Server-Message-Block
Samba 對使用者進行身份驗證,但不回复
有時 samba 4.1.11 會停止為客戶端提供服務。每天,我都必須重新啟動 smbd 才能解決此問題。Windows 客戶端說,共享設備無法訪問或身份驗證失敗。
當他們嘗試連接時,會生成以下日誌:
[2014/09/17 09:37:19.739314, 2] ../source3/auth/auth.c:278(auth_check_ntlm_password) check_ntlm_password: authentication for user [user] -> [user] -> [DOMAIN\user] succeeded [2014/09/17 09:58:41.021885, 1] ../source3/param/loadparm.c:3178(lp_do_parameter) WARNING: The "idmap uid" option is deprecated [2014/09/17 09:58:41.022305, 1] ../source3/param/loadparm.c:3178(lp_do_parameter) WARNING: The "idmap gid" option is deprecated [2014/09/17 09:58:41.022621, 2] ../source3/param/loadparm.c:3581(do_section) Processing section "[home]" [2014/09/17 09:58:41.028757, 2] ../source3/auth/auth.c:278(auth_check_ntlm_password) check_ntlm_password: authentication for user [user] -> [user] -> [DOMAIN\user] succeeded
如果服務正常執行,AFAIK 應該遵循以下幾行:
[2014/09/17 09:54:43.760688, 2] ../source3/smbd/reply.c:592(reply_special) netbios connect: name1=SMB 0x20 name2=WORKSPACE 0x0 [2014/09/17 09:54:43.761081, 2] ../source3/smbd/reply.c:633(reply_special) netbios connect: local=smb remote=WORKSPACE, name type = 0
設置如下(通過 testparm):
[global] dos charset = CP850 unix charset = UTF-8 workgroup = DOMAIN realm = DOMAIN.ORG netbios name = SAMBA netbios aliases = netbios scope = server string = SAMBA interfaces = bind interfaces only = No server role = auto security = ADS auth methods = encrypt passwords = Yes client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /private/smbpasswd private dir = /private passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No client use spnego principal = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/%m max log size = 500 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445, 139 large readwrite = Yes server max protocol = SMB3 server min protocol = LANMAN1 client max protocol = NT1 client min protocol = CORE unicode = Yes min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No log writeable files on exit = No defer sharing violations = Yes nt pipe support = Yes nt status support = Yes max mux = 50 max xmit = 16644 name resolve order = lmhosts, wins, host, bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = required server signing = required client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = cldap port = 0 dgram port = 0 nbt port = 0 krb5 port = 0 kpasswd port = 0 web port = 0 rpc big endian = No deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes use ntdb = No hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 ctdb locktime warn threshold = 0 smb2 max read = 1048576 smb2 max write = 1048576 smb2 max trans = 1048576 smb2 max credits = 8192 load printers = No printcap cache time = 0 printcap name = /dev/null cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = username map script = username map cache time = 0 logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No init logon delayed hosts = init logon delay = 100 os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = No wins hook = lock spin time = 200 oplock break wait time = 0 ldap admin dn = ldap delete dn = No ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap passwd sync = no ldap replication sleep = 1000 ldap suffix = ldap ssl = start tls ldap ssl ads = No ldap deref = auto ldap follow referral = Auto ldap timeout = 15 ldap connection timeout = 2 ldap page size = 1024 ldap user suffix = ldap debug level = 0 ldap debug threshold = 10 eventlog list = add share command = change share command = delete share command = preload = lock directory = /var/lock state directory = /var/locks cache directory = /var/cache pid directory = /var/run ntp signd socket directory = utmp directory = wtmp directory = utmp = No default service = message command = get quota command = set quota command = remote announce = remote browse sync = nbt client socket address = 0.0.0.0 nmbd bind explicit broadcast = Yes homedir map = auto.home afs username map = afs token lifetime = 604800 log nt token command = NIS homedir = No registry shares = No usershare allow guests = No usershare max shares = 0 usershare owner only = Yes usershare path = /var/locks/usershares usershare prefix allow list = usershare prefix deny list = usershare template share = async smb echo handler = No panic action = perfcount module = host msdfs = Yes passdb expand explicit = No idmap backend = tdb idmap cache time = 604800 idmap negative cache time = 120 idmap uid = idmap gid = template homedir = /home/%D/%U template shell = /sbin/nologin winbind separator = \ winbind cache time = 300 winbind reconnect delay = 30 winbind max clients = 200 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind trusted domains only = No winbind nested groups = Yes winbind expand groups = 1 winbind nss info = template winbind refresh tickets = No winbind offline logon = No winbind normalize names = No winbind rpc only = No create krb5 conf = Yes ncalrpc dir = /var/run/ncalrpc winbind max domain connections = 1 winbindd socket directory = winbindd privileged socket directory = winbind sealed pipes = No allow dns updates = disabled dns forwarder = dns update command = nsupdate command = rndc command = multicast dns register = Yes samba kcc command = server services = dcerpc endpoint servers = spn update command = share backend = tls enabled = No tls keyfile = tls certfile = tls cafile = tls crlfile = tls dh params file = idmap config * : range = 600-20000 idmap config * : backend = tdb comment = path = username = invalid users = valid users = admin users = read list = write list = force user = force group = read only = Yes acl check permissions = Yes acl group control = No acl map full control = Yes acl allow execute always = No create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 force unknown acl user = No inherit permissions = No inherit acls = No inherit owner = No guest only = No administrative share = No guest ok = No only user = No hosts allow = hosts deny = allocation roundup size = 1048576 aio read size = 0 aio write size = 0 aio write behind = ea support = No nt acl support = Yes profile acls = No map acl inherit = No afs share = No smb encrypt = default durable handles = Yes block size = 1024 change notify = Yes directory name cache size = 100 kernel change notify = Yes max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No use sendfile = No write cache size = 0 max reported print jobs = 0 max print jobs = 1000 printable = No print notify backchannel = Yes print ok = No printing = cups cups options = print command = lpq command = %p lprm command = lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = Yes force printername = No printjob username = %U default case = lower case sensitive = Auto preserve case = Yes short preserve case = Yes mangling char = ~ hide dot files = Yes hide special files = No hide unreadable = No hide unwriteable files = No delete veto files = No veto files = hide files = veto oplock files = map archive = Yes map hidden = No map system = No map readonly = yes mangled names = Yes store dos attributes = No dmapi support = No browseable = Yes access based share enum = No blocking locks = Yes csc policy = manual fake oplocks = No kernel oplocks = No kernel share modes = Yes locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = Auto dfree cache time = 0 dfree command = copy = preexec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS wide links = No follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = Yes dos filetime resolution = No fake directory create times = No vfs objects = msdfs root = No msdfs proxy = ntvfs handler = [home] comment = Home Directories path = /home read only = No
任何幫助表示讚賞
事實證明,預設鎖定目錄 (/var/lock) - 在編譯時由 ‘–PREFIX="" ’ 引起 - 被 samba 鎖定機制填滿。這是一個 5MB 的 tmpfs,通常的鎖大小是 3MB 或更多。
我建議將預設目錄更改為未使用的路徑。例如:
lock directory = /var/samba