为什么Mac smb connect无法通过cli登录,但可以通过finder和来宾帐户运行?


8

因此,我有一个Mac(Yosemite)共享一个对许多用户只读的文件夹,并且启用了来宾帐户来装载/访问该文件夹,以便用户可以下载任何内容。我正在使用另一台Mac(Sierra)作为经理连接到共享。当我以访客用户身份从命令行运行时,它可以工作:

mount_smbfs //guest@macbook-pro.local/Files /tmp/files
ls /tmp/files
fileA    fileB

或者如果我以finder的身份从访客连接:

click MacBook-Pro -> Connect As -> Guest -> Connect
double click Files
ls /Volumes/Files
fileA    fileB

现在,在Mac(Yosemite)上有一个管理员用户帐户。我想以读写权限挂载/访问该文件夹,但是如果我需要从命令行输入用户名,则所有尝试通过登录挂载该文件夹的尝试都会失败。

mount_smbfs //admin@macbook-pro.local/Files /tmp/files
Password for MacBook-pro.local:
mount_smbfs: server rejected the connection: Authentication error

但是,如果我使用Finder连接:

click MacBook-Pro -> Connect As -> Registered User
Username: admin
Password: password
 -> Connect
double click Files
ls /Volumes/Files
fileA    fileB

在成功连接的每种情况下,我都可以在“系统属性”的“服务器共享”部分中看到,当我单击“文件共享”时:“打开->选项...”显示

Share files and folders using SMB
  Number of users connected: 1

您能猜测为什么当我尝试使用需要身份验证的帐户通过smb通过命令行连接时拒绝连接吗?

编辑

是的,AFP Connect在任何情况下都可以使用,包括带有需要密码的帐户的cli。例如:

mount_afp -i afp://admin@macbook-pro.local/Files /tmp/files
Password: 
ls /tmp/files
fileA    fileB

为了进行测试,我还尝试降低smb身份验证规则,以防万一,但没有任何效果,即使以明文形式发送密码也是如此。因此:

sudo nano /etc/nsmb.conf
   [default]
   minauth=none
^c+X
mount_smbfs smb://admin:password@macbook-pro.local/Files /tmp/files
mount_smbfs: server rejected the connection: Authentication error

编辑2

以下是一些日志文件,以防任何人可以从中获取有关此问题的任何信息。(很抱歉将日志发布到异地,但是成功的日志中包含太多文本。)

首先,使用以下流程通过Finder通过Finder通过SMB连接到MacBook-Pro.local的客户端日志:

Click MacBook-Pro
Connect As: Registered User
Name: admin
Password: password
Connect

在控制台中产生如下日志输出:

http://paste.ubuntu.com/23308183/

现在,所有共享文件夹的列表对于管理员来说都是可用的。因此,单击“文件”文件夹会产生更多日志输出,如下所示:

http://paste.ubuntu.com/23308186/

文件文件夹挂载,并且可以由管理员用户读取/写入

为了进行比较,这是尝试使用纯命令行工具mount_smbfs连接到资源时来自控制台的日志:

default 09:43:21.257429 -0400   gamed   GKClientProxy: clientForBundleID:
default 09:43:21.257543 -0400   gamed   GKClientProxy: updateIfRecentlyInstalled
default 09:43:21.258623 -0400   gamed   GKClientProxy: clientForBundleID:
default 09:43:21.258751 -0400   gamed   GKClientProxy: updateIfRecentlyInstalled
default 09:43:21.277114 -0400   opendirectoryd  Client: <private>, UID: 0, EUID: 0, GID: 0, EGID: 0
default 09:43:21.277194 -0400   opendirectoryd  <private> completed, delivered 1 result
default 09:43:22.025420 -0400   mount_smbfs subsystem: com.apple.SystemConfiguration, category: SCPreferences, enable_level: 0, persist_level: 0, default_ttl: 0, info_ttl: 0, debug_ttl: 0, generate_symptoms: 0, enable_oversize: 0, privacy_setting: 2, enable_private_data: 0
default 09:43:22.030767 -0400   mount_smbfs subsystem: com.apple.network, category: , enable_level: 0, persist_level: 0, default_ttl: 0, info_ttl: 0, debug_ttl: 0, generate_symptoms: 0, enable_oversize: 0, privacy_setting: 2, enable_private_data: 0
default 09:43:22.069146 -0400   opendirectoryd  Client: <private>, UID: 0, EUID: 0, GID: 0, EGID: 0
default 09:43:22.069231 -0400   opendirectoryd  <private> completed, delivered 1 result
default 09:43:22.069385 -0400   opendirectoryd  Client: <private>, UID: 0, EUID: 0, GID: 0, EGID: 0
default 09:43:22.069479 -0400   opendirectoryd  <private> completed, delivered 1 result
default 09:43:22.072139 -0400   opendirectoryd  Client: <private>, UID: 502, EUID: 502, GID: 20, EGID: 20
default 09:43:22.072212 -0400   opendirectoryd  <private> completed, delivered 1 result
error   09:43:22.146661 -0400   kernel  loginwindow is not entitled
error   09:43:22.146708 -0400   kernel  loginwindow is not entitled
error   09:43:22.146799 -0400   kernel  UserEventAgent is not entitled
error   09:43:22.146882 -0400   kernel  UserEventAgent is not entitled
default 09:43:22.886004 -0400   AppleIDAuthAgent    SERVER Doing account check for "a...n@???????.???". (scheduledAccountCheckDispatcher()/AppleIDAuthd.cpp #545) accountCheckDispatch
default 09:43:22.886074 -0400   AppleIDAuthAgent    Checking account <private>
default 09:43:22.887673 -0400   AppleIDAuthAgent    _AppleIDAuthAccountForAppleID falling back to account aliases

