LINUX.ORG.RU
ФорумAdmin

не могу подключить Samba папки к Windows 7

 , , ,


1

1

Добрый день.

Есть Centos 8, Samba 4.10.4.

Пользователи локальные, домена нет.

smb.conf:

[global]

    netbios name = ncloud
    workgroup = WORKGROUP
    security = user
    server string = %h server (Samba %v)
    map to guest = Bad Password
    printcap name = /dev/null
    passdb backend = tdbsam
    load printers = no
    show add printer wizard = no
    disable spoolss = yes
    os level = 60
   
    recylce:excludedir = tmp temp cache
    recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~?? *.log *.trace
    recycle:versions = Yes
    recycle:touch = Yes
    recycle:keeptree = Yes
    recycle:repository = /data/recycle/%U
    vfs objects = recycle

    log level = 1 auth:10 winbind:5 passdb:4
    max log size = 20480

[common]

    public = no
    writeable = yes
    browseable = yes
    read only = no
    guest ok = no
    comment = Public Folder
    valid users = @stuff
    force create mode = 0777
    force directory mode = 0777
    path = /data/samba/public
    create mask = 0777
    directory mask = 0777

При подключении папки из Windows 10 все прекрасно подключается, пользователь нормально автроризуется в самбе.

[2020/05/02 10:53:02.071084,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_util.c:123(make_user_info_map)
  Mapping user [MicrosoftAccount]\[admin] from workstation [KOZHEVNIKOV-HOM]
[2020/05/02 10:53:02.071114,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:64(make_user_info)
  attempting to make a user_info for admin (admin)
[2020/05/02 10:53:02.071124,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:72(make_user_info)
  making strings for admin's user_info struct
[2020/05/02 10:53:02.071138,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:117(make_user_info)
  making blobs for admin's user_info struct
[2020/05/02 10:53:02.071148, 10, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:163(make_user_info)
  made a user_info for admin (admin)
[2020/05/02 10:53:02.071157,  3, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [MicrosoftAccount]\[admin]@[KOZHEVNIKOV-HOM] with the new password interface
[2020/05/02 10:53:02.071214,  3, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [MicrosoftAccount]\[admin]@[KOZHEVNIKOV-HOM]
[2020/05/02 10:53:02.071228, 10, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:202(auth_check_ntlm_password)
  check_ntlm_password: auth_context challenge created by random
[2020/05/02 10:53:02.071238, 10, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:204(auth_check_ntlm_password)
  challenge is:
[2020/05/02 10:53:02.071248, 10, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_builtin.c:41(check_anonymous_security)
  Check auth for: [admin]
[2020/05/02 10:53:02.071258, 10, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:237(auth_check_ntlm_password)
  auth_check_ntlm_password: anonymous had nothing to say
[2020/05/02 10:53:02.072873,  4, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/check_samsec.c:183(sam_account_ok)
  sam_account_ok: Checking SMB password for user admin
[2020/05/02 10:53:02.072947,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/check_samsec.c:165(logon_hours_ok)
  logon_hours_ok: user admin allowed to logon at this time (Sat May  2 02:53:02 2020
  )
[2020/05/02 10:53:02.076357,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/server_info_sam.c:122(make_server_info_sam)
  make_server_info_sam: made server info for user admin -> admin
[2020/05/02 10:53:02.076424,  3, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:256(auth_check_ntlm_password)
  auth_check_ntlm_password: sam_ignoredomain authentication for user [admin] succeeded
[2020/05/02 10:53:02.076452,  5, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:283(auth_check_ntlm_password)
  check_ntlm_password:  PAM Account for user [admin] succeeded
[2020/05/02 10:53:02.076485,  2, pid=26878, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:316(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [admin] -> [admin] -> [admin] succeeded

Windows 7 ни вкакую не подключается. Самба не может авторизовать пользователя и мапит пользователя как геста.

  Mapping user [EROSHEVSKAYA]\[eroshevskaya] from workstation [EROSHEVSKAYA]
  attempting to make a user_info for eroshevskaya (eroshevskaya)
  making strings for eroshevskaya's user_info struct
  making blobs for eroshevskaya's user_info struct
  made a user_info for eroshevskaya (eroshevskaya)
  check_ntlm_password:  Checking password for unmapped user [EROSHEVSKAYA]\[eroshevskaya]@[EROSHEVSKAYA] with the new password interface
  check_ntlm_password:  mapped user is: [EROSHEVSKAYA]\[eroshevskaya]@[EROSHEVSKAYA]
  check_ntlm_password: auth_context challenge created by random
  challenge is:
  Check auth for: [eroshevskaya]
  auth_check_ntlm_password: anonymous had nothing to say
  auth_check_ntlm_password: sam_ignoredomain authentication for user [eroshevskaya] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
  check_ntlm_password:  Authentication for user [eroshevskaya] -> [eroshevskaya] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
  Registered username eroshevskaya for guest access
  ntlmssp_server_auth: Failed to create unmodified session key.

