Permissions

如何啟用 SAMBA 加密並且不需要使用者認證

  • October 4, 2017

我在 ubuntu 上託管了一個執行良好的 SAMBA(版本 4.3.11)共享。

SAMBA 共享對任何使用者開放(本地 Intranet)

一旦我添加了加密設置,流量就會被加密,但它突然開始提示輸入憑據

[global]
server signing = mandatory
smb encrypt = mandatory
client signing = mandatory
...

以下是範例共享設置:

[Share1]
path = /mnt1/Share1
guest ok = Yes
browseable = no
writable = yes
force user = ShareUser
force group = ShareGroup
create mask = 0770
directory mask = 0770
hosts allow = ...list of IPs for white-listing....
hosts deny = 0.0.0.0/0
delete readonly = yes

這是全域設置:

[global]
server signing = mandatory
smb encrypt = mandatory
client signing = mandatory
oplocks = yes
level2 oplocks = no

# New Windows switches
dos filemode = yes
dos filetime resolution = yes
dos filetimes = yes
map acl inherit = yes
inherit acls = yes
inherit owner = yes
inherit permissions = yes
store dos attributes = yes

follow symlinks=yes
wide links = yes
unix extensions = no

strict locking = no
aio read size = 16384
aio write size = 16384

log file = /var/log/samba/samba.log
log level = 2

guest account = nobody
map to guest = Bad User

case sensitive = yes

我想要一個具有加密但不需要身份驗證的共享

任何幫助表示讚賞。

有線加密需要唯一的密鑰來加密數據包並在另一端使用相同的唯一密鑰進行解密。簽名和加密密鑰對於使用者來說是唯一的,並且在使用者對每個連接進行身份驗證時生成。

也想出了更多的細節。

開啟加密和開啟訪客(無身份驗證)是不可能的。

證明(來自 SAMBA 來源):

if (guest && x->global->encryption_required) {
       DEBUG(1,("reject guest session as encryption is required\n"));
       return NT_STATUS_ACCESS_DENIED;
   }

if (guest_session && encryption_required) {
       DEBUG(1,("reject guest as encryption is required for service %s\n",
            service));
       return NT_STATUS_ACCESS_DENIED;
   }

引用自:https://serverfault.com/questions/874423