Artigos‎ > ‎Compartilhamento de Arquivos‎ > ‎Samba‎ > ‎

Samba on Ubuntu - Finally


Primeiramente gostaria de salientar que não sou o autor principal do conteúdo deste artigo. A minha intenção é de mostrar o que outros autores tem realizado (referenciando links para o conteúdo original) neste blog até como um guia pessoal para uso próprio e ainda compartilhar minhas anotações e pequenas modificações que realizo no conteúdo, desejando que possa ajudar mais alguém em algum lugar.
First and foremost, I take no credit for any of this post’s content. I am really just taking what others have done (which I have links to bellow) and am putting it on my blog for a personal reference and hopefully the small changes that I made to their guides will help someone somewhere.

link: https://help.ubuntu.com/11.04/serverguide/C/samba-fileprint-security.html
link: https://help.ubuntu.com/community/Samba/SambaServerGuide
link: https://help.ubuntu.com/community/OpenLDAP-SambaPDC-OrgInfo-Posix
link: https://help.ubuntu.com/community/SettingUpSambaPDC
link: https://help.ubuntu.com/11.04/serverguide/C/samba-dc.html

Acho que a melhor dica é esta - instale os pacotes abaixo:
sudo apt-get install libpam-smbpass samba apparmor-profiles

Depois é fácil, apenas altere algumas configurações no arquivo /etc/samba/smb.conf
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.old
sudo gedit /etc/samba/smb.conf

[global]
workgroup = EDIFAST
server string = Servidor %h
netbios name = master
wins support = yes
dns proxy = no
interfaces = 127.0.0.0/8 eth1
bind interfaces only = yes
hosts allow = 127.0.0.1, 192.168.0.0/24, 192.168.1.0/24
hosts deny = 0.0.0.0/0
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
guest account = nobody
domain logons = yes
os level = 64
preferred master = yes
domain master = yes
local master = yes
logon path = \\%N\%U\Windows profile
logon drive = H:
logon home = \\%N\%U
logon script = logon.cmd
add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/addgroup --force-badname %g
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -a -G '%g' '%u'
load printers = yes
printing = cups
printcap name = cups
socket options = TCP_NODELAY
time server = yes
create mask = 0644 
directory mask = 0755
ntlm auth = yes
lanman auth = yes
client ntlmv2 auth = yes
client lanman auth = Yes 

[homes]
comment = Home Directories
browseable = no
create mask = 0770
directory mask = 0770
valid users = %S
profile acls = yes
writable = yes
csc policy = disable
vfs objects = recycle
recycle:repository = /srv/samba/lixeira/%U
recycle:keeptree = yes
recycle:versions = yes

[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = yes
read only = yes

[profiles]
   comment = Users profiles
   path = /srv/samba/profiles
   guest ok = no
   browseable = no
   create mask = 0600
   directory mask = 0700
profile acls = yes
writable = yes
csc policy = disable
valid users = %U
admin users = @admin
vfs objects = recycle
recycle:repository = /srv/samba/lixeira/%U
recycle:keeptree = yes
recycle:versions = yes

[printers]
comment = All Printers
browseable = no
guest ok = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
printer admin = @admin

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
write list = root, @lpadmin, @admin

[lixeira]
path = /srv/samba/lixeira/%U
writable = yes
   comment = Users Trash Bin
   guest ok = no
   browseable = no
valid users = %U
admin users = @admin

Depois mofifique:
sudo gedit /etc/apparmor.d/usr.sbin.smbd

Inclua compartilhamentos assim:
/srv/samba/netlogon/ r, 
/srv/samba/netlogon/** rwkix,

Crie o grupo para máquinas:
sudo groupadd machines

Crie os diretórios necessários:
sudo mkdir -p /srv/samba/
sudo mkdir -p /srv/samba/netlogon 
sudo touch /srv/samba/netlogon/logon.cmd

Criando os grupos principais:
sudo net groupmap add ntgroup="Domain Admins" unixgroup=admin rid=512 type=d
sudo net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
sudo net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
sudo net groupmap list

Autorizações adicionais:
sudo net rpc rights grant -U manager "EDIFAST\Domain Admins" \
SeMachineAccountPrivilege \
SePrintOperatorPrivilege \
SeAddUsersPrivilege \
SeDiskOperatorPrivilege \
SeRemoteShutdownPrivilege
SeTakeOwnershipPrivilege \
SeBackupPrivilege \
SeRestorePrivilege \
SeDiskOperatorPrivilege \
SeIncreaseQuotaPrivilege

sudo chgrp -R admin /var/lib/samba

Reinicie tudo com os comandos:
sudo restart smbd 
sudo restart nmbd

Caso voce já tenha usuários criados quando da instalação do samba voce vai precisar criar a senha do samba deste usuários manualmente como comando:
sudo smbpasswd -a manager

Listar usuários do Samba
sudo pdbedit -L
net rpc group members "Domain Users" -U manager
net rpc group members "Domain Admins" -U manager
wbinfo -u
wbinfo -g

Adicionar Usuário ao grupo
net rpc group addmem "Domain Admins" aarvati -U manager

Listar as permissões dos grupos:
net rpc rights list accounts -U manager

Verificar se o dominio esta bem configurado:
sudo net rpc testjoin -S EDIFAST
sudo net join -U manager
wbinfo -t
testparm -v
sudo net rpc join -U manager

Criar máquina manualmente:
sudo addgroup machines
sudo useradd -g machines -s /bin/false master$
sudo passwd -l master$
sudo smbpasswd -a -m master
sudo net rpc join -U manager


Configuring the Windows XP Client:

Notes : Only Windows XP-Professional Edition can join the Domain, it does not work for WindowsXP-Home Edition. 

STEPS: 

1) Make sure that the workstation belonged to the same workgroup as the server and have a fixed IP address and hostname assigned. 

2) Change the registry entry, run the command regedt32 and do the below 
a) RequireSignOrSeal Registry hack 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters 
"RequireSignOrSeal"=dword:00000000 

b) Use the Registry Editor and edit the 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CompatibleRUPSecurity to have the DWORD value of 1 

3) Use the Group Policy Editor (gpedit.msc) and enable "Computer Configuration\Administrative Templates\System\User Profiles\Do not check for user ownership of Roaming Profile Folders". 

4) Go to MyComputer right click Properties. Go to Change and click on Domain and enter the domain-name you want to join. When joining the domain for the First time enter userid as root and give the samba password. Make sure there is an entry for the root in the smbpasswd (samba password) file. 

5) Reboot and then the changes will be effective.


ver ainda: https://help.ubuntu.com/community/SeamlessVirtualization


link: http://www.henriquemachado.com/redes/colocar-o-windows-2008-no-dominio-samba/

Alterar ou adicionar as seguintes chaves no registro do Windows 2008 ou Windows 2007.

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\DWORD DomainCompatibilityMode = 1

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\DWORD DNSNameResolutionRequired = 0

Com estes passos você já conseguirá colocar o Windows no domínio. E para poder logar na estação você precisa desta chave:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters\RequireStrongKey=1

link: http://us.generation-nt.com/answer/samba-fail-join-windows-2008-r2-samba-plusldap-pdc-version-3-5-4-help-199280121.html

||HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
DWORD RequireSignOrSeal = 1

link: http://www.sharepointassist.com/2009/03/12/disable-ctrl-alt-delete-on-windows-2008-server/
Para desabilitar CTRL+ALT+DEL e complexibilidade de senhas

link: http://www.vivaolinux.com.br/dica/Samba-PDC-+-Autenticando-Windows-7-+-Adicionando-usuarios



O URL específico do gadget não foi encontrado



Comments