「Samba」- 常见问题处理

  CREATED BY JENKINSBOT

Authentication for user [Jerry] -> [Jerry] FAILED with error NT_STATUS_NO_SUCH_USER

[2017/08/14 13:28:00.542220,  3] ../source3/param/loadparm.c:1586(lp_add_ipc)
  adding IPC service
[2017/08/14 13:28:00.542244,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [DFWSGROUP]\[wangpengfei]@[JSZX-31] with the new password interface
[2017/08/14 13:28:00.542252,  3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [WPFTP]\[wangpengfei]@[JSZX-31]
[2017/08/14 13:28:00.542285,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'wangpengfei' in passdb.
[2017/08/14 13:28:00.542296,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [wangpengfei] -> [wangpengfei] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/08/14 13:28:00.542314,  2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2017/08/14 13:28:00.542334,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/08/14 13:28:00.543477,  3] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)

protocol negotiation failed: NT_STATUS_IO_TIMEOUT

整个问题的成因有很多,可以查看/var/log/samba/log.%m,下面是部分日志:

  interpret_string_addr_internal: getaddrinfo failed for name Tom (flags 34) [Temporary failure in name resolution]
[2017/08/14 12:46:55.520355,  3, pid=5119, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:1187(get_mydnsfullname)
  get_mydnsfullname: getaddrinfo failed for name Tom [Unknown error]
[2017/08/14 12:47:05.531814,  3, pid=5119, effective(0, 0), real(0, 0)] ../lib/util/util_net.c:256(interpret_string_addr_internal)
  interpret_string_addr_internal: getaddrinfo failed for name Tom (flags 34) [Temporary failure in name resolution]
[2017/08/14 12:47:05.531870,  3, pid=5119, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:1187(get_mydnsfullname)
  get_mydnsfullname: getaddrinfo failed for name Tom [Unknown error]
[2017/08/14 12:47:05.533717,  3, pid=5119, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:918(gensec_register)

我完全不知道Samba为什么要求/etc/hosts里的localhost要正确配置。

解决:确保/etc/hosts文件中IP地址和主机名的映射是正确的,比如我的主机名是 Tom:

127.0.1.1 Tom

认证问题

[2017/08/13 09:59:37.898484,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [workgroup]\[Tom]@[TOM-PC] with the new password interface
[2017/08/13 09:59:37.898491,  3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [Tom]\[Tom]@[TOM-PC]
[2017/08/13 09:59:37.898592,  3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for Tom
[2017/08/13 09:59:37.898626,  2] ../libcli/auth/ntlm_check.c:423(ntlm_password_check)
  ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Tom
[2017/08/13 09:59:37.898634,  3] ../libcli/auth/ntlm_check.c:430(ntlm_password_check)
  ntlm_password_check: NEITHER LanMan nor NT password supplied for user Tom
[2017/08/13 09:59:37.898697,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [Tom] -> [Tom] FAILED with error NT_STATUS_WRONG_PASSWORD
[2017/08/13 09:59:37.898714,  2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
[2017/08/13 09:59:37.898733,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/08/13 09:59:37.900390,  3] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)

解决:在smb.conf文件中加入以下内容

lanman auth = yes
ntlm auth = yes

重启 samba 服务。

TODO 完善SAMBA的问题诊断部分