_anonymous0815_
Lt. Commander
- Registriert
- Aug. 2020
- Beiträge
- 1.307
Hallo liebes Forum,
ich habe seit Tagen ein Problem und finde einfach keine Lösung.
Ich habe letzte Woche mein QNAP NAS ein bisschen abgehärtet und unnötige Services deaktiviert und die SIcherheitseinstellungen überprüft, aber irgendwas wichtiges muss ich mit weggerissen haben, da ich mein SMB-Share nicht mehr mounten kann.
Der Nutzer "NAS" hat definitiv die Zugriffsrechte und RW ist aktiviert, der SMB-Service auch, maximal SMB3, minimal SMB2.
Zugegriffen werden soll auf \\192.168.178.55\public\XXX, Kennwort ist auch korrekt, bekomme aber nur die Meldung "Zugriff verweigert"
Client macht keinen Unterschied, ob Win11, 2019, Android oder Linux
Vielleicht fällt jemandem von Euch was auf.
Vielen Dank und viele Grüße
Anbei der die smb.conf
Uff, habs gelöst, unter "Anwendungsberechtigung bearbeiten" hat das Häkchen bei Microsoft-Netzwerk für den User "NAS" gefehlt.
ich habe seit Tagen ein Problem und finde einfach keine Lösung.
Ich habe letzte Woche mein QNAP NAS ein bisschen abgehärtet und unnötige Services deaktiviert und die SIcherheitseinstellungen überprüft, aber irgendwas wichtiges muss ich mit weggerissen haben, da ich mein SMB-Share nicht mehr mounten kann.
Der Nutzer "NAS" hat definitiv die Zugriffsrechte und RW ist aktiviert, der SMB-Service auch, maximal SMB3, minimal SMB2.
Zugegriffen werden soll auf \\192.168.178.55\public\XXX, Kennwort ist auch korrekt, bekomme aber nur die Meldung "Zugriff verweigert"
Client macht keinen Unterschied, ob Win11, 2019, Android oder Linux
Vielleicht fällt jemandem von Euch was auf.
Vielen Dank und viele Grüße
Anbei der die smb.conf
Code:
[admin@NASXXXXX~]# cat /etc/config/smb.conf
[global]
passdb backend = smbpasswd
workgroup = WORKGROUP
security = USER
server string =
encrypt passwords = Yes
username level = 0
map to guest = Never
max log size = 10
socket options = TCP_NODELAY SO_KEEPALIVE
os level = 20
preferred master = no
dns proxy = No
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = yes
load printers = no
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/.@__qini/.Qsync/.@upload_cache/.qsync/.qsync_sn/.@qsys/.streams/.digest/
delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
restrict anonymous = 2
server role = auto
use sendfile = yes
unix extensions = no
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = no
kerberos method = secrets only
follow symlinks = yes
wide links = yes
force unknown acl user = yes
template homedir = /share/homes/DOMAIN=%D/%U
inherit acls = no
domain logons = no
min receivefile size = 256
case sensitive = auto
domain master = auto
local master = no
enhance acl v1 = yes
remove everyone = no
conn log = no
kernel oplocks = no
min protocol = SMB2_02
smb2 leases = yes
durable handles = yes
kernel share modes = no
posix locking = no
lock directory = /share/CACHEDEV1_DATA/.samba/lock
state directory = /share/CACHEDEV1_DATA/.samba/state
cache directory = /share/CACHEDEV1_DATA/.samba/cache
pid directory = /var/lock
printcap name = /dev/null
printing = bsd
show add printer wizard = no
printcap cache time = 0
acl allow execute always = yes
server signing = disabled
streams_depot:delete_lost = yes
streams_depot:check_valid = no
fruit:nfs_aces = no
fruit:veto_appledouble = no
winbind expand groups = 1
server schannel = yes
winbind scan trusted domains = no
winbind max clients = 2000
winbind max domain connections = 2
server kernel smbd support = no
client ipc min protocol = CORE
wins support = no
invalid users = guest
lanman auth = no
ntlm auth = yes
aio read size = 1
aio write size = 0
winbind enum groups = Yes
winbind enum users = Yes
vfs objects = shadow_copy2 widelinks catia fruit qnap_macea streams_depot aio_pthread
[Public]
comment = System default share
path = /share/CACHEDEV1_DATA/Public
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = yes
timemachine = no
public = yes
invalid users = "guest"
read list = @"everyone"
write list = @"administrators","NAS","admin"
valid users = "root",@"everyone","admin",@"administrators","NAS"
q type = 0
inherit permissions = yes
shadow:showprevious = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Public/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Public
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = mandatory
create time = 2021:12:01:13:39:46:49
strict allocate = yes
streams_depot:check_valid = yes
mangled names = yes
hide unreadable = no
access based share enum = no
strict sync = yes
hosts allow =
[homes]
comment = System default share
path = /share/CACHEDEV1_DATA/homes
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
timemachine = no
public = yes
invalid users = "guest"
read list =
write list = "admin",@"administrators","NAS"
valid users = "root","admin",@"administrators","NAS"
q type = 0
inherit permissions = yes
shadow:showprevious = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/homes/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/homes
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
create time = 2021:12:05:23:09:06:90
mangled names = yes
hide unreadable = no
access based share enum = no
strict sync = no
[Container]
comment = Container Station
path = /share/CACHEDEV1_DATA/Container
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = no
recycle bin administrators only = no
qbox = no
timemachine = no
public = yes
invalid users = "guest"
read list =
write list = @"administrators","admin"
valid users = "root",@"administrators","admin"
q type = 0
inherit permissions = yes
shadow:showprevious = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Container/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Container
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
create time = 2022:07:24:12:15:58:10
strict allocate = yes
streams_depot:check_valid = yes
mangled names = yes
hide unreadable = no
access based share enum = no
strict sync = no
[home]
comment = Home
path = %H
browsable = yes
oplocks = yes
ftp write only = no
inherit permissions = yes
invalid users = guest
writable = yes
read list = "%D%w%U"
write list = "%D%w%U"
valid users = "%D%w%U"
root preexec = /sbin/create_home -u '%q'
smb encrypt = disabled
create time = 2021:12:05:23:09:06:90
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/homes/.snapshot
shadow:basedir = %H
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
Code:
root@debianpxe:~# nmap 192.168.178.55
Starting Nmap 7.80 ( https://nmap.org ) at 2022-07-30 18:34 CEST
Nmap scan report for NASXXXXX.fritz.box (192.168.178.55)
Host is up (0.00047s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3000/tcp open ppp
3260/tcp open iscsi
5200/tcp open targus-getdata
8080/tcp open http-proxy
8086/tcp open d-s-n
Ergänzung ()
Uff, habs gelöst, unter "Anwendungsberechtigung bearbeiten" hat das Häkchen bei Microsoft-Netzwerk für den User "NAS" gefehlt.
Zuletzt bearbeitet: