Samba corrompendo arquivos

1. Samba corrompendo arquivos

Leandro
nunesdutra

(usa Debian)

Enviado em 06/04/2015 - 13:07h

Caros, boa tarde!

Criei um compartilhamento no SAMBA, no qual os usuários são autenticados no AD. Após uns 30 dias começou a corromper os arquivos, planilhas do Excel perderam não abrem, acusa opção de filtros ASCII e nenhuma funciona.

Ai vai meu smb.conf

[global]
#Nome do Grupo de Trabalho
workgroup = PARAIBUNA
#Nome do servidor
netbios name = saplic2
server string = saplic2
os level = 20
#Caminho do Log do Samba
log file = /var/log/samba/log.%m
log level = 1
#Tamanho máximo de arquivo de Log em kb
max log size = 100
debug level = 2
#Nível de segurança
#security = share
domain master = false
realm = PARAIBUNA.COM.BR
security = ads
encrypt passwords = true
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
#
#unix charset = iso-8859-1
#unix charset = iso8859-1
#dos charset = iso8859-1
#charset set = iso8859-1
password server = *
auth methods = winbind
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind separator = +
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind refresh tickets = Yes
#idmap uid = 10000-20000
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-99999
template homedir = /dev/null
template shell = /dev/null
#[arquivos]
#comment = publico
#path = /home/samba/
#public = yes
#only guest = no
#writable =yes
#force create mode = 777
#force directory mode = 777
# A sample share for sharing your CD-ROM with others.
[cdrom]
comment = CD
read only = yes
locking = no
path = /media/cdrom0
guest ok = yes

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
/dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
preexec = /bin/mount /media/cdrom0
postexec = /bin/umount /media/cdrom0
############### Compartilhamentos do AD #################
[dados]
#Nome do Compartilhamento
comment = dados
#Caminho do compartilhamento
path = /media/ext4/compartilhamento/Dados/
#Define se o compartilhamento será publico
public = yes
only guest = no
writable = yes
force create mode = 777
force directory mode = 777
#
[users]
#Nome do Compartilhamento
comment = users
#Caminho do compartilhamento
path = /media/ext4/compartilhamento/users
#Define se o compartilhamento será publico
public = yes
only guest = no
writable = yes
force create mode = 777
force directory mode = 777



Kerberos: krb5.conf


[libdefaults]
default_realm = PARAIBUNA.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_ligetime = 7d
forwardable = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
[libdefaults]
default_realm = PARAIBUNA.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_ligetime = 7d
forwardable = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
[libdefaults]
default_realm = PARAIBUNA.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_ligetime = 7d
forwardable = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = { host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true

[realms]
PARAIBUNA.COM.BR = {
kdc = 192.168.0.212
admin_server = sbkp.paraibuna.com.br
defult_domain = paraibuna.com.br
}
[domain_realm]
.paraibuna.com.br = PARAIBUNA.COM.BR
paraibuna.com.br = paraibuna.com.br
[login]
krb4_convert = true
krb4_get_tickets = false
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf


Alguém sabe o que pode estar acontecendo? Como resolver? E se tem como recupere os arquivos que foram corrompidos???


Versão do samba: 3.6.6

debian Squezze.


Obrigado.



  


2. Vírus

Leandro
nunesdutra

(usa Debian)

Enviado em 06/04/2015 - 15:28h


Fala moçada!!!!

O problema não era o samba, é vírus na rede. Ele crypitografou todos os arquivos do compartilhamento.

Alguém sabe um jeito de deixar os compartilhamentos samba mais seguros??

Ou descryptografar esses arquivos?


Valeu pessoal!!!!!!






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts