Re: Samba como PDC - SEMI_SOLUCIONADO
Tenía que haberlo probado antes, pero no se me ocurrió.
Haciendo un iptables -F resulta que sí que puedo unir al dominio a los equipos. Aunque no se qué problemas de puertos tengo.
Mi problema ahora es el siguiente: A la hora de cerrar la sesion en los equipos windows, me dice que no puede actualizar el perfil movil. He puesto todos los permisos habidos y por haber en las carpetas del profile de los usuarios y he comprobado que en el inicio carga los perfiles, pero por alguna razón no puede escribirlos.
La magnífica ayuda de windows sólo dice:
DETALLE: El sistema no puede hallar el archivo especificado
Sugerencias de puertos y de perfil movil (lo segundo me correo prisa porque mañana llegan los usuarios al trabajo)
NOTA: Adjunto el script de iptables, el smb.conf y el log de un acceso
******************************************
#! /bin/bash
echo "Iniciando iptables..."
echo ""
#echo "1" > /proc/sys/net/ipv4/ip_forward
#VACIAR LAS COLAS
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
echo "Reglas limpiadas"
#POLITICA POR DEFECTO
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT ACCEPT
echo "Politica establecida"
#ACEPTA ESTABLECIDAS
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #dejamos entrar respuestas
echo "Conexiones establecidas permitidas"
#ABRIR COSAS
iptables -t filter -A INPUT -i lo -j ACCEPT #localhost
iptables -t filter -A INPUT -p ICMP -j ACCEPT #ICMP
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT #ssh
iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT #mysql
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT #spop3
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT #smtp
iptables -t filter -A INPUT -p tcp --dport 137 -j ACCEPT #samba
iptables -t filter -A INPUT -p tcp --dport 138 -j ACCEPT #samba
iptables -t filter -A INPUT -p tcp --dport 139 -j ACCEPT #samba
iptables -t filter -A INPUT -p udp --dport 137 -j ACCEPT #samba
iptables -t filter -A INPUT -p udp --dport 138 -j ACCEPT #samba
iptables -t filter -A INPUT -p udp --dport 139 -j ACCEPT #samba
iptables -t filter -A INPUT -p tcp --dport 445 -j ACCEPT #samba
iptables -t filter -A INPUT -p udp --dport 445 -j ACCEPT #samba
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT #http
iptables -t filter -A INPUT -p udp --dport 80 -j ACCEPT #http
iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT #http
iptables -t filter -A INPUT -p udp --dport 8080 -j ACCEPT #http
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT #http
iptables -t filter -A INPUT -p udp --dport 443 -j ACCEPT #http
echo "Puertos especificos abiertos"
***************************************************
#
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = aholab
#MANWE añadido
netbios name = bips
# server string is the equivalent of the NT Description field
server string = Servidor Samba de Aholab
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = user
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 158.227.67.
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
passdb backend = tdbsam
socket options = TCP_NODELAY
#MANWE
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 64
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
domain logons = yes
logon path = \\%L\Profiles\%U
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
delete user script = /usr/sbin/userdel %u
delete user from group script = /usr/sbin/deluser %u %g
delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions ==============================
;[homes]
; comment = Home Directories
; browseable = no
; writable = yes
#####################################
#CORPUS Y BBDD
[g]
comment = BBDD y PRJ
path = /mnt/raid1/
browseable = yes
writable = no
public = no
printable = no
create mode = 0440
directory mode = 0550
#HOMES
[h]
comment = HOME
path = /mnt/raid0/aholab/%U
browseable = yes
writable = yes
public = no
printable = no
create mode = 0640
directory mode = 0750
#Intranet
[Intranet]
comment = Programas y documentación
path = /mnt/intranet
browseable = yes
writable = no
public = no
create mode= 0440
directory mode = 0550
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /home/Profiles
browseable = no
guest ok = yes
create mask = 0600
directory mask = 0700
*****************************************************************************
[2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648)
dagobah (158.227.67.135) connect to service netlogon initially as user nora (uid=1012, gid=1001) (pid 1918)
[2004/09/26 15:20:41, 1] smbd/service.c:close_cnum(837)
dagobah (158.227.67.135) closed connection to service netlogon
[2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800)
dagobah (158.227.67.135) couldn't find service nora
[2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800)
dagobah (158.227.67.135) couldn't find service nora
[2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648)
dagobah (158.227.67.135) connect to service netlogon initially as user nora (uid=1012, gid=1001) (pid 1918)
[2004/09/26 15:20:47, 0] rpc_server/srv_util.c:get_domain_user_groups(376)
get_domain_user_groups: primary gid of user [nora] is not a Domain group !
get_domain_user_groups: You should fix it, NT doesn't like that
[2004/09/26 15:20:49, 1] smbd/service.c:close_cnum(837)
dagobah (158.227.67.135) closed connection to service netlogon
[2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648)
dagobah (158.227.67.135) connect to service Profiles initially as user nora (uid=1012, gid=1001) (pid 1918)
[2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648)
dagobah (158.227.67.135) connect to service Profiles initially as user nora (uid=1012, gid=1001) (pid 1918)
[2004/09/26 15:20:52, 1] smbd/service.c:close_cnum(837)
dagobah (158.227.67.135) closed connection to service Profiles
Reply to: