web-dev-qa-db-ja.com

エラーメッセージCIFS VFS:プロトコルの再検証-セキュリティ設定の不一致

サーバー:Debian 8、クライアント:一部のWindowsおよび一部のXubuntu 16.04

1つのXubuntuクライアントを4.13.0-26に更新したため、samba共有をマウントできません。

[20390.135208] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[20390.161744] CIFS VFS: protocol revalidation - security settings mismatch
[20390.162553] CIFS VFS: session ffffa06a57c23a00 has no tcon available for a dfs referral request
[20390.163395] CIFS VFS: cifs_mount failed w/return code = -5

それはsmb-Protokollに関係していることを理解していますが、

testparm -v | grep protocol

私のサーバーではそれは言います:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[firmendaten]"
Processing section "[downloads]"

Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

    server max protocol = SMB3
    server min protocol = LANMAN1
    client max protocol = default
    client min protocol = CORE
    client ipc max protocol = default
    client ipc min protocol = default

ここに私のsmb.confがあります:

[global]
    workgroup = MYGROUP
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = Yes
        os level = 20
        netbios name = SERVER
    server string = Linux Server 2013
    domain master = yes
        load printers = yes
        allow insecure wide links = yes
        follow symlinks = yes
        wide links = yes
    unix extensions = no


[homes]
    recycle:touch = Yes
    browseable = No
    writeable = yes
    invalid users = daten
    vfs object = recycle 
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    recycle:keeptree = Yes
    comment = Home Directories
    valid users = %S,%D%w%S
    recycle:repository = .Papierkorb
    recycle:versions = Yes
    recycle:directory_mode = 0700
    inherit acls = Yes


[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700


[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon


[printers]
    browseable = no
    writeable = yes
    printable = yes
    path = /var/tmp
    create mask = 0700
    comment = Alle Drucker
    public = yes

[print$]
    path = /var/lib/samba/drivers
    write list = root,@ntadmin
    force group = ntadmin
    create mask = 0664
    comment = Printer Drivers
    directory mask = 0775
    valid users = @firma,@privat

[firmendaten]
    write list = @users
    recycle:excludedir = /tmp,/temp,/cache,.Papierkorb
    force directory mode = 0770
    force group = firma
    recycle:keeptree = Yes
    inherit acls = Yes
    recycle:touch = Yes
    vfs objects = recycle
    writeable = yes
    path = /home/files/firma
    preexec = mkdir -p .Papierkorb
    force create mode = 0770
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    comment = Firmendaten
    valid users = @firma
    create mode = 0770
    recycle:repository = .Papierkorb
    recycle:versions = Yes
    recycle:directory_mode = 0770
    directory mode = 0770

[downloads]
    recycle:excludedir = /tmp,/temp,/cache,.Papierkorb
    write list = @users
    force group = firma
    recycle:keeptree = Yes
    create mask = 0770
    inherit acls = Yes
    recycle:touch = Yes
    vfs objects = recycle
    writable = yes
    path = /home/files/downloads
    preexec = mkdir -p .Papierkorb
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    directory mask = 0770
    comment = Firmendaten
    recycle:versions = Yes
    recycle:directory_mode = 0770
    recycle:repository = .Papierkorb

私が理解している限り、サーバーはSMB2とSMB3をサポートしています。私はこの追加を試しました

[home]
min protocol = SMB2

それぞれ

[home]
min protocol = SMB3

サーバーで見ることができるより:

server max protocol = SMB3
server min protocol = SMB3

それぞれ

server max protocol = SMB3
server min protocol = SMB2

しかし、クライアントはまだマウントできません。

これはクライアントのfstabの一部です:

//192.168.0.251/firmendaten /home/username/server/firmendaten cifs gid=1000,uid=1000,file_mode=0660,dir_mode=0770,user,noauto,credentials=/home/username/.smbcredentials

セキュアプロトコルSMB2/SMB3を使用してどのようにマウントできますか?

前もって感謝します!

debiansambaxubuntu
4
sneaky

解決策を見つけました。クライアントマウントでバージョンを追加すると機能します

//192.168.0.251/firmendaten /home/username/server/firmendaten cifs gid=1000,uid=1000,file_mode=0660,dir_mode=0770,user,noauto,vers=2.1,credentials=/home/username/.smbcredentials

サーバーのsmb.confで何かを実行できると思っていましたが、これも機能します。

3
sneaky