error   09:43:22.891028 -0400   AppleIDAuthAgent    ### Request GS token for '<private>' start failed: -101
default 09:43:22.891078 -0400   AppleIDAuthAgent    ### Authenticate '<private>' failed: <private>
default 09:43:22.891158 -0400   AppleIDAuthAgent    SERVER Didn't succeed with .authenticate, and error is ERROR:"CSIdentityErrorDomain" #-101 kCSIdentityAppleIDInvalidAccountOrPasswordErr {  } so releasing session. (___Z31__AppleIDSessionDoCreateSessionPK10__CFStringS1_PK14__CFDictionaryPS1_PS4_PP9__CFError_block_invoke()/AppleIDXMLServerCommunications.cpp #902) queue.session.
default 09:43:22.891399 -0400   AppleIDAuthAgent    Next time for '<private>': 2016-10-11 13:43:22 +0000 (497886202.891342 + 0.000000), 0.000000 seconds
default 09:43:22.891514 -0400   AppleIDAuthAgent    Next time for '<private>': 2016-10-11 13:43:22 +0000 (497886202.891467 + 0.000000), 0.000000 seconds
default 09:43:22.891560 -0400   AppleIDAuthAgent    Next action time for <private>: <private> (because the account does not have a certificate nor an uploaded csr)
default 09:43:25.393805 -0400   CommCenter  #watchdog #I Callback Watchdog: checkin 119
default 09:43:25.394014 -0400   CommCenter  #watchdog #I Server Watchdog: checkin 119
default 09:43:28.212369 -0400   opendirectoryd  Client: <private>, UID: 502, EUID: 502, GID: 20, EGID: 20
default 09:43:28.212476 -0400   opendirectoryd  <private> failed with error '<private>' (2)
default 09:43:29.061659 -0400   kernel  SmartBattery: finished polling type 4
default 09:43:29.847392 -0400   gamed   GKClientProxy: clientForBundleID:
default 09:43:29.847446 -0400   gamed   GKClientProxy: updateIfRecentlyInstalled
default 09:43:29.847970 -0400   gamed   GKClientProxy: clientForBundleID:
default 09:43:29.847992 -0400   gamed   GKClientProxy: updateIfRecentlyInstalled
default 09:43:29.879093 -0400   opendirectoryd  Client: <private>, UID: 0, EUID: 0, GID: 0, EGID: 0
default 09:43:29.879183 -0400   opendirectoryd  <private> completed, delivered 1 result

解决方法

我发现此AppleScript代码段可从命令行使用。

osascript -e 'tell application "Finder" to mount volume "smb://admin:password@macbook-pro.local/Files"'

它将启动一个确认窗口,其中填写了密码字段。但是,它要求将密码以明文形式输入。显然,也可以在没有密码的情况下进行操作,并且每次都输入密码。

osascript -e 'tell application "Finder" to mount volume "smb://admin@macbook-pro.local/Files"'

因此,我尝试保存密码。选中将登录名保存到钥匙串的框后,即使没有明文密码,该命令也会成功执行,但仍会显示确认窗口,其中已填满了“密码”框,同时也选中了“记住密码”框。

保存密码后,该密码仍然不适用于mount_smbfs连接。挂载尝试失败。

也许这个osascript想法是一种解决方法,但是它不能回答为什么samba通过finder连接而不是在使用cli时连接的问题。


您可以尝试通过AFP进行连接,看看是否可行吗?
NoahL

感谢您的帮助。AFP肯定在所有情况下都有效。Finder,命令行以及带有脚本的脚本,无论是访客还是需要用户的密码。
ndasusers

尝试以下操作:在服务器上,转到“系统偏好设置”->“共享”。窗口中心是一个绿色圆圈。在它的旁边,在窗口的左上方显示“文件共享:打开”,点击“选项...”。在下拉列表中,打开“使用smb共享文件和文件夹”
NoahL

让我知道怎么回事
NoahL

再次感谢你。文件共享:启用,已启用使用smb共享文件。只要授予成功的连接,就会在该窗口中为用户编号。
ndasusers

Answers:


-3

GKClientProxy:clientForBundleID:4


4
欢迎来到Ask Different,谢谢您的回答!我们一直在寻找解决方案,并希望提供诸如以下信息的答案:(1)您认为您提供的答案如何解决该问题和/或为什么它可能比其他解决方案更好;(2)链接到支持信息和/或您推荐的产品。诸如此类的附加信息可以帮助OP以及其他人自己寻找附加信息。有关在此处提供答案的提示,请参见“ 如何回答 ”。
Monomeeth
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.