為什麼我的 Mac 無法通過 SAMBA 文件共享伺服器的身份驗證?
我最近設置了一個 SAMBA 文件共享。經過一系列步驟後,我終於可以讓我的大部分電腦看到這台伺服器了。主要要求是:1)它必須有密碼保護,2)有多個使用者,3)每個使用者可以擁有一個文件,但所有使用者都可以寫入彼此的文件。
我的辦公室有 5 台 Mac、1 台 Linux 伺服器 (Ubuntu 13.04)、1 台 Windows 伺服器 (Windows 2008 R2) 和 3 台 Windows XP Pro 桌面。所有電腦都可以正常訪問共享,Mac 除外。
奇怪的是,ONE Mac 能夠查看共享和登錄。輸入使用者名和密碼後,所有其他 Mac 都無法登錄。
這是我的 smb.conf 文件的內容:
[global] workgroup = workgroup server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = yes obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes username map = /etc/samba/smbusers guest ok = no guest account = nobody comment = Home Directories browseable = no read only = no create mask = 0775 directory mask = 0775 [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes ; guest ok = no ; read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers [interactive] path = /home/shok07a/interactive writeable = yes browseable = yes comment = interactive create mask = 0777 directory mask = 2777 force directory mode = 2777 guest ok = no force group = sambashare
日誌:
啟動 log.nmbd:
[2013/08/26 08:51:27.730313, 0] nmbd/nmbd_nameregister.c:492(register_name) register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC [2013/08/26 08:51:27.730464, 0] nmbd/nmbd_nameregister.c:492(register_name) register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC [2013/08/26 08:51:27.730526, 0] nmbd/nmbd_nameregister.c:492(register_name) register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC [2013/08/26 08:53:02.002178, 0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) ***** Samba name server SHOK07A-INTERACTIVE-SERVER is now a local master browser for workgroup WORKGROUP on subnet 10.42.0.1 ***** [2013/08/26 16:45:47.916574, 0] libsmb/nmblib.c:856(send_udp) Packet send failed to 10.42.0.255(138) ERRNO=Invalid argument [2013/08/26 16:45:47.916689, 0] libsmb/nmblib.c:856(send_udp) Packet send failed to 10.42.0.255(138) ERRNO=Invalid argument [2013/08/26 16:58:56.608481, 0] nmbd/nmbd_incomingdgrams.c:311(process_local_master_announce) process_local_master_announce: Server SHOK09A-PC at IP 10.42.0.92 is announcing itself as a local master browser for workgroup WORKGROUP and we think we are master. Forcing election. [2013/08/26 16:58:56.608685, 0] nmbd/nmbd_become_lmb.c:150(unbecome_local_master_success) ***** Samba name server SHOK07A-INTERACTIVE-SERVER has stopped being a local master browser for workgroup WORKGROUP on subnet 192.168.1.35 ***** [2013/08/26 16:58:56.609163, 0] nmbd/nmbd_nameregister.c:492(register_name) register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC [2013/08/26 16:58:56.609241, 0] nmbd/nmbd_nameregister.c:492(register_name) register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC [2013/08/26 16:58:56.609334, 0] nmbd/nmbd_nameregister.c:492(register_name) register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC [2013/08/26 16:59:13.629340, 0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) ***** Samba name server SHOK07A-INTERACTIVE-SERVER is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.35 *****
結束日誌.nmbd
其他日誌均未顯示任何內容。他們是空的。我還是保存了它們,清除了日誌,並嘗試再次連接。我的日誌中再次沒有出現任何內容。
我從 Mac 上 ping 了這台機器,所有的 ping 都正常。系統提示我輸入使用者名和密碼。
所以看起來機器可以“看到”對方,但身份驗證失敗了。
