Samba corrompendo arquivos

1. Samba corrompendo arquivos

nunesdutra
(usa Debian)

Enviado em 06/04/2015 - 13:07h

Caros, boa tarde!

Criei um compartilhamento no SAMBA, no qual os usuários são autenticados no AD. Após uns 30 dias começou a corromper os arquivos, planilhas do Excel perderam não abrem, acusa opção de filtros ASCII e nenhuma funciona.

Ai vai meu smb.conf

[global]
#Nome do Grupo de Trabalho
workgroup = PARAIBUNA
#Nome do servidor
netbios name = saplic2
server string = saplic2
os level = 20
#Caminho do Log do Samba
log file = /var/log/samba/log.%m
log level = 1
#Tamanho máximo de arquivo de Log em kb
max log size = 100
debug level = 2
#Nível de segurança
#security = share
domain master = false
realm = PARAIBUNA.COM.BR
security = ads
encrypt passwords = true
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
#
#unix charset = iso-8859-1
#unix charset = iso8859-1
#dos charset = iso8859-1
#charset set = iso8859-1
password server = *
auth methods = winbind
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind separator = +
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind refresh tickets = Yes
#idmap uid = 10000-20000
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-99999
template homedir = /dev/null
template shell = /dev/null
#[arquivos]
#comment = publico
#path = /home/samba/
#public = yes
#only guest = no
#writable =yes
#force create mode = 777
#force directory mode = 777
# A sample share for sharing your CD-ROM with others.
[cdrom]
comment = CD
read only = yes
locking = no
path = /media/cdrom0
guest ok = yes

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
/dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
preexec = /bin/mount /media/cdrom0
postexec = /bin/umount /media/cdrom0
############### Compartilhamentos do AD #################
[dados]
#Nome do Compartilhamento
comment = dados
#Caminho do compartilhamento
path = /media/ext4/compartilhamento/Dados/
#Define se o compartilhamento será publico
public = yes
only guest = no
writable = yes
force create mode = 777
force directory mode = 777
#
[users]
#Nome do Compartilhamento
comment = users
#Caminho do compartilhamento
path = /media/ext4/compartilhamento/users
#Define se o compartilhamento será publico
public = yes
only guest = no
writable = yes
force create mode = 777
force directory mode = 777

Kerberos: krb5.conf

[libdefaults]
default_realm = PARAIBUNA.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_ligetime = 7d
forwardable = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
[libdefaults]
default_realm = PARAIBUNA.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_ligetime = 7d
forwardable = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
[libdefaults]
default_realm = PARAIBUNA.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_ligetime = 7d
forwardable = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = { host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true

[realms]
PARAIBUNA.COM.BR = {
kdc = 192.168.0.212
admin_server = sbkp.paraibuna.com.br
defult_domain = paraibuna.com.br
}
[domain_realm]
.paraibuna.com.br = PARAIBUNA.COM.BR
paraibuna.com.br = paraibuna.com.br
[login]
krb4_convert = true
krb4_get_tickets = false
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

Alguém sabe o que pode estar acontecendo? Como resolver? E se tem como recupere os arquivos que foram corrompidos???

Versão do samba: 3.6.6

debian Squezze.

Obrigado.

0 0

Quote

2. Vírus

nunesdutra
(usa Debian)

Enviado em 06/04/2015 - 15:28h

Fala moçada!!!!

O problema não era o samba, é vírus na rede. Ele crypitografou todos os arquivos do compartilhamento.

Alguém sabe um jeito de deixar os compartilhamentos samba mais seguros??

Ou descryptografar esses arquivos?

Valeu pessoal!!!!!!

0 0

Quote