Пользователя и пароль ввожу верно. Перепробовал разные параметры конфига и настроек на семерке. Никак не могу победить. Может кто уидит в чем проблема?

Ответ на: комментарий от Pinkbyte

Закомментировал map to guest. Положительного результата не достиг.

Лог:

[2020/05/04 11:45:19.230651,  3, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [EROSHEVSKAYA]\[eroshevskaya]@[EROSHEVSKAYA] with the new password interface
[2020/05/04 11:45:19.230664,  3, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [EROSHEVSKAYA]\[eroshevskaya]@[EROSHEVSKAYA]
[2020/05/04 11:45:19.230677, 10, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:202(auth_check_ntlm_password)
  check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
[2020/05/04 11:45:19.230687, 10, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:204(auth_check_ntlm_password)
  challenge is:
[2020/05/04 11:45:19.230699, 10, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_builtin.c:41(check_anonymous_security)
  Check auth for: [eroshevskaya]
[2020/05/04 11:45:19.230709, 10, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:237(auth_check_ntlm_password)
  auth_check_ntlm_password: anonymous had nothing to say
[2020/05/04 11:45:19.231134,  5, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:251(auth_check_ntlm_password)
  auth_check_ntlm_password: sam_ignoredomain authentication for user [eroshevskaya] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/05/04 11:45:19.231172,  2, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:334(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [eroshevskaya] -> [eroshevskaya] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/05/04 11:45:19.231188,  5, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_server.c:386(ntlmssp_server_auth_send)
  ntlmssp_server_auth_send: Checking NTLMSSP password for EROSHEVSKAYA\eroshevskaya failed: NT_STATUS_WRONG_PASSWORD
[2020/05/04 11:45:19.231220, 10, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: ntlmssp[0x557946a54820]: subreq: 0x557946a175d0
[2020/05/04 11:45:19.231233, 10, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: spnego[0x557946a44f20]: subreq: 0x557946a4dd40
[2020/05/04 11:45:19.231288,  5, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:508(gensec_update_done)
  gensec_update_done: ntlmssp[0x557946a54820]: NT_STATUS_WRONG_PASSWORD tevent_req[0x557946a175d0/../../auth/ntlmssp/ntlmssp.c:181]: state[3] error[-7963671676338569110 (0x917B5ACDC000006A)]  state[struct gensec_ntlmssp_update_state (0x557946a17780)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:239]
[2020/05/04 11:45:19.231305,  3, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
  gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/05/04 11:45:19.231321,  5, pid=31261, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:508(gensec_update_done)
  gensec_update_done: spnego[0x557946a44f20]: NT_STATUS_WRONG_PASSWORD tevent_req[0x557946a4dd40/../../auth/gensec/spnego.c:1601]: state[3] error[-7963671676338569110 (0x917B5ACDC000006A)]  state[struct gensec_spnego_update_state (0x557946a4def0)] timer[(nil)] finish[../../auth/gensec/spnego.c:1993]
[root@nextloud samba]# id eroshevskaya
uid=1002(eroshevskaya) gid=1001(secret) groups=1001(secret),1000(stuff)
AHTOHuO75 ()
Ответ на: комментарий от bass

Тоже не помогает. Тут соль как раз в том что он не принимает то ли пользователя, то ли пароль от семерки (ну как мне кажется пароль, либо пользователя не в нужном виде получает). Попробовал и bas user и never(по умолчанию.) Лог немного поменялся:

