Re: Samba como PDC - SEMI_SOLUCIONADO

To: debian-user-spanish@lists.debian.org
Subject: Re: Samba como PDC - SEMI_SOLUCIONADO
From: "Maximiliano J. Goldsmid" <mgoldsmid@gmail.com>
Date: Mon, 27 Sep 2004 11:25:20 -0300
Message-id: <[🔎] f3f8a43304092707253e6989be@mail.gmail.com>
Reply-to: "Maximiliano J. Goldsmid" <mgoldsmid@gmail.com>
In-reply-to: <[🔎] 20040926152707.24c2c65a@localhost>
References: <[🔎] 20040923164353.147c6f14@localhost> <[🔎] 20040926152707.24c2c65a@localhost>

Si, no habia pensado lo del firewall antes....

probaste de ponerle writable = yes en  [Profiles] ?

Saludos.
Maxi



On Sun, 26 Sep 2004 15:27:07 +0200, Manwe Sulimo <manwe@euskalnet.net> wrote:
> Tenía que haberlo probado antes, pero no se me ocurrió.
> 
> Haciendo un iptables -F  resulta que sí que puedo unir al dominio a los equipos. Aunque no se qué problemas de puertos tengo.
> 
> Mi problema ahora es el siguiente: A la hora de cerrar la sesion en los equipos windows, me dice que no puede actualizar el perfil movil. He puesto todos los permisos habidos y por haber en las carpetas del profile de los usuarios y he comprobado que en el inicio carga los perfiles, pero por alguna razón no puede escribirlos.
> 
> La magnífica ayuda de windows sólo dice:
> 
> DETALLE: El sistema no puede hallar el archivo especificado
> 
> Sugerencias de puertos y de perfil movil (lo segundo me correo prisa porque mañana llegan los usuarios al trabajo)
> 
> NOTA: Adjunto el script de iptables, el smb.conf y el log de un acceso
> 
> ******************************************
> 
> #! /bin/bash
> echo "Iniciando iptables..."
> echo ""
> #echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> #VACIAR LAS COLAS
> iptables -t filter -F
> iptables -t nat -F
> iptables -t mangle -F
> echo "Reglas limpiadas"
> 
> #POLITICA POR DEFECTO
> iptables -t filter -P INPUT DROP
> iptables -t filter -P FORWARD DROP
> iptables -t filter -P OUTPUT ACCEPT
> echo "Politica establecida"
> 
> #ACEPTA  ESTABLECIDAS
> iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED  -j ACCEPT #dejamos entrar respuestas
> echo "Conexiones establecidas permitidas"
> 
> #ABRIR COSAS
> iptables -t filter -A INPUT -i lo -j ACCEPT                     #localhost
> iptables -t filter -A INPUT -p ICMP -j ACCEPT                   #ICMP
> iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT         #ssh
> iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT       #mysql
> iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT        #spop3
> iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT         #smtp
> iptables -t filter -A INPUT -p tcp --dport 137 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p tcp --dport 138 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p tcp --dport 139 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p udp --dport 137 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p udp --dport 138 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p udp --dport 139 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p tcp --dport 445 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p udp --dport 445 -j ACCEPT        #samba
> iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT         #http
> iptables -t filter -A INPUT -p udp --dport 80 -j ACCEPT         #http
> iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT         #http
> iptables -t filter -A INPUT -p udp --dport 8080 -j ACCEPT         #http
> iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT         #http
> iptables -t filter -A INPUT -p udp --dport 443 -j ACCEPT         #http
> 
> echo "Puertos especificos abiertos"
> 
> ***************************************************
> 
> #
> #======================= Global Settings =====================================
> [global]
> 
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
>   workgroup = aholab
> 
> #MANWE añadido
>   netbios name = bips
> 
> # server string is the equivalent of the NT Description field
>   server string = Servidor Samba de Aholab
> 
> # Security mode. Defines in which mode Samba will operate. Possible
> # values are share, user, server, domain and ads. Most people will want
> # user level security. See the Samba-HOWTO-Collection for details.
>   security = user
> 
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
>   hosts allow = 158.227.67.
