Ubuntu

為什麼我的 Mac 無法通過 SAMBA 文件共享伺服器的身份驗證?

  • December 15, 2013

我最近設置了一個 SAMBA 文件共享。經過一系列步驟後,我終於可以讓我的大部分電腦看到這台伺服器了。主要要求是:1)它必須有密碼保護,2)有多個使用者,3)每個使用者可以擁有一個文件,但所有使用者都可以寫入彼此的文件。

我的辦公室有 5 台 Mac、1 台 Linux 伺服器 (Ubuntu 13.04)、1 台 Windows 伺服器 (Windows 2008 R2) 和 3 台 Windows XP Pro 桌面。所有電腦都可以正常訪問共享,Mac 除外。

奇怪的是,ONE Mac 能夠查看共享和登錄。輸入使用者名和密碼後,所有其他 Mac 都無法登錄。

這是我的 smb.conf 文件的內容:

[global]

   workgroup = workgroup
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = yes
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   username map = /etc/samba/smbusers
   guest ok = no
   guest account = nobody
  comment = Home Directories
  browseable = no
  read only = no
  create mask = 0775
  directory mask = 0775



[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
;   guest ok = no
;   read only = yes
   create mask = 0700


[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers



[interactive]
   path = /home/shok07a/interactive
   writeable = yes
   browseable = yes
   comment = interactive
   create mask = 0777
   directory mask = 2777
   force directory mode = 2777
   guest ok = no
   force group = sambashare

日誌:

啟動 log.nmbd:

[2013/08/26 08:51:27.730313,  0] nmbd/nmbd_nameregister.c:492(register_name)
 register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC
[2013/08/26 08:51:27.730464,  0] nmbd/nmbd_nameregister.c:492(register_name)
 register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC
[2013/08/26 08:51:27.730526,  0] nmbd/nmbd_nameregister.c:492(register_name)
 register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC
[2013/08/26 08:53:02.002178,  0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
 *****

 Samba name server SHOK07A-INTERACTIVE-SERVER is now a local master browser for workgroup WORKGROUP on subnet 10.42.0.1

 *****
[2013/08/26 16:45:47.916574,  0] libsmb/nmblib.c:856(send_udp)
 Packet send failed to 10.42.0.255(138) ERRNO=Invalid argument
[2013/08/26 16:45:47.916689,  0] libsmb/nmblib.c:856(send_udp)
 Packet send failed to 10.42.0.255(138) ERRNO=Invalid argument
[2013/08/26 16:58:56.608481,  0] nmbd/nmbd_incomingdgrams.c:311(process_local_master_announce)
 process_local_master_announce: Server SHOK09A-PC at IP 10.42.0.92 is announcing itself as a local master browser for workgroup WORKGROUP and we think we are master. Forcing election.
[2013/08/26 16:58:56.608685,  0] nmbd/nmbd_become_lmb.c:150(unbecome_local_master_success)
 *****

 Samba name server SHOK07A-INTERACTIVE-SERVER has stopped being a local master browser for workgroup WORKGROUP on subnet 192.168.1.35

 *****
[2013/08/26 16:58:56.609163,  0] nmbd/nmbd_nameregister.c:492(register_name)
 register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC
[2013/08/26 16:58:56.609241,  0] nmbd/nmbd_nameregister.c:492(register_name)
 register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC
[2013/08/26 16:58:56.609334,  0] nmbd/nmbd_nameregister.c:492(register_name)
 register_name: NetBIOS name SHOK07A-INTERACTIVE-SERVER is too long. Truncating to SHOK07A-INTERAC
[2013/08/26 16:59:13.629340,  0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
 *****

 Samba name server SHOK07A-INTERACTIVE-SERVER is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.35

 *****

結束日誌.nmbd

其他日誌均未顯示任何內容。他們是空的。我還是保存了它們,清除了日誌,並嘗試再次連接。我的日誌中再次沒有出現任何內容。

我從 Mac 上 ping 了這台機器,所有的 ping 都正常。系統提示我輸入使用者名和密碼。

所以看起來機器可以“看到”對方,但身份驗證失敗了。

編輯(更多日誌):