 Got NTLMSSP neg_flags=0xe2088297
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_LM_KEY
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP_NEGOTIATE_56
[2020/05/04 21:56:24.648948, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: ntlmssp[0x562a76951620]: subreq: 0x562a769145d0
[2020/05/04 21:56:24.649013, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: spnego[0x562a76941f20]: subreq: 0x562a7694aea0
[2020/05/04 21:56:24.649053, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:514(gensec_update_done)
  gensec_update_done: ntlmssp[0x562a76951620]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x562a769145d0/../../auth/ntlmssp/ntlmssp.c:181]: state[2] error[0 (0x0)]  state[struct gensec_ntlmssp_update_state (0x562a76914780)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215]
[2020/05/04 21:56:24.649084, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:514(gensec_update_done)
  gensec_update_done: spnego[0x562a76941f20]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x562a7694aea0/../../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x562a7694b050)] timer[(nil)] finish[../../auth/gensec/spnego.c:2070]
[2020/05/04 21:56:24.651409,  3, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
  Got user=[eroshevskaya] domain=[EROSHEVSKAYA] workstation=[EROSHEVSKAYA] len1=24 len2=24
[2020/05/04 21:56:24.652409,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_util.c:123(make_user_info_map)
  Mapping user [EROSHEVSKAYA]\[eroshevskaya] from workstation [EROSHEVSKAYA]
[2020/05/04 21:56:24.652450,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:64(make_user_info)
  attempting to make a user_info for eroshevskaya (eroshevskaya)
[2020/05/04 21:56:24.652460,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:72(make_user_info)
  making strings for eroshevskaya's user_info struct
[2020/05/04 21:56:24.652473,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:117(make_user_info)
  making blobs for eroshevskaya's user_info struct
[2020/05/04 21:56:24.652493, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/user_info.c:163(make_user_info)
  made a user_info for eroshevskaya (eroshevskaya)
[2020/05/04 21:56:24.652501,  3, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [EROSHEVSKAYA]\[eroshevskaya]@[EROSHEVSKAYA] with the new password interface
[2020/05/04 21:56:24.652511,  3, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [EROSHEVSKAYA]\[eroshevskaya]@[EROSHEVSKAYA]
[2020/05/04 21:56:24.652531, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:202(auth_check_ntlm_password)
  check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
[2020/05/04 21:56:24.652540, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:204(auth_check_ntlm_password)
  challenge is:
[2020/05/04 21:56:24.652548, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_builtin.c:41(check_anonymous_security)
  Check auth for: [eroshevskaya]
[2020/05/04 21:56:24.652557, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:237(auth_check_ntlm_password)
  auth_check_ntlm_password: anonymous had nothing to say
[2020/05/04 21:56:24.653025,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:251(auth_check_ntlm_password)
  auth_check_ntlm_password: sam_ignoredomain authentication for user [eroshevskaya] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/05/04 21:56:24.653064,  2, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:334(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [eroshevskaya] -> [eroshevskaya] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/05/04 21:56:24.653079,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_server.c:386(ntlmssp_server_auth_send)
  ntlmssp_server_auth_send: Checking NTLMSSP password for EROSHEVSKAYA\eroshevskaya failed: NT_STATUS_WRONG_PASSWORD
[2020/05/04 21:56:24.653096, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: ntlmssp[0x562a76951620]: subreq: 0x562a769145d0
[2020/05/04 21:56:24.653150, 10, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: spnego[0x562a76941f20]: subreq: 0x562a7694aea0
[2020/05/04 21:56:24.653210,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:508(gensec_update_done)
  gensec_update_done: ntlmssp[0x562a76951620]: NT_STATUS_WRONG_PASSWORD tevent_req[0x562a769145d0/../../auth/ntlmssp/ntlmssp.c:181]: state[3] error[-7963671676338569110 (0x917B5ACDC000006A)]  state[struct gensec_ntlmssp_update_state (0x562a76914780)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:239]
[2020/05/04 21:56:24.653230,  3, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
  gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/05/04 21:56:24.653249,  5, pid=26454, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:508(gensec_update_done)
  gensec_update_done: spnego[0x562a76941f20]: NT_STATUS_WRONG_PASSWORD tevent_req[0x562a7694aea0/../../auth/gensec/spnego.c:1601]: state[3] error[-7963671676338569110 (0x917B5ACDC000006A)]  state[struct gensec_spnego_update_state (0x562a7694b050)] timer[(nil)] finish[../../auth/gensec/spnego.c:1993]
AHTOHuO75 ()
Ответ на: комментарий от AHTOHuO75

centos же.. там SELinux наверно включен и правила для самбы какие-то

ещё попробуй: был такой баг давнооо для win7, не помню уже деталей, типа gid пользователя должен совпадать с gid шары
и ещё что-то там про encrypt passwords = yes и obey pam restrictions = yes, глянь в мане кто за что отвечает.

bass ★★★★★ ()
Последнее исправление: bass (всего исправлений: 3)