1.Issue:Server requested plaintext password but 'client plaintext auth' is disabled
session setup failed: SUCCESS - 0
I tried 'smbclient -s foo.conf //server/dir' where foo.conf has:
[global]
client plaintext auth = yes
But the results are the same.
You have to set 'client lanman auth = yes'. Otherwise,
'client plaintext auth' is forced off.
2.Issue:Can Samba “security = user” be used for guest share without Windows login prompt?
http://serverfault.com/questions/211128/can-samba-security-user-be-used-for-guest-share-without-windows-login-prompt
3.Samba服务所使用的端口和协议:
* Port 137 (UDP) - NetBIOS name service and nmbd
* Port 138 (UDP) - NetBIOS datagram service
* Port 139 (TCP) - File and printer sharing and smbd
* Port 389 (TCP) - for LDAP (Active Directory Mode)
* Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS)
* Port 901 (TCP) - for SWAT
*Samba是一种网络文件共享协议,允许不同操作系统,不同平台的机器之间通过网络实现文件访问控制。
*特别是允许Windows系统访问Unix系统的文件。Samba服务一般开启有两个端口139 TCP 445TCP。
4.配置Samba服务器:
可以参考的有价值的文档有: man samba / man smbd / man smb.conf
配置文件主要有: /etc/samba/smb.conf /etc/pam.d/samba
客户端测试工具: Windows 网络邻居查看计算机 / Linux smbclient
配置时查看服务运行状态的日志文件主要有:
*Samba进程日志 /var/log/samba/* (smbd.log / IP.log)
*系统授权日志:/var/log/auth.log
*系统日志:/var/log/syslog
6.smb.conf 的一些重要选项:
[global]
workgroup = WORKGROUP
netbios name = Samab-Server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = share #常用的还有 security = user
guest ok = yes
encrypt passwords = yes # 密码加密,如果设置成NO,Windows系统访问不能正常(要修改注册表才能正常访问,因为Windows作为客户端访问时,默认加密密码)
client lanman auth = yes
client plaintext auth = yes
[pub]
comment = Users profiles
path = /ftp/pub
browseable = yes
有关encrypt passwords = yes: 当设置成yes时PAM 授权控制全部被忽略(因为PAM不能处理加密过的授权控制);设置成NO时,Windows系统默认不能访问,此时CMD下使用 net use Z: //samba-server/pub 出现1240Error。除非修改系统注册表EnablePlantPassword才行。参见参考微软支持网站:
http://support.microsoft.com/kb/224287
http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2536276-windows-xp-pc-get-system-error-58-when/d9dbdde5-2666-4423-b47c-fbdb80b995d9
6.为了兼容Windows系统,设置encrypt passwords = yes 貌似是必须的。但又想使用PAM方式认证用户:
配置:
security = user
encrypt passwords = yes
obey pam restrictions = yes
测试发现可以开启Samba服务的PAM方式认证用户。
7.使用SSH使得远程访问MYSQL更加安全
http://www.j-cn.org/post/754.html
http://ig2net.info/archives/788.html