Re: Samba como PDC - SEMI_SOLUCIONADO
Si, no habia pensado lo del firewall antes....
probaste de ponerle writable = yes en [Profiles] ?
Saludos.
Maxi
On Sun, 26 Sep 2004 15:27:07 +0200, Manwe Sulimo <manwe@euskalnet.net> wrote:
> Tenía que haberlo probado antes, pero no se me ocurrió.
>
> Haciendo un iptables -F resulta que sí que puedo unir al dominio a los equipos. Aunque no se qué problemas de puertos tengo.
>
> Mi problema ahora es el siguiente: A la hora de cerrar la sesion en los equipos windows, me dice que no puede actualizar el perfil movil. He puesto todos los permisos habidos y por haber en las carpetas del profile de los usuarios y he comprobado que en el inicio carga los perfiles, pero por alguna razón no puede escribirlos.
>
> La magnífica ayuda de windows sólo dice:
>
> DETALLE: El sistema no puede hallar el archivo especificado
>
> Sugerencias de puertos y de perfil movil (lo segundo me correo prisa porque mañana llegan los usuarios al trabajo)
>
> NOTA: Adjunto el script de iptables, el smb.conf y el log de un acceso
>
> ******************************************
>
> #! /bin/bash
> echo "Iniciando iptables..."
> echo ""
> #echo "1" > /proc/sys/net/ipv4/ip_forward
>
> #VACIAR LAS COLAS
> iptables -t filter -F
> iptables -t nat -F
> iptables -t mangle -F
> echo "Reglas limpiadas"
>
> #POLITICA POR DEFECTO
> iptables -t filter -P INPUT DROP
> iptables -t filter -P FORWARD DROP
> iptables -t filter -P OUTPUT ACCEPT
> echo "Politica establecida"
>
> #ACEPTA ESTABLECIDAS
> iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #dejamos entrar respuestas
> echo "Conexiones establecidas permitidas"
>
> #ABRIR COSAS
> iptables -t filter -A INPUT -i lo -j ACCEPT #localhost
> iptables -t filter -A INPUT -p ICMP -j ACCEPT #ICMP
> iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT #ssh
> iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT #mysql
> iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT #spop3
> iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT #smtp
> iptables -t filter -A INPUT -p tcp --dport 137 -j ACCEPT #samba
> iptables -t filter -A INPUT -p tcp --dport 138 -j ACCEPT #samba
> iptables -t filter -A INPUT -p tcp --dport 139 -j ACCEPT #samba
> iptables -t filter -A INPUT -p udp --dport 137 -j ACCEPT #samba
> iptables -t filter -A INPUT -p udp --dport 138 -j ACCEPT #samba
> iptables -t filter -A INPUT -p udp --dport 139 -j ACCEPT #samba
> iptables -t filter -A INPUT -p tcp --dport 445 -j ACCEPT #samba
> iptables -t filter -A INPUT -p udp --dport 445 -j ACCEPT #samba
> iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT #http
> iptables -t filter -A INPUT -p udp --dport 80 -j ACCEPT #http
> iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT #http
> iptables -t filter -A INPUT -p udp --dport 8080 -j ACCEPT #http
> iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT #http
> iptables -t filter -A INPUT -p udp --dport 443 -j ACCEPT #http
>
> echo "Puertos especificos abiertos"
>
> ***************************************************
>
> #
> #======================= Global Settings =====================================
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
> workgroup = aholab
>
> #MANWE añadido
> netbios name = bips
>
> # server string is the equivalent of the NT Description field
> server string = Servidor Samba de Aholab
>
> # Security mode. Defines in which mode Samba will operate. Possible
> # values are share, user, server, domain and ads. Most people will want
> # user level security. See the Samba-HOWTO-Collection for details.
> security = user
>
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
> hosts allow = 158.227.67.
>
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
> passdb backend = tdbsam
>
> socket options = TCP_NODELAY
>
> #MANWE
> local master = yes
>
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
> os level = 64
>
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> domain master = yes
>
> # Preferred Master causes Samba to force a local browser election on startup
> # and gives it a slightly higher chance of winning the election
> preferred master = yes
>
> # Enable this if you want Samba to be a domain logon server for
> # Windows95 workstations.
> domain logons = yes
>
> logon path = \\%L\Profiles\%U
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The default is NO.
> dns proxy = no
>
> # These scripts are used on a domain controller or stand-alone
> # machine to add or delete corresponding unix accounts
> add user script = /usr/sbin/useradd %u
> add group script = /usr/sbin/groupadd %g
> add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
> delete user script = /usr/sbin/userdel %u
> delete user from group script = /usr/sbin/deluser %u %g
> delete group script = /usr/sbin/groupdel %g
>
> #============================ Share Definitions ==============================
> ;[homes]
> ; comment = Home Directories
> ; browseable = no
> ; writable = yes
>
> #####################################
> #CORPUS Y BBDD
> [g]
> comment = BBDD y PRJ
> path = /mnt/raid1/
> browseable = yes
> writable = no
> public = no
> printable = no
> create mode = 0440
> directory mode = 0550
>
> #HOMES
> [h]
> comment = HOME
> path = /mnt/raid0/aholab/%U
> browseable = yes
> writable = yes
> public = no
> printable = no
> create mode = 0640
> directory mode = 0750
>
> #Intranet
> [Intranet]
> comment = Programas y documentación
> path = /mnt/intranet
> browseable = yes
> writable = no
> public = no
> create mode= 0440
> directory mode = 0550
>
> # Un-comment the following and create the netlogon directory for Domain Logons
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> guest ok = yes
> writable = no
> share modes = no
>
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> [Profiles]
> path = /home/Profiles
> browseable = no
> guest ok = yes
> create mask = 0600
> directory mask = 0700
>
> *****************************************************************************
>
> [2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648)
> dagobah (158.227.67.135) connect to service netlogon initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:41, 1] smbd/service.c:close_cnum(837)
> dagobah (158.227.67.135) closed connection to service netlogon
> [2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800)
> dagobah (158.227.67.135) couldn't find service nora
> [2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800)
> dagobah (158.227.67.135) couldn't find service nora
> [2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648)
> dagobah (158.227.67.135) connect to service netlogon initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:47, 0] rpc_server/srv_util.c:get_domain_user_groups(376)
> get_domain_user_groups: primary gid of user [nora] is not a Domain group !
> get_domain_user_groups: You should fix it, NT doesn't like that
> [2004/09/26 15:20:49, 1] smbd/service.c:close_cnum(837)
> dagobah (158.227.67.135) closed connection to service netlogon
> [2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648)
> dagobah (158.227.67.135) connect to service Profiles initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648)
> dagobah (158.227.67.135) connect to service Profiles initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:52, 1] smbd/service.c:close_cnum(837)
> dagobah (158.227.67.135) closed connection to service Profiles
>
>
Reply to: