Controlador de Domínio c/ Samba

1. Controlador de Domínio c/ Samba

Vinicius Mathias
viniciusmathias

(usa CentOS)

Enviado em 26/01/2018 - 12:35h

Ola, estou com dificuldades para solucionar um caso. Aqui na empresa usávamos o OpenSuse. Porem coma compara de um servidor de aquivos HP precisei migrar para o Cento 7. Este agora é o Domínio Master, está autenticando no meu Server 2008 e 2003. E maquinas com windows 7 aparentemente. Porem nos demais como 10 não abre o netlogon. E após eu inserir no dominio não consigo autenticar
dá os seguinte erro : "Não é possível entrar com está credencial porque o domínio não está disponível.
Winbind Status:
Jan 26 12:25:26 serv-matrix-pdc.agristar.com.br winbindd[8546]: [2018/01/26 12:25:26.783378, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Jan 26 12:25:26 serv-matrix-pdc.agristar.com.br winbindd[8546]: Failed to find domain 'Unix Group'. Check connection to trusted domains!
Jan 26 12:25:31 serv-matrix-pdc.agristar.com.br winbindd[8546]: [2018/01/26 12:25:31.801368, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Jan 26 12:25:31 serv-matrix-pdc.agristar.com.br winbindd[8546]: Failed to find domain 'Unix Group'. Check connection to trusted domains!
Jan 26 12:29:06 serv-matrix-pdc.agristar.com.br winbindd[8546]: [2018/01/26 12:29:06.777637, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Jan 26 12:29:06 serv-matrix-pdc.agristar.com.br winbindd[8546]: Failed to find domain 'Unix Group'. Check connection to trusted domains!
Jan 26 12:29:23 serv-matrix-pdc.agristar.com.br winbindd[8546]: [2018/01/26 12:29:23.779065, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Jan 26 12:29:23 serv-matrix-pdc.agristar.com.br winbindd[8546]: Failed to find domain 'Unix Group'. Check connection to trusted domains!
Jan 26 12:32:08 serv-matrix-pdc.agristar.com.br winbindd[8546]: [2018/01/26 12:32:08.785194, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Jan 26 12:32:08 serv-matrix-pdc.agristar.com.br winbindd[8546]: Failed to find domain 'Unix Group'. Check connection to trusted domains!


SMB Status:
Jan 26 12:10:17 serv-matrix-pdc.agristar.com.br systemd[1]: Starting Samba SMB Daemon...
Jan 26 12:10:17 serv-matrix-pdc.agristar.com.br systemd[1]: smb.service: Supervising process 22746 which is not our child. We'll most likely not notice when it exits.
Jan 26 12:10:17 serv-matrix-pdc.agristar.com.br smbd[22746]: [2018/01/26 12:10:17.807374, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan 26 12:10:17 serv-matrix-pdc.agristar.com.br smbd[22746]: STATUS=daemon 'smbd' finished starting up and ready to serve connections
Jan 26 12:10:17 serv-matrix-pdc.agristar.com.br systemd[1]: Started Samba SMB Daemon.
NMB Status:
Jan 26 11:48:34 serv-matrix-pdc.agristar.com.br nmbd[22589]:
Jan 26 11:48:34 serv-matrix-pdc.agristar.com.br nmbd[22589]: Samba server SERV-MATRIX-PDC is now a domain master browser for workgroup AGRISTAR_PDC on subnet 10.1.0.2
Jan 26 11:48:34 serv-matrix-pdc.agristar.com.br nmbd[22589]:
Jan 26 11:48:34 serv-matrix-pdc.agristar.com.br nmbd[22589]: *****
Jan 26 11:48:43 serv-matrix-pdc.agristar.com.br nmbd[22589]: [2018/01/26 11:48:43.249153, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jan 26 11:48:43 serv-matrix-pdc.agristar.com.br nmbd[22589]: *****
Jan 26 11:48:43 serv-matrix-pdc.agristar.com.br nmbd[22589]:
Jan 26 11:48:43 serv-matrix-pdc.agristar.com.br nmbd[22589]: Samba name server SERV-MATRIX-PDC is now a local master browser for workgroup AGRISTAR_PDC on ...10.1.0.2
Jan 26 11:48:43 serv-matrix-pdc.agristar.com.br nmbd[22589]:
Jan 26 11:48:43 serv-matrix-pdc.agristar.com.br nmbd[22589]: *****




SMB Config:
[global]
ldap ssl = no
admin users = vinicius.mathias, root, steven, arthur, backup, fabiana
ntlm auth = YES
idmap alloc config:backend = ldap
dns proxy = no
netbios name = SERV-MATRIX-PDC
ldap passwd sync = yes
logon script = logon.bat
ldap timeout = 30
local master = yes
idmap alloc config:ldap_base_dn = ou=Idmap,dc=agristar,dc=com,dc=br
workgroup = AGRISTAR_PDC
server signing = mandatory
os level = 100
ldap admin dn = cn=admin,dc=agristar,dc=com,dc=br
security = user
usershare allow guests = yes
client min protocol = SMB3
idmap cache time = 1
log level = 3
smb encrypt = auto
lanman auth = yes
log file = /var/log/samba/%m.log
ldap user suffix = ou=Users
idmap alloc config:ldap_url = ldap://127.0.0.1/
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=2048536 SO_RCVBUF=2048536
idmap negative cache time = 1
client ntlmv2 auth = Yes
map to guest = never
domain master = yes
idmap config * : range = 50000-55000
winbind trusted domains only = yes
client max protocol = SMB3_11
realm = AGRISTAR_PDC
winbind use default domain = yes
passdb backend = ldapsam:ldap://127.0.0.1
wins support = yes
ldap delete dn = Yes
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
server string = PDC MASTER
ldap suffix = dc=agristar,dc=com,dc=br
logon path =
ldap idmap suffix = ou=Idmap
preferred master = yes
#remote announce = 10.1.255.255
winbind cache time = 1
domain logons = Yes
# idmap alloc config:ldap_url = ldap://10.1.0.2/
# passdb backend = ldapsam:ldap://10.1.0.2
# logon home =
#map to guest = bad user
# idmap config * : backend = tdb


## LDAP Settings
#idmap backend = ldap:ldap://127.0.0.1

#add machine script = /usr/sbin/ldapsmb -a -wks "%u"
# add user script = /usr/sbin/ldapsmb -a -u "%u" --shell /bin/false
# delete user script = /usr/sbin/ldapsmb -d -u "%u"
# add group script = /usr/sbin/ldapsmb -a -g "%g"
# delete group script = /usr/sbin/ldapsmb -d -g "%g"
# add machine script = /usr/sbin/ldapsmb -a -wks "%u"

# wins server = 10.1.0.2
# interfaces = eno1
# smb ports = 139
# ldap server require strong auth = yes

#idmap alloc backend = ldap
#idmap config AGRISTAR_PDC : backend = ldap
#:ldap://127.0.0.1/




# For security
#mandatory
#tlm auth =YES
# Modificao para Windowns 7
#Level0 oplocks = no
#client ntlmv0 auth = YES

# Update Grupo para NFe


#arthur
# client ntlmv2 auth = No




#============================ Share Definitions ==============================
[Install]
comment = Install
inherit acls = Yes
path = /file-server/Install/
read only = no

[home$]
comment = Home
path = /file-server/agristar/home
read only = No
vfs objects = recycle
recycle:repository =/file-server/lixeira/homes/
recycle:keeptree = yes
recycle:versions = yes
recycle:directory_mode =777
recycle:subdir_mode=777
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp



#Nome do compartilhamento no windows
[Dados$]
#caminho da pasta no servidor linux
path = /file-server/
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
browsable =yes
writable = yes
#guest ok = yes
read only = no
#public = yes

[netlogon]
comment = Network Logon Service
path = /file-server/netlogon/
write list = root vinicius.mathias arthur
read only = yes


[Setores]
#caminho da pasta no servidor linux
path = /file-server/data/setores
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
browsable =yes
writable = yes
locking = no
#guest ok = yes
read only = no
#public = yes

[Diretoria$]
#caminho da pasta no servidor linux
path = /file-server/data/Diretoria/
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
browsable =yes
writable = yes
locking = no
#guest ok = yes
read only = no

[RH$]
#caminho da pasta no servidor linux
path = /file-server/data/RH/
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
browsable =yes
writable = yes
locking = no
#guest ok = yes
read only = no
#public = yes

[dados_RJ]
comment = Dados RJ
path = /file-server/data/data_g/
read only = No
force create mode = 0777
force directory mode = 0777
veto files =/*.mp3/*.avi/*.mpg/*.wma
#Lixeira
vfs objects = recycle
recycle:repository =/file-server/lixeira/dados_RJ/
recycle:keeptree = yes
recycle:versions = yes
recycle:directory_mode =777
recycle:subdir_mode=777
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#[Dados_mkt$]
# comment = Dados Marketing
# path=/file-server/data/dados_mkt
# browseable = yes
# writable = yes
# guest ok = yes
# public = yes
# locking = no
#valid users = %S
#force user = administrador
#force group = administrador
#read only = No

[Dados_SP$]
# log file = /scripts/samba/log_samba.log
# map acl inherit = yes
# full_audit:prefix = %U|%I|%m
# recycle:keeptree = yes
# full_audit:facility = local6
# inherit acls = yes
# vfs objects = recycle full_audit
# full_audit:success = chdir mkdir open opendir read readdir rename rmdir write
locking = no
# recycle:exclude_dir = tmp
# inherit permissions = yes
# writable = Yes
path = /file-server/data/setores_sp
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
browsable =yes
writable = yes
#guest ok = yes
read only = no
#public = yes



# full_audit:priority = ALERT
#recycle:subdir_mode = 777
#recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
# full_audit:failure = none
comment = Dados SP
#recycle:repository = /file-server/lixeira/Dados_SP/
#recycle:versions = yes
#recycle:directory_mode = 777
#log level = 1






  


2. Alguém que possa me ajudar? Por favor

Vinicius Mathias
viniciusmathias

(usa CentOS)

Enviado em 27/01/2018 - 20:29h

Por favor


3. Re: Controlador de Domínio c/ Samba

Leandro Silva
LSSilva

(usa Outra)

Enviado em 27/01/2018 - 21:32h

Talvez ajude:

https://www.vivaolinux.com.br/dica/Windows-10-e-Netlogon






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts