在Ubuntu 20.04配置Samba 4.11服务酷开系统
August 15th, 2020 Posted in Linux | No Comments »最近赋闲在家折腾电视,在配置家庭共享时发现酷开系统无论如何都连不上CIFS。
额外的发现,酷开的服务真心是不错的,这里特别表扬一下。
我的共享环境是:
Ubuntu 20.04 + Samba 4.11.6
里面没什么特别配置, 在共享部分加上guest ok和read only
path = /path/to/share/folder
browseable = yes
public = yes
guest ok = yes
read only = yes
available = yes
无论如何,在酷开系统里面访问就是提示需要密码,但无论输入什么密码都是不对的。
在联系酷开技术支持后,得知他们测试的环境都是Ubuntu 14.04或者Ubuntu 16.04。
我同样的配置,在Ubuntu 16.04和Ubuntu 18.04中测试都可以正常通过。
然后查询官方文档Samba 4.11 Features added/changed发现原来是SMB V1(NT1)被弃用了,而酷开系统估计目前只支持SMB v1(NT1)。
The defaults of ‘client min protocol’ and ‘server min protocol’ have been changed to SMB2_02.
This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default).
It also means client tools like smbclient and other, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default).
It’s still possible to allow SMB1 dialects, e.g. NT1, LANMAN2 and LANMAN1 for client and server, as well as CORE and COREPLUS on the client.
Note: that most commandline tools e.g. smbclient, smbcacls and others also support the ‘–option’ argument to overwrite smb.conf options, e.g. –option=’client min protocol=NT1′ might be useful.
As Microsoft no longer installs SMB1 support in recent releases or uninstalls it after 30 days without usage, the Samba Team tries to get remove the SMB1 usage as much as possible.
SMB1 is officially deprecated and might be removed step by step in the following years. If you have a strong requirement for SMB1 (except for supporting old Linux Kernels), please file a bug at https://bugzilla.samba.org and let us know about the details.
LanMan and plaintext authentication deprecated
The “lanman auth” and “encrypt passwords” parameters are deprecated with this release as both are only applicable to SMB1 and are quite insecure. NTLM, NTLMv2 and Kerberos authentication are unaffected, as “encrypt passwords = yes” has been the default since Samba 3.0.0.
If you have a strong requirement for these authentication protocols, please file a bug at https://bugzilla.samba.org and let us know about the details.
最后,我只需要在smb.conf里面添加一行就搞定:
server min protocol = NT1
这里面要注意的是,最低都只能配NT1了,因为LANMAN1和LANMAN2都已经被弃用了。
这里也建议酷开在新的版本中应该要开始支持SMB v2甚至SMB v3,不然等用户系统升级到Windows 10 Version 2004之后,就真没办法使用这个功能了。