Ubuntu下安装Samba后,允许匿名用户登录时没有问题,设置“不允许匿名用户登录”后,使用系统用户名和密码登录提示“拒绝访问”,原来是因为默认情况下系统用户是不能直接作为samba共享用户登录的,需要使用smbpasswd命令增加系统用户到samba用户组。具体操作如下
一、创建系统用户
1、创建用户组smb
因samba用户与系统用户是通用的,因此必须先创建系统用户。创建时可以根据情况创建系统用户组。
jgss@jgss-Lenovo-XiaoXin-I2000:/etc/samba$ sudo groupadd smb
2、创建虚拟用户robin,并设定不能用来登录系统
jgss@jgss-Lenovo-XiaoXin-I2000:/etc/samba$ sudo useradd -M -s /sbin/nologin -g smb robin
二、使用smbpasswd创建samba登录用户
1、创建登录用户robin,根据提示输入密码
jgss@jgss-Lenovo-XiaoXin-I2000:/etc/samba$ sudo smbpasswd -a robin
New SMB password:
Retype new SMB password:
Added user robin.
三、参考文档及常见错误
1、smbpasswd参数
When run by root:
smbpasswd [options] [username]
otherwise:
smbpasswd [options]
options:
-L local mode (must be first option)
-h print this usage message
-s use stdin for password prompt
-c smb.conf file Use the given path to the smb.conf file
-D LEVEL debug level
-r MACHINE remote machine
-U USER remote username (e.g. SAM/user)
extra options when run by root or in local mode:
-a add user
-d disable user
-e enable user
-i interdomain trust account
-m machine trust account
-n set no password
-W use stdin ldap admin password
-w PASSWORD ldap admin password
-x delete user
-R ORDER name resolve order
2、samba安装
robin@robin-Lenovo-XiaoXin-I2000:~$ apt install samba
robin@robin-Lenovo-XiaoXin-I2000:~$ apt install smbclient
3、查看某台电脑上都有哪些共享文件
robin@robin-Lenovo-XiaoXin-I2000:~$ smbclient -L //192.168.3.168 -U administrator
4、查看哪些用户可以登录samba,pdbedit -L
jgss@jgss-Lenovo-XiaoXin-I2000:/etc$ sudo pdbedit -L
robin:1001:
5、samba用户管理命令pdbedit参数
用法:pdbedit [选项…]
-L, –list list all users
-v, –verbose be verbose
-w, –smbpasswd-style give output in smbpasswd style
-u, –user=USER use username
-N, –account-desc=STRING set account description
-f, –fullname=STRING set full name
-h, –homedir=STRING set home directory
-D, –drive=STRING set home drive
-S, –script=STRING set logon script
-p, –profile=STRING set profile path
-I, –domain=STRING set a users’ domain
-U, –user SID=STRING set user SID or RID
-M, –machine SID=STRING set machine SID or RID
-a, –create create user
-r, –modify modify user
-m, –machine account is a machine account
-x, –delete delete user
-b, –backend=STRING use different passdb backend as default backend
-i, –import=STRING import user accounts from this backend
-e, –export=STRING export user accounts to this backend
-g, –group use -i and -e for groups
-y, –policies use -i and -e to move account policies between backends
–policies-reset restore default policies
-P, –account-policy=STRING value of an account policy (like maximum password age)
-C, –value=LONG set the account policy to this value
-c, –account-control=STRING Values of account control
–force-initialized-passwords Force initialization of corrupt password strings in a passdb backend
-z, –bad-password-count-reset reset bad password count
-Z, –logon-hours-reset reset logon hours
–time-format=STRING The time format for time parameters
-t, –password-from-stdin get password from standard in
-K, –kickoff-time=STRING set the kickoff time
–set-nt-hash=STRING set password from nt-hash
Common samba options:
-d, –debuglevel=DEBUGLEVEL Set debug level
-s, –configfile=CONFIGFILE Use alternate configuration file
-l, –log-basename=LOGFILEBASE Base name for log files
-V, –version Print version
–option=name=value Set smb.conf option from command line
6、新增用户时,提示“Failed to add entry for user robin.”错误
这是因为没有加相应的系统账号,所以会提示Failed to add entry for user的错误,只需使用useradd命令增加相应的系统账号robin就可以了: