Server requested LANMAN password (share-level security) but ‘client lanman auth’ is disabled

Q:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2]
Server requested LANMAN password (share-level security) but ‘client lanman auth’ is disabled
tree connect failed: NT_STATUS_ACCESS_DENIED

A: vim smb.conf
lanman auth = yes
client lanman auth = yes
#server端跟client端都使用lanman認證。

———————————————
還以為挖到寶

client ntlmv2 auth (G)

This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response.

If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Many servers (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with NTLMv2. Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth authentication will be disabled. This also disables share-level authentication. If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth. Note that some sites (particularly those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM. Default: client ntlmv2 auth = no

使用圖形介面SWAT 設定Samba

yum install -y samba-swat
chkconfig swat on
/etc/init.d/xinetd restart
netstat -tnl | grep -w 901
http://localhost:901/

config /etc/xinetd.d/swat

http://www.netadmin.com.tw/article_content.aspx?sn=0807240005
http://babyface2.com/NetAdmin/30200807samba/
http://rongsquare.blogspot.com/2007/09/samba-swat-ubuntu.html
http://samlee.idv.tw/linux/samba/samba03/samba03.htm
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html

CentOS Samba Windows7 登入問題

start run secpol.msc 本機原則 安全性選項 網路安全性:LAN Manager 驗證等級 傳送LM & NTLM 使用 NTLMv2

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

“LmCompatibilityLevel”=dword:00000001

註: LmCompatibilityLevel 數字的意義
0=Send LM & NTLM responses (never uses NTLMv2)
1=Send LM & NTLM – use NTLMv2 session security if negotiated
2=Send NTLM response only, use NTLMv2 if server supports it.
3=Send NTLMv2 response only, if DC accept LM, NTLM and NTLMv2 auth, use NTLMv2 security if supported.
4=Send NTLMv2 response only, if DC refuse LM, accept NTLM or NTLMv2 auth, use NTLMv2 security if supported.
5=Send NTLMv2 response only, if DC,refuse LM & NTLM and only accept NTLMv2 auth, use NTLMv2 security if supported.

ntfs samba

mount -t ntfs -o fmask=0022,dmask=0000,exec,uid=joe,gid=joe /dev/sdd1 /mnt/MyBook

/dev/sdd1 /mnt/MyBook ntfs fmask=0022,dmask=0000,exec,uid=joe,gid=joe 0 1

http://askubuntu.com/questions/11840/how-to-chmod-on-an-ntfs-partition
http://www.linuxforums.org/forum/debian-linux/52000-ntfs-partition-doesnt-accept-chmod-777-a.html
http://www.linuxquestions.org/questions/linux-newbie-8/howto-permissions-and-ownership-on-fat-and-ntfs-filesystems-710228/

非/home 用戶 ssh authorized_key 登入

這爛問題搞了我好久

重點在Selinux

troubleshoot有提示錯誤,但出來白畫面。這爛東西還害我開ROOT的VNC * 。
cat /var/log/audit/audit.log | grep AVC | grep ssh
可以知道為啥一直設定不對
原來是新的硬碟為了samba 整顆改成 samba_share_t

權限該是 home_root_t > user_home_dir_t > ssh_home_t

################################################################
Continue reading

phpbb 轉移 還碰到 Selinux 設定

備份資料庫
記得先servise httpd stop\servise mysqld stop

用內建的
或者是tar -jcv -f /var/lib/mysql/phpbb
/usr/local/bin/mysqldump -u root -p phpbb > /usr/home/backup/phpbb.sql
都可以

這次是還原在/home裡面,這次心血來潮,不想要停用selinux 所以摟
謝鳥哥。
[root@www ~]# setsebool -P httpd_enable_homedirs=1
[root@www ~]# restorecon -Rv /home/ (這不放行後面讀不到)
# 第一個指令在放行個人首頁規則,第二個指令在處理安全類型!
Continue reading