Configurando Samba como PDC em rede com esta??es Windows XP

Configurando Samba como PDF e esta??es Windows XP

Neste tutorial estaremos abordando a configura??o do servi?o Samba com Primary Domain Controler (PDC) para gerenciar uma rede Microsoft Windows XP.

Conceitos iniciais

Estaremos abordando nesta sess?o os conceitos b?sicos do gerenciamento por dom?nio e qual a sua funcionalidade junto ao gerenciamento das esta??es e servidores.

Dom?nio de Rede Netbios

O dom?nio de rede ? uma m?quina chamada PDC ( Primary Domain Controller ), que mant?m o controle de todas as contas de usu?rios,grupos e permissionamento de acesso aos recursos da rede, com isso voc? pode em exemplos pr?ticos controlar o niv?l de acesso dos usu?rios as recursos do sistema operacional assim com os dispositivos e pastas na rede dentro do dom?nio no a m?quina ? membro.

Outra vantagem ? a configura??o de scripts de inicializa??o, com isso o administrador pode configurar scripts para quando as m?quinas logarem no dom?nio elas autom?ticamente executarem o script configurado.
Um exemplo pr?tico ? a setagem de data/hora atrav?s de NTP, recurso que o Samba tamb?m disponibiliza.

Tamb?m ? bom lembrar que apesar do nome e aspectos serem os mesmos a palavra Dom?nio em redes Netbios n?o t?m o mesmo significado de dom?nios na internet.

Local Master Browser

A m?quina Local Master Browser ? a m?quina no qual receber? uma rela??o de recursos de compartilhamento via broadcast, para estabelecer para m?quina e grupos a rela??o dos recursos que cada conta possui junto ao PDC, lembrando que uma nova elei??o de Local Master Browser ? feita a cada 36 minutos, com isso ? mantido uma redund?ncia de servidor de dom?nio, caso a m?quina atual cair, dando lugar para um segundo servidor que tamb?m j? possui a rela??o do recursos que as m?quina possuem junto ao dom?nio.

Domain Master Browser

O Domain Master Browser tamb?m conhecido como PDC, ? consultado atrav?s de um servidor Wins pelo Local Master Browser, para estabelecer a rela??o de recursos administrador pelo dom?nio na rede.

N?o iremos se aprofundar nestes conceitos porque assim ele ir?o fugir dos motivos deste tutorial, caso queira entender melhor aconselhados a leitura do documento

http://focalinux.cipsga.org.br/guia/avancado/ch-s-samba.htm

Nos exemplos abaixo, estaremos mostrando a configura??o de um arquivo smb.conf, no qual possui os parametros de configura??o do Samba como PDC e no pr?prio arquivo estarei comentando sobre cada recurso do arquivo.

# Modelo de arquivo de configura??o do Samba 2.2.3a-12.3
#============ Global ==============
[global] # Inicia a sess?o do arquivo Global
wins support=yes # Habilita o suporte a Wins
os level=100 # Niv?l de hierarquia de elei??o para m?quinas como Local Master Browser, quanto maior o valor descrito, maior as chances deste servidor se eleger como Local Master Browser.
local master=yes # Habilita o servidor como Local Master Browser
preferred master=yes # Disponibiliza para este servidor a prefer?ncia de se eleger como Local Master Browser
domain master=yes # Habilita este servidor como servidor de dom?nio principal
admin users=administrador # Usu?rio administrador do PDC
encrypt passwords = yes # Caso a op??o seja “yes”, as senhas s?o encriptadas no envio para o servidor Samba caso “no” ser?o enviadas como texto sem codifica??o.
netbios name = servidor # Nome NetBios do servidor
workgroup = Samba # Caso a m?quina seja configurada como PDC o workgroup passa a ser o nome do dom?nio.
smb passwd file=/etc/samba/smbpasswd # Path absoluto do arquivo de armazenamento das senhas do Samba
server string=Servidor de dados samba # Coment?rio sobre o servidor Samba em quest?o
log file=/var/log/samba/%m.log # Param?tros de configura??o do arquivo de Log do Samba, geralmente aconselho a direcionar para /var/log/samba/
max log size= 100 # Tamanho m?ximo para o arquivo de log
security=user # Diz para a seguran?a do servidor seja feita a niv?l de usu?rio
time server=yes # Habilita o recurso de servidor de Data/Hora do Samba
socket options=TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Op??es de comunica??o de pacotes TCP junto ao servidor Samba
domain logons=yes # Habilita o login de usu?rio pelo dom?nio
veto files=/*.pif/*.{*}/ # Bloqueia a escrita de arquivos de extens?o .PIF
bind interfaces only = 1 # Habilita o recurso de limita??o de acesso por interface de rede
interfaces = loopback eth1 # Limita o acesso ao servidor samba apenas para a interface de rede eth1, em nosso caso a interface da rede local.

#========== Arquivo de Log ==============

logon path=\\%N\profiles\%u
logon drive=X:
logon home=\\servidor\%u

#========== NetLOGON ==================
[netlogon]
path=/mnt/disk1/netlogons
read only =yes
write list=jaccon

[drive1]
path=/mnt/disk1/shared/ # Path absoluto do volume
read only = no # Habilitar somente leitura “yes” ou “no”
write list= jaccon, +administrator # Lista de usu?rio v?lidos para grava??o no volume
writable = yes # Disponibiliza o volume para grava??o

[cdrom]
path = /cdrom # Path absoluto do volume
comment = Unidade de CD-ROM 1 # Coment?rio sobre este dispositivo
read only = yes # Disponibiliza o volume apenas para leitura
preexec = /bin/mount /cdrom # Executa o comando para montagem autom?tica do dispositivo de cdrom
preexec close = yes # Habilita os comandos de finaliza??o de execu??o dos recursos deste dispositivo
postexec = /bin/umount /cdrom # Desmonta o dispositivo a final de suas opera??es.

Ap?s ter configurado o arquivo smb.conf devemos seguir alguns passos para adicionar as m?quinas em nosso dom?nio:

Preparando o Sistema Operacional do Cliente

Windows XP Professional Edition

Crie um arquivo chamado append-domain-config.reg, por algum editor de texto e adicione as seguintes linhas:

REGEDIT4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
“RequireSignOrSeal”=dword:00000000
“SignSecureChannel”=dword:00000000

lembre-se este arquivo deve ser salvo em formato txt sem codifica??o de prefer?ncia em salvar na raiz do sistema do tipo c:\\append-domain-config.reg
Criado o arquivo, clique no menu Iniciar/Executar/cmd , depois tecle Enter
Na sequ?ncia digite regedit c:\\append-domain-config.reg , com isso ser? adicionado ao Registro do Windows as configura??es necess?rias para aut?ntica??o no Samba.

Depois clique em /Iniciar/Painel de Controle/Ferramentas administrativas/Diretiva de seguran?a local/ , observe que na parte lateral esquerda da janela h? alguns submenus, clique em Diretivas locais/Op??es de Seguran?a

Na janela de op??es de seguran?a, desative as op??es “Encriptar digitalmente ou assinar um canal seguro (sempre)”, “Desativar modifica??es de senha na conta de m?quina” e “Requer chave de se??o forte (Windows 2000 ou superior).”

Preparando o Samba no Servidor

No Servidor ? necess?rio que voc? adicione uma conta para sua m?quina, ela deve ter o mesmo nome da m?quina da esta??o Windows XP, em nosso exemplo usaremos o nome estacao1

para isso entre como Super-Usu?rio digitando estes comandos no Shell do servidor Samba:

#addgroup Sambadomain

Com isso voc? adicionar? um grupo para gerenciamento do PDC, depois digite:

#useradd –force-badname estacao1$

? obrigat?rio no nome da esta??o estar com o caractere $.

Depois edite o arquivo /etc/passwd e altere os param?tros da contat estacao1, para que a conta n?o tenha um Home v?ligo nem um Shell v?lido.

Ex:
estacao1$:x:1017:100::/dev/null:/bin/false

Com isso agora devemos adicionar a m?quina ao arquivo smbpasswd
#smbpasswd -a -m estacao1

* Aqui n?o ? necess?rio o uso o caractere $

Altere a senha do root do Samba com o comando smbpasswd

#smbpasswd

Entre com uma senha para o root do servidor samba.

Finalizando

Agora devemos finalizar as configura??es no cliente, para isso devemos clicar com o bot?o direito em Meu Computador/Propriedades/ , selecione a aba Nome do Computador, depois Alterar, clique no bot?o r?dio Dom?nio e entre com o nome de dom?nio do servidor Samba, lembrando que o nome ? o mesmo do nome do Workgroup do arquivo /etc/samba/smb.conf

Com isso voc? deve ter sua rede controlado pelo dom?nio Samba.

Qualquer d?vida ou informa??o ? s? entrar em contato.

Obrigado.

Posted in Sem categoria

Configurando e Otimizando o Portsentry

Neste documento em Ingl?s do site Linux.com, voc? poder? conferir como configurar o PortSentry de forma que sua configura??o fique personalizada:

Confira o Artigo Original em:
http://howtos.linux.com/guides/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap14sec117.shtml

14.6. Configure and Optimise Portsentry

You have to configure the the /usr/psionic/portsentry/portsentry.conf file which is the main configuration file for the PortSentry Software; you can specify which ports you want to listen to, which IP addresses are denied, monitor, ignore, disable automatic responses, and so on. For more information read the README.install file under the PortSentry source directory. Edit the portsentry.conf file, vi /usr/psionic/portsentry.conf and check/change the following options to fit your needs:

# PortSentry Configuration
#
# $Id: portsentry.conf,v 1.13 1999/11/09 02:45:42 crowland Exp crowland $
#
# IMPORTANT NOTE: You CAN NOT put spaces between your port arguments.
#
# The default ports will catch a large number of common probes
#
# All entries must be in quotes.

#######################
# Port Configurations #
#######################
#
#
# Some example port configs for classic and basic Stealth modes
#
# I like to always keep some ports at the “low” end of the spectrum.
# This will detect a sequential port sweep really quickly and usually
# these ports are not in use (i.e. tcpmux port 1)
#
# ** X-Windows Users **: If you are running X on your box, you need to be sure
# you are not binding PortSentry to port 6000 (or port 2000 for OpenWindows users).
# Doing so will prevent the X-client from starting properly.
#
# These port bindings are *ignored* for Advanced Stealth Scan Detection Mode.
#

# Un-comment these if you are really anal:
#TCP_PORTS=”1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320″
#UDP_PORTS=”1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,32770,32771,32772,32773,32774,31337,54321″
#
# Use these if you just want to be aware:
TCP_PORTS=”1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,31337,32771,32772,32773,32774,40421,49724,54320″
UDP_PORTS=”1,7,9,69,161,162,513,635,640,641,700,32770,32771,32772,32773,32774,31337,54321″
#
# Use these for just bare-bones
#TCP_PORTS=”1,11,15,110,111,143,540,635,1080,524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320″
#UDP_PORTS=”1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321″

###########################################
# Advanced Stealth Scan Detection Options #
###########################################
#
# This is the number of ports you want PortSentry to monitor in Advanced mode.
# Any port *below* this number will be monitored. Right now it watches
# everything below 1023.
#
# On many Linux systems you cannot bind above port 61000. This is because
# these ports are used as part of IP masquerading. I don’t recommend you
# bind over this number of ports. Realistically: I DON’T RECOMMEND YOU MONITOR
# OVER 1023 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You’ve been
# warned! Don’t write me if you have have a problem because I’ll only tell
# you to RTFM and don’t run above the first 1023 ports.
#
#
ADVANCED_PORTS_TCP=”1023″
ADVANCED_PORTS_UDP=”1023″
#
# This field tells PortSentry what ports (besides listening daemons) to
# ignore. This is helpful for services like ident that services such
# as FTP, SMTP, and wrappers look for but you may not run (and probably
# *shouldn’t* IMHO).
#
# By specifying ports here PortSentry will simply not respond to
# incoming requests, in effect PortSentry treats them as if they are
# actual bound daemons. The default ports are ones reported as
# problematic false alarms and should probably be left alone for
# all but the most isolated systems/networks.
#
# Default TCP ident and NetBIOS service
ADVANCED_EXCLUDE_TCP=”113,139″
# Default UDP route (RIP), NetBIOS, bootp broadcasts.
ADVANCED_EXCLUDE_UDP=”520,138,137,67″

######################
# Configuration Files#
######################
#
# Hosts to ignore
IGNORE_FILE=”/usr/psionic/portsentry/portsentry.ignore”
# Hosts that have been denied (running history)
HISTORY_FILE=”/usr/psionic/portsentry/portsentry.history”
# Hosts that have been denied this session only (temporary until next restart)
BLOCKED_FILE=”/usr/psionic/portsentry/portsentry.blocked”