編輯(更多日誌):
[2013/08/27 09:28:29.864230, 2] smbd/reply.c:553(reply_special) netbios connect: name1=192.168.1.35 0x20 name2=STATION-4 0x0 [2013/08/27 09:28:29.864427, 2] smbd/reply.c:573(reply_special) netbios connect: local=192.168.1.35 remote=station-4, name type = 0 [2013/08/27 09:34:29.843796, 2] smbd/reply.c:553(reply_special) netbios connect: name1=192.168.1.35 0x20 name2=STATION-4 0x0 [2013/08/27 09:34:29.844328, 2] smbd/reply.c:573(reply_special) netbios connect: local=192.168.1.35 remote=station-4, name type = 0 [2013/08/27 09:40:29.850174, 2] smbd/reply.c:553(reply_special) netbios connect: name1=192.168.1.35 0x20 name2=STATION-4 0x0 [2013/08/27 09:40:29.850389, 2] smbd/reply.c:573(reply_special) netbios connect: local=192.168.1.35 remote=station-4, name type = 0
Station 4 是無法連接的 Mac 之一。
開始 log.smbd
[2013/08/27 09:25:40, 0] smbd/server.c:1026(main) smbd version 3.6.9 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2013/08/27 09:25:40, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2013/08/27 09:25:40, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2013/08/27 09:25:40.140866, 2] param/loadparm.c:4985(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2013/08/27 09:25:40.141089, 2] param/loadparm.c:8327(do_section) Processing section "[printers]" [2013/08/27 09:25:40.141181, 2] param/loadparm.c:8327(do_section) Processing section "[print$]" [2013/08/27 09:25:40.141246, 2] param/loadparm.c:8327(do_section) Processing section "[interactive]" [2013/08/27 09:25:40.141494, 2] lib/interface.c:341(add_interface) added interface wlan0 ip=fe80::6a94:23ff:feb3:3a9b%wlan0 bcast=fe80::ffff:ffff:ffff:ffff%wlan0 netmask=ffff:ffff:ffff:ffff:: [2013/08/27 09:25:40.141605, 2] lib/interface.c:341(add_interface) added interface eth0 ip=fe80::7a45:c4ff:fe06:2876%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2013/08/27 09:25:40.141655, 2] lib/interface.c:341(add_interface) added interface wlan0 ip=192.168.1.35 bcast=192.168.1.255 netmask=255.255.255.0 [2013/08/27 09:25:40.141688, 2] lib/interface.c:341(add_interface) added interface eth0 ip=10.42.0.1 bcast=10.42.0.255 netmask=255.255.255.0 [2013/08/27 09:25:40.141783, 0] smbd/server.c:1082(main) standard input is not a socket, assuming -D option [2013/08/27 09:25:40.147336, 2] smbd/server.c:815(smbd_parent_loop) waiting for connections [2013/08/27 09:25:40.151155, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Officejet_7500_E910__4C53E0_ already exists [2013/08/27 09:25:40.151234, 2] smbd/server.c:301(remove_child_pid) Could not find child 25727 -- ignoring
結束日誌.smbd
編輯這是最相關的日誌:
2013/08/27 10:37:45.149211, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [shok10a] -> [shok10a] FAILED with error NT_STATUS_WRONG_PASSWORD
但是,密碼沒有錯。
似乎沒有人可以回答這個問題。經過一番徹底的閱讀,似乎這個問題很可能與 OS X 如何使用 SAMBA(LM、NTLM、NTLMV2)驗證密碼有關。
由於某些 Mac 能夠連接而其他 Mac 無法連接,我決定簡單地安裝 Netatalk 並為所有 Mac 使用 AFP 協議。
雖然這使得管理起來有點麻煩,因為我不得不擔心兩個文件共享系統的設置,但它似乎工作正常。理想情況下,簡單地使用 SAMBA 會更好,但我閱讀的所有消息來源都說,我需要在 Mac 機器上執行特定腳本以允許它們以純文字形式傳遞密碼(預設情況下,禁用)。
所以你有它:如果你有這個問題,請查找有關設置 Netatalk 的教程。無論如何,它可能會比 Mac 端的 SAMBA 快一點。
更新:這是雪豹的問題。較新版本的 OS X(Mavericks 等)原生使用 SAMBA,因為 Apple 不再積極開發 AFP。在將我所有的機器升級到 Mavericks 後,我能夠擺脫 AFP,現在所有機器都使用 SMB。