[2013/08/27 09:28:29.864230,  2] smbd/reply.c:553(reply_special)
 netbios connect: name1=192.168.1.35   0x20 name2=STATION-4      0x0
[2013/08/27 09:28:29.864427,  2] smbd/reply.c:573(reply_special)
 netbios connect: local=192.168.1.35 remote=station-4, name type = 0
[2013/08/27 09:34:29.843796,  2] smbd/reply.c:553(reply_special)
 netbios connect: name1=192.168.1.35   0x20 name2=STATION-4      0x0
[2013/08/27 09:34:29.844328,  2] smbd/reply.c:573(reply_special)
 netbios connect: local=192.168.1.35 remote=station-4, name type = 0
[2013/08/27 09:40:29.850174,  2] smbd/reply.c:553(reply_special)
 netbios connect: name1=192.168.1.35   0x20 name2=STATION-4      0x0
[2013/08/27 09:40:29.850389,  2] smbd/reply.c:573(reply_special)
 netbios connect: local=192.168.1.35 remote=station-4, name type = 0

Station 4 是無法連接的 Mac 之一。

開始 log.smbd

[2013/08/27 09:25:40,  0] smbd/server.c:1026(main)
 smbd version 3.6.9 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2011
[2013/08/27 09:25:40,  2] lib/tallocmsg.c:124(register_msg_pool_usage)
 Registered MSG_REQ_POOL_USAGE
[2013/08/27 09:25:40,  2] lib/dmallocmsg.c:78(register_dmalloc_msgs)
 Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2013/08/27 09:25:40.140866,  2] param/loadparm.c:4985(max_open_files)
 rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2013/08/27 09:25:40.141089,  2] param/loadparm.c:8327(do_section)
 Processing section "[printers]"
[2013/08/27 09:25:40.141181,  2] param/loadparm.c:8327(do_section)
 Processing section "[print$]"
[2013/08/27 09:25:40.141246,  2] param/loadparm.c:8327(do_section)
 Processing section "[interactive]"
[2013/08/27 09:25:40.141494,  2] lib/interface.c:341(add_interface)
 added interface wlan0 ip=fe80::6a94:23ff:feb3:3a9b%wlan0 bcast=fe80::ffff:ffff:ffff:ffff%wlan0 netmask=ffff:ffff:ffff:ffff::
[2013/08/27 09:25:40.141605,  2] lib/interface.c:341(add_interface)
 added interface eth0 ip=fe80::7a45:c4ff:fe06:2876%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2013/08/27 09:25:40.141655,  2] lib/interface.c:341(add_interface)
 added interface wlan0 ip=192.168.1.35 bcast=192.168.1.255 netmask=255.255.255.0
[2013/08/27 09:25:40.141688,  2] lib/interface.c:341(add_interface)
 added interface eth0 ip=10.42.0.1 bcast=10.42.0.255 netmask=255.255.255.0
[2013/08/27 09:25:40.141783,  0] smbd/server.c:1082(main)
 standard input is not a socket, assuming -D option
[2013/08/27 09:25:40.147336,  2] smbd/server.c:815(smbd_parent_loop)
 waiting for connections
[2013/08/27 09:25:40.151155,  2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer)
 winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Officejet_7500_E910__4C53E0_ already exists
[2013/08/27 09:25:40.151234,  2] smbd/server.c:301(remove_child_pid)
 Could not find child 25727 -- ignoring

結束日誌.smbd

編輯這是最相關的日誌:

2013/08/27 10:37:45.149211,  2] auth/auth.c:319(check_ntlm_password)
 check_ntlm_password:  Authentication for user [shok10a] -> [shok10a] FAILED with error NT_STATUS_WRONG_PASSWORD

但是,密碼沒有錯。

似乎沒有人可以回答這個問題。經過一番徹底的閱讀,似乎這個問題很可能與 OS X 如何使用 SAMBA(LM、NTLM、NTLMV2)驗證密碼有關。

由於某些 Mac 能夠連接而其他 Mac 無法連接,我決定簡單地安裝 Netatalk 並為所有 Mac 使用 AFP 協議。

雖然這使得管理起來有點麻煩,因為我不得不擔心兩個文件共享系統的設置,但它似乎工作正常。理想情況下,簡單地使用 SAMBA 會更好,但我閱讀的所有消息來源都說,我需要在 Mac 機器上執行特定腳本以允許它們以純文字形式傳遞密碼(預設情況下,禁用)。

所以你有它:如果你有這個問題,請查找有關設置 Netatalk 的教程。無論如何,它可能會比 Mac 端的 SAMBA 快一點。

更新:這是雪豹的問題。較新版本的 OS X(Mavericks 等)原生使用 SAMBA,因為 Apple 不再積極開發 AFP。在將我所有的機器升級到 Mavericks 後,我能夠擺脫 AFP,現在所有機器都使用 SMB。

引用自:https://serverfault.com/questions/533950