Ubuntu

在 Win Server 2012 上未獲得 Ubuntu Samba 共享的憑據提示

  • October 29, 2015

我使用 system-config-samba 在 Ubuntu 中設置了一個具有讀/寫權限的共享。我將我的使用者配置為也是 smbuser。

在我所有的其他系統(2 Win10、1 Win8、1 Ubuntu)上,系統提示我輸入使用者名和密碼(因為我應該guest ok = no在 smb.conf 中輸入,並且只有一個有效使用者)。

問題是 Win Server 2012 沒有收到此提示,更糟糕的是,它可以以某種方式繞過身份驗證並讀取目標電腦上的所有共享。

起初我認為這可能是 Server 2012 中的使用者名與 Ubuntu 機器和 smbuser 相同的故障,但即使更改了 Win 伺服器使用者名,問題仍然存在。

無論我怎麼看,這似乎都是某種大規模的安全漏洞。我已經確認沒有儲存的憑據可能會被使用。

smb.conf 包括:

usershare allow guests = no
username map = /etc/samba/smbusers
security = user
encrypt passwords = yes
guest ok = no
guest account = nobody

[ShareName]
   path = /media/[user]/[ext4_drive]/[share folder]
   writeable = yes
   browseable = yes
   guest ok = no
   valid users = [user]

更新:

/var/log/samba/log:

[2015/10/29 14:49:30.544283,  2] ../source3/param/loadparm.c:3581(do_section)
 Processing section "[public]"
[2015/10/29 14:49:30.544373,  0] ../source3/param/loadparm.c:3188(lp_do_parameter)
 Global parameter usershare allow guests found in service section!
[2015/10/29 14:49:30.544402,  0] ../source3/param/loadparm.c:3188(lp_do_parameter)
 Global parameter username map found in service section!
[2015/10/29 14:49:30.544428,  0] ../source3/param/loadparm.c:3188(lp_do_parameter)
 Global parameter security found in service section!
[2015/10/29 14:49:30.544452,  0] ../source3/param/loadparm.c:3188(lp_do_parameter)
 Global parameter encrypt passwords found in service section!
[2015/10/29 14:49:30.544489,  0] ../source3/param/loadparm.c:2376(service_ok)
 WARNING: No path in service public - making it unavailable!
[2015/10/29 14:49:30.544513,  1] ../source3/param/loadparm.c:2383(service_ok)
 NOTE: Service public is flagged unavailable.
[2015/10/29 14:49:30.544537,  2] ../source3/param/loadparm.c:3581(do_section)
 Processing section "[printers]"
[2015/10/29 14:49:30.544577,  0] ../source3/param/loadparm.c:2363(service_ok)
 WARNING: [printers] service MUST be printable!
[2015/10/29 14:49:30.544603,  0] ../source3/param/loadparm.c:2376(service_ok)
 WARNING: No path in service printers - making it unavailable!
[2015/10/29 14:49:30.544626,  1] ../source3/param/loadparm.c:2383(service_ok)
 NOTE: Service printers is flagged unavailable.
[2015/10/29 14:49:30.544650,  2] ../source3/param/loadparm.c:3581(do_section)

 Processing section "[ShareName]"
[2015/10/29 14:49:30.544677,  0] ../source3/param/loadparm.c:3188(lp_do_parameter)
 Global parameter security found in service section!
[2015/10/29 14:49:30.544860,  2] ../source3/lib/interface.c:341(add_interface)
 added interface eth1 ip=[IP] bcast=[BCAST] netmask=[MASK]
[2015/10/29 14:51:50.380113,  2] ../source3/smbd/open.c:972(open_file)

 [USER] opened file test.txt read=No write=No (numopen=3)
[2015/10/29 14:51:50.381445,  2] ../source3/smbd/close.c:780(close_normal_file)
 [USER] closed file test.txt (numopen=2) NT_STATUS_OK
[2015/10/29 14:51:51.428034,  2] ../source3/smbd/open.c:972(open_file)
 [USER] opened file test.txt read=Yes write=No (numopen=2)
[2015/10/29 14:51:51.433698,  2] ../source3/smbd/open.c:972(open_file)
 [USER] opened file test - Copy.txt read=Yes write=Yes (numopen=3)
[2015/10/29 14:52:06.492354,  2] ../source3/smbd/close.c:780(close_normal_file)
 [USER] closed file test.txt (numopen=3) NT_STATUS_OK
[2015/10/29 14:52:06.492925,  2] ../source3/smbd/close.c:780(close_normal_file)
 [USER] closed file test - Copy.txt (numopen=2) NT_STATUS_OK

您必須找到 Windows 機器正在使用的憑據。您可以嘗試兩種不同(互補)的方法:

  1. 從 Win2012 機器創建一個文件,然後在 Linux 機器上,找到哪個使用者擁有新創建的文件
  2. 啟用 samba 日誌,在文件中添加log level = 2指令。/etc/samba/smb.conf那麼,看看下面/var/log/samba/

通過Win2012機器找到憑證使用者後應該很容易理解它發生了什麼。

問題的本質是使用者名和密碼在 Ubuntu 系統和 Windows Server 中都是相同的。

不確定這是方便還是安全漏洞。

引用自:https://serverfault.com/questions/732568

相關問答

Ubuntu

僅為經過身份驗證的客戶端啟用網關

  • March 1, 2016
檢視問答
Ubuntu

Ubuntu VPS 機器上的闖入嘗試

  • July 11, 2011
檢視問答
Ubuntu

刪除了 Ubuntu CLI 驅動器

  • April 14, 2022
檢視問答
Ubuntu

在生產環境中的 Ubuntu 伺服器上進行惡意軟體掃描的最佳實踐

  • April 5, 2022
檢視問答
Security

高級審核策略未在 2012 R2 上應用

  • March 2, 2022
檢視問答
Ubuntu

FIN-WAIT-1 是否意味著我被黑了?

  • February 17, 2022
檢視問答