no
;  short preserve case = no
# Default case is normally upper case for all DOS files
;  default case = lower
# Be very careful with case sensitivity - it can break things!
;  case sensitive = no

#============================ Share Definitions ==============================

   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user


# Un-comment the following and create the netlogon directory for Domain Logons
;
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer

   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;
;   comment = Fred's Printer
;   valid users = fred
;   path = /home/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes




# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;
;  comment = PC Directories
;  path = /usr/local/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765



comment = this is my samba
path = /home/myfile
valid users = beyond
public = yes
writable = yes
                                                              



etc/passwd文件




# more /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/bin/bash
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/html/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin
wnn:x:49:49:Wnn System Account:/home/wnn:/sbin/nologin
fax:x:78:78:mgetty fax spool user:/var/spool/fax:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nut:x:57:57:Network UPS Tools:/var/lib/ups:/bin/false
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
ident:x:98:98:pident user:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
privoxy:x:73:73::/etc/privoxy:/sbin/nologin
pvm:x:24:24::/usr/share/pvm3:/bin/bash
desktop:x:80:80:desktop:/var/lib/menu/kde:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
gaojw:x:500:500::/home/gaojw:/bin/bash
pcguest:x:501:501::/home/pcguest:/bin/bash
tom:x:502:502::/home/tom:/bin/false
jack:x:503:502::/home/jack:/bin/false
blue:x:504:503::/home/blue:/bin/false
red:x:505:503::/home/red:/bin/false
ceo:x:506:506::/home/ceo:/bin/bash
finance:x:507:507::/home/finance:/bin/bash
beyond:x:508:508::/home/beyond:/bin/bash




smbpasswd文件

# more /etc/samba/smbpasswd
gaojw:500:C5636E6A54F171D5AAD3B435B51404EE:C0B2E2EAADBF062988911F70F1C2FEAC:[UX
        ]:LCT-45F0FBDD:
pcguest:501:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[N
UX        ]:LCT-45F16172:
tom:502:67BD2EC1E23AEA8CAAD3B435B51404EE:3ABCFAF9E6F23022460DC080176DFE9E:[UX
      ]:LCT-45F1675C:
jack:503:B43EA9678CCE3558AAD3B435B51404EE:E916F15E8AF7AA03095CC34B3E231B1A:[UX
       ]:LCT-45F167D7:
blue:504:9095220ABA77AA81AAD3B435B51404EE:505A9279CFD2F94C658980551CFDE735:[UX
       ]:LCT-45F16990:
red:505:7B96B77A223162B1AAD3B435B51404EE:2C8A51B3BC2395D6F3623A0B7C4F1CFA:[UX
      ]:LCT-45F16984:
ceo:506:422E5EA80C550F9AAAD3B435B51404EE:0A5ECB1958AF159FED0F21FFFD6FBEC6:[UX
      ]:LCT-45F1A774:
finance:507:5A1F577AA1B5670EAAD3B435B51404EE:ED33B9BB99871697B48FA61312116CEA:[U
X         ]:LCT-45F16A76:
beyond:508:C5636E6A54F171D5AAD3B435B51404EE:C0B2E2EAADBF062988911F70F1C2FEAC:[UX
         ]:LCT-45F1A763:


/home/myfile許可權




# ls -l /home/myfile

-rwxr--r--    1 nobody   nobody      11225  3?? 10 02:03 smb.conf
《解決方案》

是提示沒有許可權,還是提示用戶名,密碼不對?
把問題描述清楚一些。
看你發的貼子,我都頭疼!!!
《解決方案》

麻煩版主了,我都就這個問題弄了好幾天,

登陸的時候可以看到輸入用戶名和密碼對話框,
是提示沒有許可權。
我把用戶已經加到smbpasswd文件中了,
看看我的配置文件有沒有問題。
《解決方案》

#tail /var/log/samba/smbd.log   看看 或許能找到答案了!~ 呵呵我也一新手 不怎麼專業
《解決方案》

估計又是selinux沒關!這個破東西害死人了
《解決方案》

原帖由 ghsy3056 於 2007-4-5 10:42 發表
麻煩版主了,我都就這個問題弄了好幾天,

登陸的時候可以看到輸入用戶名和密碼對話框,
是提示沒有許可權。
我把用戶已經加到smbpasswd文件中了,
看看我的配置文件有沒有問題。

你登陸進去了嗎?
《解決方案》

沒有登陸成功,輸入用戶名beyond和密碼beyond, 但提示沒有許可權訪問,
版主,我的smb.conf文件有沒有問題,
沒問題的個話,我就在用戶密碼文件和目錄許可權上找找原因。
我用的是redhat 9.0

謝謝大家。
搞的都頭暈了,
匿名的可以訪問,但配置user級別的就出問題。每天晚上搞到12多實在沒辦法了才睡覺
《解決方案》

smb用戶必須系統用戶
正確添加SMB用戶的辦法:
smbpasswd -a user
《解決方案》

感謝版主耐心的解答,我在試試。
《解決方案》

添加用戶時提示

nknown parameter encountered: "netbios"
Ignoring unknown parameter "netbios"
是不是這個的原因。
# smbpasswd -a beyond
Unknown parameter encountered: "netbios"
Ignoring unknown parameter "netbios"
New SMB password:
Retype new SMB password:
unable to open passdb database.
Added user beyond.



這是日誌:


# tail /var/log/samba/smbd.log
param/loadparm.c:lp_do_parameter(2752)
  Ignoring unknown parameter "netbios"
param/loadparm.c:map_parameter(2077)
  Unknown parameter encountered: "netbios"
param/loadparm.c:lp_do_parameter(2752)
  Ignoring unknown parameter "netbios"
param/loadparm.c:map_parameter(2077)
  Unknown parameter encountered: "netbios"
param/loadparm.c:lp_do_parameter(2752)
  Ignoring unknown parameter "netbios"

[火星人 ] 急死我了,看看我的samba配置已經有553次圍觀

http://coctec.com/docs/service/show-post-40014.html