Permissions
如何啟用 SAMBA 加密並且不需要使用者認證
我在 ubuntu 上託管了一個執行良好的 SAMBA(版本 4.3.11)共享。
SAMBA 共享對任何使用者開放(本地 Intranet)
一旦我添加了加密設置,流量就會被加密,但它突然開始提示輸入憑據。
[global] server signing = mandatory smb encrypt = mandatory client signing = mandatory ...
以下是範例共享設置:
[Share1] path = /mnt1/Share1 guest ok = Yes browseable = no writable = yes force user = ShareUser force group = ShareGroup create mask = 0770 directory mask = 0770 hosts allow = ...list of IPs for white-listing.... hosts deny = 0.0.0.0/0 delete readonly = yes
這是全域設置:
[global] server signing = mandatory smb encrypt = mandatory client signing = mandatory oplocks = yes level2 oplocks = no # New Windows switches dos filemode = yes dos filetime resolution = yes dos filetimes = yes map acl inherit = yes inherit acls = yes inherit owner = yes inherit permissions = yes store dos attributes = yes follow symlinks=yes wide links = yes unix extensions = no strict locking = no aio read size = 16384 aio write size = 16384 log file = /var/log/samba/samba.log log level = 2 guest account = nobody map to guest = Bad User case sensitive = yes
我想要一個具有加密但不需要身份驗證的共享
任何幫助表示讚賞。
有線加密需要唯一的密鑰來加密數據包並在另一端使用相同的唯一密鑰進行解密。簽名和加密密鑰對於使用者來說是唯一的,並且在使用者對每個連接進行身份驗證時生成。
也想出了更多的細節。
開啟加密和開啟訪客(無身份驗證)是不可能的。
證明(來自 SAMBA 來源):
if (guest && x->global->encryption_required) { DEBUG(1,("reject guest session as encryption is required\n")); return NT_STATUS_ACCESS_DENIED; }
和
if (guest_session && encryption_required) { DEBUG(1,("reject guest as encryption is required for service %s\n", service)); return NT_STATUS_ACCESS_DENIED; }