samba4.6安装配置(centos7)

96
strongz
2018.03.22 18:08 字数 369

环境说明

  • samba4.6 (centos7)
  • win7
  • winxp

安装配置samba4.6

  • 安装samba4.6

      yum install samba
    
  • 配置samba

    修改/etc/samba/smb.conf文件如下文(共享用户home目录):

      [global]
          workgroup = SAMBA
          security = user
    
          passdb backend = smbpasswd 
          encrypt passwords = yes
          smb passwd file = /etc/samba/smbpasswd
          log file = /var/log/samba/log.%m
          ntlm auth = yes
    
          printing = cups
          printcap name = cups
          load printers = yes
          ups options = raw
    
      [homes]
          comment = Home Directories
          valid users = %S
          browseable = No
          writable = yes
          available = yes
          create mode = 0644
          directory mode = 0755
    

    添加samba账户并按提示输入密码:

      smbpasswd -a user
    

    重启samba服务

      systemctl restart smb
    
  • 问题

    • 描述

      如果未在smb.conf中配置ntlm auth = yes,会导致winXP无法正常访问samba服务,win7访问正常。

    • 原因

      samba4.5以后的版本不支持NTLMv1,而winXP默认用的就是NTLMv1

        NTLMv1 authentication disabled by default
        -----------------------------------------
        
        In order to improve security we have changed
        the default value for the "ntlm auth" option from
        "yes" to "no". This may have impact on very old
        clients which doesn't support NTLMv2 yet.
        
        The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.
        
        By default, Samba will only allow NTLMv2 via NTLMSSP now,
        as we have the following default "lanman auth = no",
        "ntlm auth = no" and "raw NTLMv2 auth = no".
      
    • 解决方法

      1. Samba服务器端smb.conf配置文件中添加“ntlm auth = yes”,并重启smb服务。

        或者

      2. Windows XP客户端修改组策略(gpedit.msc)本地安全设置、安全选项、“网络安全:LAN Manager身份验证级别”的值为“仅发送 NTLMv2响应”。

日记本