###################
# Response Options#
###################
# Options to dispose of attacker. Each is an action that will
# be run if an attack is detected. If you don’t want a particular
# option then comment it out and it will be skipped.
#
# The variable $TARGET$ will be substituted with the target attacking
# host when an attack is detected. The variable $PORT$ will be substituted
# with the port that was scanned.
#
##################
# Ignore Options #
##################
# These options allow you to enable automatic response
# options for UDP/TCP. This is useful if you just want
# warnings for connections, but don’t want to react for
# a particular protocol (i.e. you want to block TCP, but
# not UDP). To prevent a possible Denial of service attack
# against UDP and stealth scan detection for TCP, you may
# want to disable blocking, but leave the warning enabled.
# I personally would wait for this to become a problem before
# doing though as most attackers really aren’t doing this.
# The third option allows you to run just the external command
# in case of a scan to have a pager script or such execute
# but not drop the route. This may be useful for some admins
# who want to block TCP, but only want pager/e-mail warnings
# on UDP, etc.
#
#
# 0 = Do not block UDP/TCP scans.
# 1 = Block UDP/TCP scans.
# 2 = Run external command only (KILL_RUN_CMD)

BLOCK_UDP=”1″
BLOCK_TCP=”1″

###################
# Dropping Routes:#
###################
# This command is used to drop the route or add the host into
# a local filter table.
#
# The gateway (333.444.555.666) should ideally be a dead host on
# the *local* subnet. On some hosts you can also point this at
# localhost (127.0.0.1) and get the same effect. NOTE THAT
# 333.444.555.66 WILL *NOT* WORK. YOU NEED TO CHANGE IT!!
#
# All KILL ROUTE OPTIONS ARE COMMENTED OUT INITIALLY. Make sure you
# uncomment the correct line for your OS. If you OS is not listed
# here and you have a route drop command that works then please
# mail it to me so I can include it. ONLY ONE KILL_ROUTE OPTION
# CAN BE USED AT A TIME SO DON’T UNCOMMENT MULTIPLE LINES.
#
# NOTE: The route commands are the least optimal way of blocking
# and do not provide complete protection against UDP attacks and
# will still generate alarms for both UDP and stealth scans. I
# always recommend you use a packet filter because they are made
# for this purpose.
#

# Generic
#KILL_ROUTE=”/sbin/route add $TARGET$ 333.444.555.666″

# Generic Linux
#KILL_ROUTE=”/sbin/route add -host $TARGET$ gw 333.444.555.666″

# Newer versions of Linux support the reject flag now. This
# is cleaner than the above option.
KILL_ROUTE=”/sbin/route add -host $TARGET$ reject”

# Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD)
#KILL_ROUTE=”/sbin/route add $TARGET$ 333.444.555.666″

# Generic Sun
#KILL_ROUTE=”/usr/sbin/route add $TARGET$ 333.444.555.666 1″

# NEXTSTEP
#KILL_ROUTE=”/usr/etc/route add $TARGET$ 127.0.0.1 1″

# FreeBSD (Not well tested.)
#KILL_ROUTE=”route add -net $TARGET$ -netmask 255.255.255.255 127.0.0.1 -blackhole”

# Digital UNIX 4.0D (OSF/1 / Compaq Tru64 UNIX)
#KILL_ROUTE=”/sbin/route add -host -blackhole $TARGET$ 127.0.0.1″

# Generic HP-UX
#KILL_ROUTE=”/usr/sbin/route add net $TARGET$ netmask 255.255.255.0 127.0.0.1″

##
# Using a packet filter is the preferred method. The below lines
# work well on many OS’s. Remember, you can only uncomment *one*
# KILL_ROUTE option.
##

###############
# TCP Wrappers#
###############
# This text will be dropped into the hosts.deny file for wrappers
# to use. There are two formats for TCP wrappers:
#
# Format One: Old Style – The default when extended host processing
# options are not enabled.
#
KILL_HOSTS_DENY=”ALL: $TARGET$”
#
# Format Two: New Style – The format used when extended option
# processing is enabled. You can drop in extended processing
# options, but be sure you escape all ‘%’ symbols with a backslash
# to prevent problems writing out (i.e. \%c \%h )
#
#KILL_HOSTS_DENY=”ALL: $TARGET$ : DENY”

###################
# External Command#
###################
# This is a command that is run when a host connects, it can be whatever
# you want it to be (pager, etc.). This command is executed before the
# route is dropped. I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS
# AGAINST THE HOST SCANNING YOU. TCP/IP is an *unauthenticated protocol*
# and people can make scans appear out of thin air. The only time it
# is reasonably safe (and I *never* think it is reasonable) to run
# reverse probe scripts is when using the “classic” -tcp mode. This
# mode requires a full connect and is very hard to spoof.
#
#KILL_RUN_CMD=”/some/path/here/script $TARGET$ $PORT$”

#####################
# Scan trigger value#
#####################
# Enter in the number of port connects you will allow before an
# alarm is given. The default is 0 which will react immediately.
# A value of 1 or 2 will reduce false alarms. Anything higher is
# probably not necessary. This value must always be specified, but
# generally can be left at 0.
#
# NOTE: If you are using the advanced detection option you need to
# be careful that you don’t make a hair trigger situation. Because
# Advanced mode will react for *any* host connecting to a non-used
# below your specified range, you have the opportunity to really
# break things. (i.e someone innocently tries to connect to you via
# SSL [TCP port 443] and you immediately block them). Some of you
# may even want this though. Just be careful.
#

SCAN_TRIGGER=”0″

######################
# Port Banner Section#
######################
#
# Enter text in here you want displayed to a person tripping the PortSentry.
# I *don’t* recommend taunting the person as this will aggravate them.
# Leave this commented out to disable the feature
#
# Stealth scan detection modes don’t use this feature
#
PORT_BANNER=”** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY.”

# EOF

Now, we must check/change its default permission for security reasons:

[root@deep] /#chmod 600 /usr/psionic/portsentry/portsentry.conf

You need to configure the /usr/psionic/portsentry/portsentry.ignore file, where you add in any host you want to have ignored if it connects to a tripwired port. This should always contain at least the localhost 127.0.0.1 and the IP’s of the local interfaces lo. It is not recommend that you put in every IP on your network. Edit the portsentry.ignore file, vi /usr/psionic/portsentry.ignore and add in any host you want to have ignored if it connects to a tripwired port:

# Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.

127.0.0.1
0.0.0.0

Now, we must check/change its default permission for security reasons:

[root@deep] /#chmod 600 /usr/psionic/portsentry/portsentry.ignore

14.7. Test fire your PortSentry

The PortSentry program can be configured in six different modes of operation, but be aware that only one protocol mode type can be started at a time. To be more accurate, you can start one TCP mode and one UDP mode, so two TCP modes and one UDP modes, for example, doesn’t work. The available modes are:

portsentry -tcp

basic port-bound TCP mode
portsentry -udp

basic port-bound UDP mode
portsentry -stcp

Stealth TCP scan detection
portsentry -atcp

Advanced TCP stealth scan detection
portsentry -sudp

Stealth UDP scan detection
portsentry -audp

Advanced Stealth UDP scan detection

In my case I prefer to start TCP in Advanced TCP stealth scan detection protocol mode and UDP in Stealth UDP scan detection protocol mode. For information about the other protocol modes, please refer to the README.install and README.stealth file under the PortSentry source directory. For TCP mode I choose:

-atcp

Advanced TCP stealth scan detection mode

With the Advanced TCP stealth scan detection mode -atcp protocol mode type, PortSentry will first check to see what ports you have running on your server, then remove these ports from monitoring and will begin watching the remaining ports. This is very powerful and reacts exceedingly quickly for port scanners. It also uses very little CPU time.

For UDP mode I choose:

-sudp

Stealth UDP scan detection mode

With the Stealth UDP scan detection mode -sudp protocol mode type, the UDP ports will be listed and then monitored.

To start PortSentry in the two modes selected above, use the commands:

[root@deep] /# /usr/psionic/portsentry/portsentry -atcp
[root@deep] /# /usr/psionic/portsentry/portsentry -sudp

Tip: You can add the above lines to your /etc/rc.d/rc.local script file and PortSentry software will be automatically started if you reboot your system.

These are the files Installed by Portsentry on your system:

/usr/psionic
/usr/psionic/portsentry
/usr/psionic/portsentry/portsentry.conf
/usr/psionic/portsentry/portsentry.ignore
/usr/psionic/portsentry/portsentry

Posted in Sem categoria

Screenshots de diversos Sistemas Operacionais

Nesta busca feita no sistema de busca de imagens do Google encontramos diversos screenshots de Sistemas Operacionais, muito interessante:

http://images.google.com.br/imgres?imgurl=http://www.jfedor.org/shots/beos.png&imgrefurl=http://www.jfedor.org/shots/&h=768&w=1024&sz=49&tbnid=965gcu1kGmEJ:&tbnh=112&tbnw=149&start=94&prev=/images?q=sunos+&start=80&hl=pt-BR&lr=&sa=N

Posted in Sem categoria

Script para logon para Windows em dominio samba

Exemplo de Login Script para esta??es Windows

O login script (ou logon script) ? uma ferramenta muito ?til para disponibilizar recursos na rede. O script abaixo ? um exemplo que pode usado em redes com esta??es Windows.

Lembre-se de que deve sre criado com o notepad (por exemplo) em uma esta??o Windows para que funcione corretamente! (Confira a se??o [global] para saber mais sobre o logon script). Note que a sintaxe do comando net ? diferente para sistemas 95/98/Me e NT.

#############################################

rem Logon script padrao para a rede.

net time \\servidor1 /set /yes
@echo off
if %OS%.==Windows_NT. goto WinNT

:Win95
net use X: \\servidor1\pasta_01
net use Z: /HOME
goto end

:WinNT
net use X: \\servidor1\pasta_01 /persistent:no
net use Z: /HOME /persistent:no

:end

Posted in Sem categoria

Configurando Samba e Windows XP

Este artigo foi retirado do site VivaoLinux.com.br

Instalando os pacotes SMB

Primeiro deve-se colocar o Samba para rodar quando a m?quina for iniciada. Para isso utilize o comando “ntsysv” e habilite a op??o SMB.

Edite o arquivo /etc/samba/smb.conf (RedHat) ou /etc/smb.conf (Conectiva). Nele, altere/descomente os seguintes campos: (modelo do arquivo SMB.CONF)

[global]
Workgroup = [nome do dom?nio do grupo] # configurar tamb?m nas esta??es Windows
server string = [descri??o do servidor] # servidor de arquivos XYZ
hosts allow = [ips liberados] # libera acesso para um range de ips espec?ficos
security = [user] # exige autentica??o do usu?rio
log file = /var/log/samba/log.%m
max log size = 100
logon script = %U.bat
domain logons = Yes
os level = 100
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
preferred master = True
domain master = True
local master = True

[netlogon]
# OBS: N?o esquecer de criar a pasta netlogon no caminho especificado no path
comment = Network Logon Service
path = /data/home/netlogon
guest ok = Yes
share modes = No

# Compartilhando Pastas e CDROM no SAMBA.
[Comum]
comment = Diret?rio Publico
path = /data/g/Comum # Caminho da pasta a ser compartilhada
write list = @everyone
read only = No
create mask = 0770
directory mask = 0770

[Cdrom]
comment = Acesso ao Cdrom
path = /mnt/cdrom
write list = @everyone

Cria??o do grupo e usu?rios no Samba:
# groupadd [nome do grupo]
# useradd -d /dev/null -s /dev/null -c [nome do usu?rio] -g [grupo] -m [nome da m?quina$]
# smbpasswd -am [nome da m?quina$]

Trocar a senha do root do samba por quest?es de seguran?a:

# smbpasswd -a root

Ativar o servi?o SMB atrav?s do comando:

# service smb start

Autentica??o do Windows XP no Samba:

Editar a seguinte linha no Regedit:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal

(trocar seu valor para 0)

1. Clique em painel de controle e depois em sistema;
2. Clique em Nome do Computador;
3. Clique em ID da rede.
4. Clique em avan?ar, selecione a op??o “Este computador faz parte de uma rede corporativa …”;
5. Clique em avan?ar, escolha “Minha empresa usa uma rede com um dom?nio”;
6. Clique em avan?ar 2 x;
7. No campo nome do usu?rio digite um usu?rio cadastrado no Samba, digite a senha e o dom?nio que sua rede pertence;
8. Clique em avan?ar, digite o nome do seu computador (que foi cadastrado no samba sem o $) e o dom?nio da rede novamente;
9. Clique em avan?ar, no campo nome de usu?rio digite o usu?rio root (do samba) sua senha e dom?nio do Samba;
10. Clique em OK na mensagem: “Bem Vindo ao dom?nio …”;
11. Reiniciar o Windows XP com a op??o de logar no dom?nio da sua rede com qualquer usu?rio cadastrado no samba.

Posted in Sem categoria