Windows无法连接Linux的Samba服务

先确认Samba是否已监听端口。

smbd进程监听139445端口, nmbd进程监听137138端口。

使用Windows的网络检测功能,得到以下解答:

文件和打印共享资源(xxx.xxx.xxx.xxx)处于联机状态,但未对连接尝试做出响应。 检测到 检测到
远程计算机不接受端口 445 上的连接,这可能是由于防火墙或安全策略设置,或因为服务可能暂时不可用。Windows 在计算机的防火墙上找不到任何问题。

看样子是445端口未打开。

使用telnet命令测一下。

➜  ~ telnet xxx.xxx.xxx.xxx 445
Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: No route to host

看下Linux服务器内部的防火墙,发现未启用firewalld

[root@localhost ~]# firewall-cmd --list-all
FirewallD is not running

再看下iptables

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  830  112K ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere            
  369 83821 INPUT_direct  all  --  any    any     anywhere             anywhere            
  369 83821 INPUT_ZONES_SOURCE  all  --  any    any     anywhere             anywhere            
  369 83821 INPUT_ZONES  all  --  any    any     anywhere             anywhere            
    3   190 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
  304 80151 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere            
    0     0 FORWARD_direct  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_IN_ZONES  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_OUT_ZONES  all  --  any    any     anywhere             anywhere            
    0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 1100 packets, 193K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    lo      anywhere             anywhere            
 1100  193K OUTPUT_direct  all  --  any    any     anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public  all  --  enp1s0f0 any     anywhere             anywhere            [goto] 
    0     0 FWDI_public  all  --  +      any     anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public  all  --  any    enp1s0f0  anywhere             anywhere            [goto] 
    0     0 FWDO_public  all  --  any    +       anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public_log  all  --  any    any     anywhere             anywhere            
    0     0 FWDI_public_deny  all  --  any    any     anywhere             anywhere            
    0     0 FWDI_public_allow  all  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public_log  all  --  any    any     anywhere             anywhere            
    0     0 FWDO_public_deny  all  --  any    any     anywhere             anywhere            
    0     0 FWDO_public_allow  all  --  any    any     anywhere             anywhere            

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  136  7397 IN_public  all  --  enp1s0f0 any     anywhere             anywhere            [goto] 
  233 76424 IN_public  all  --  +      any     anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  369 83821 IN_public_log  all  --  any    any     anywhere             anywhere            
  369 83821 IN_public_deny  all  --  any    any     anywhere             anywhere            
  369 83821 IN_public_allow  all  --  any    any     anywhere             anywhere            
    5   180 ACCEPT     icmp --  any    any     anywhere             anywhere            

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   57  3300 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

防火墙没开端口。

由于本人习惯用firewalld了,所以禁用iptables,换成firewalld

# 启用firewalld服务
[root@localhost ~]# systemctl start firewalld 

[root@localhost ~]# systemctl status firewalld                                                                                                                                                                     
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-12-12 22:11:50 CST; 5s ago
     Docs: man:firewalld(1)
 Main PID: 20605 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─20605 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Dec 12 22:11:49 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 12 22:11:50 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

# 开机启动
[root@localhost ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

# 先把22端口打开,避免失误断线。
[root@localhost ~]# firewall-cmd --permanent --add-port=22/tcp
success
[root@localhost ~]# firewall-cmd --permanent --add-port=445/tcp
success
[root@localhost ~]# firewall-cmd --permanent --add-port=139/tcp
success
[root@localhost ~]# firewall-cmd --permanent --add-port=137/udp
success
[root@localhost ~]# firewall-cmd --permanent --add-port=138/udp
success
# 重载firewalld,使规则生效
[root@localhost ~]# firewall-cmd --reload
success
# 看一下规则
[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0f0
  sources: 
  services: dhcpv6-client ssh
  ports: 22/tcp 445/tcp 139/tcp 137/udp 138/udp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

# 禁用iptables
[root@localhost ~]# systemctl disable iptables
Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
# 停止iptables服务
[root@localhost ~]# systemctl stop iptables

然后,在Windows连接成功!

Leave a Reply