> 
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
>   passdb backend = tdbsam
> 
>   socket options = TCP_NODELAY
> 
> #MANWE
>  local master = yes
> 
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
>   os level = 64
> 
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
>   domain master = yes
> 
> # Preferred Master causes Samba to force a local browser election on startup
> # and gives it a slightly higher chance of winning the election
>   preferred master = yes
> 
> # Enable this if you want Samba to be a domain logon server for
> # Windows95 workstations.
>   domain logons = yes
> 
>   logon path = \\%L\Profiles\%U
> 
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The default is NO.
>   dns proxy = no
> 
> # These scripts are used on a domain controller or stand-alone
> # machine to add or delete corresponding unix accounts
>  add user script = /usr/sbin/useradd %u
>  add group script = /usr/sbin/groupadd %g
>  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
>  delete user script = /usr/sbin/userdel %u
>  delete user from group script = /usr/sbin/deluser %u %g
>  delete group script = /usr/sbin/groupdel %g
> 
> #============================ Share Definitions ==============================
> ;[homes]
> ;   comment = Home Directories
> ;   browseable = no
> ;   writable = yes
> 
> #####################################
> #CORPUS Y BBDD
> [g]
>  comment = BBDD y PRJ
>  path = /mnt/raid1/
>  browseable = yes
>  writable = no
>  public = no
>  printable = no
>  create mode = 0440
>  directory mode = 0550
> 
> #HOMES
> [h]
>  comment = HOME
>  path = /mnt/raid0/aholab/%U
>  browseable = yes
>  writable = yes
>  public = no
>  printable = no
>  create mode = 0640
>  directory mode = 0750
> 
> #Intranet
> [Intranet]
>   comment = Programas y documentación
>   path = /mnt/intranet
>   browseable = yes
>   writable = no
>   public = no
>   create mode= 0440
>   directory mode = 0550
> 
> # Un-comment the following and create the netlogon directory for Domain Logons
> [netlogon]
>   comment = Network Logon Service
>   path = /home/netlogon
>   guest ok = yes
>   writable = no
>   share modes = no
> 
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> [Profiles]
>    path = /home/Profiles
>    browseable = no
>    guest ok = yes
>    create mask = 0600
>    directory mask = 0700
> 
> *****************************************************************************
> 
> [2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648)
>  dagobah (158.227.67.135) connect to service netlogon initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:41, 1] smbd/service.c:close_cnum(837)
>  dagobah (158.227.67.135) closed connection to service netlogon
> [2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800)
>  dagobah (158.227.67.135) couldn't find service nora
> [2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800)
>  dagobah (158.227.67.135) couldn't find service nora
> [2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648)
>  dagobah (158.227.67.135) connect to service netlogon initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:47, 0] rpc_server/srv_util.c:get_domain_user_groups(376)
>  get_domain_user_groups: primary gid of user [nora] is not a Domain group !
>  get_domain_user_groups: You should fix it, NT doesn't like that
> [2004/09/26 15:20:49, 1] smbd/service.c:close_cnum(837)
>  dagobah (158.227.67.135) closed connection to service netlogon
> [2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648)
>  dagobah (158.227.67.135) connect to service Profiles initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648)
>  dagobah (158.227.67.135) connect to service Profiles initially as user nora (uid=1012, gid=1001) (pid 1918)
> [2004/09/26 15:20:52, 1] smbd/service.c:close_cnum(837)
>  dagobah (158.227.67.135) closed connection to service Profiles
> 
>

Reply to:

Follow-Ups:
- Re: Samba como PDC - SOLUCIONADO
  - From: Manwe Sulimo <manwe@euskalnet.net>

References:
- Samba como PDC
  - From: Manwe Sulimo <manwe@euskalnet.net>
- Re: Samba como PDC - SEMI_SOLUCIONADO
  - From: Manwe Sulimo <manwe@euskalnet.net>

Prev by Date: Re: servicio SSH
Next by Date: Re: problema con software RAID
Previous by thread: Re: Samba como PDC - SEMI_SOLUCIONADO
Next by thread: Re: Samba como PDC - SOLUCIONADO
Index(es):
- Date
- Thread