Erro com Ubuntu configurado para logar no PDC Samba [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 08/03/2010 - 10:18h

Bem, pessoal, segui um tutorial da empresa que eu trabalho para logar o Ubuntu no PDC Samba.
Não tenho o tutorial para mostrar agora, mas aqui vai os arquivos de configuração:

#------------------------------------------------------------------------------------/etc/samba/smb.conf
[global]

## Browsing/Identification ###
unix charset = cp850

# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = SESA

# server string is the equivalent of the NT Description field

server string = nuvis32
password server = SVRCOM1


# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

wins server = 172.29.0.48

# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no


#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
max log size = 50

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
security = domain

# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam

obey pam restrictions = yes

# guest account = guest
# invalid users = root

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix charset = iso8859-1
unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes


client schannel = no
client use spnego = no
server signing = auto
# This option controls how nsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user

########## Domains ###########


########## Printing ##########


# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
printing = cups


############ Misc ############


# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192


winbind use default domain = yes

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U

# The following was the default behaviour in sarge,
# but samba upstream reverted the default because it might induce
# performance issues in large organizations.
# See Debian bug #368251 for some of the consequences of *not*
# having this setting and smb.conf(5) for details.
winbind enum groups = yes
winbind enum users = yes
winbind cache time = 10

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes

#======================= Share Definitions =======================

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
#----------------------------------------------------------------------------------------------------FIM


#-------------------------------------------------------------------------------------/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat winbind

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files winbind

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis winbind
#----------------------------------------------------------------------------------------------------FIM




#------------------------------------------------------------------------------/etc/pam.d/common-account
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
#



account sufficient pam_winbind.so



# here are the per-package modules (the "Primary" block)
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
# here's the fallback if no module succeeds
account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
#----------------------------------------------------------------------------------------------------FIM

#---------------------------------------------------------------------------------/etc/pam.d/common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.



# auth required pam_listfile.so item=user sense=allow file=/etc/system_users onerr=fail
auth sufficient pam_winbind.so




# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_mount.so
auth optional pam_ecryptfs.so unwrap
# end of pam-auth-update config
#----------------------------------------------------------------------------------------------------FIM



#------------------------------------------------------------------------------/etc/pam.d/common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.



# session required pam_mkhomedir.so umask=0022 skel=/etc/skel
session required pam_mkhomedir.so umask=0022 skel=/home/sesa



# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_mount.so
session optional pam_ecryptfs.so unwrap
session optional pam_ck_connector.so nox11
#----------------------------------------------------------------------------------------------------FIM


#----------------------------------------------------------------------------/etc/pam.d/common-password
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords. Without this option,
# the default is Unix crypt. Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.



password sufficient pam_winbind.so




# here are the per-package modules (the "Primary" block)
password [success=1 default=ignore] pam_unix.so obscure sha512
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
password optional pam_gnome_keyring.so
password optional pam_ecryptfs.so
# end of pam-auth-update config
#----------------------------------------------------------------------------------------------------FIM


Pronto...

Depois de já ter adicionado a máquina ao domínio, claro... tudo fica funcionando perfeitamente, mas com uns poréns:

1) A máquina fica criando home de usuários que são do domínio.
2) Já é a 3ª máquina que depois de um tempo (1 mês ou 2), funcionando tudo normalmente, dá o mesmo problema: Na tela do GDM não deixa nenhum usuário logar (local ou de rede) e mostra o seguinte erro:

Problema na instalação!
Os padrões de configuração para o Gerenciador de Energia do GNOME não foram instalados corretamente.
Por favor entre em contato com o administrador do computador.


-------------------------------------
Acontece que quando eu entro no terminal, e dou um 'df -Th' mostra o disco LOTADO!!! CHEIO!!!
A partição é de 10Gb e tudo, depois de eu ter limpo umas coisas (pois só assim consegui logar) ficou ocupando 6,8Gb.
A partição é pequena porque eu criei uma de 140Gb dedicada a dados.
Quem puder dar qualquer sugestão, desde já, agradeço.

removido
(usa Nenhuma)

Enviado em 10/03/2010 - 12:39h

Alguém, alguma dica???
:S

removido
(usa Nenhuma)

Enviado em 26/03/2010 - 11:26h

bom dia 4sousa

bom sobre o primeiro não entendi muito bem, mas vc quis dizer que todo mundo q loga nessa maquina é criado uma pasta home?! bom se for isso é pq no arquivo do smb.conf esta configurado assim

template homedir = /home/%U

ou seja todo mundo que logar irar criar a pasta home em /home/nome_do_usuario_samba
para parar de acontecer isso só alterar o %U para algum nome qualquer tipo samba
aí qualquer usuario q logar no computador ira usar o mesmo home ok

sobre o segundo item não vou saber responder...

se voce puder postar a tutorial completa de como por o ubuntu no dominio eu iria agradecer eu até to conseguindo colocar ele no dominio mas estranho que ele não enxerga os compartilhamentos corretamente

vlw
t+

removido
(usa Nenhuma)

Enviado em 12/04/2010 - 11:01h

Grande, sergei

Acontece o seguinte:
está sendo criado um /home/%u de todos os usuários do domínio, mesmo os que não logaram na estação. E isso é automático.

Mas a sua dica foi ótima... porque se eu colocar para os usuários utilizarem o mesmo perfil, aí eu seguro este problema que está acontecendo aqui.

Vamos ver no que vai dar...

Não vou deixar o tópico como resolvido porque alguém ainda pode saber algo que possa resolver especificamente o problema que mencionei.

Muito obrigado grande sergei.
Abraço.

removido
(usa Nenhuma)

Enviado em 13/04/2010 - 10:22h

isso é muito estranho...

concerteza teve ser alguma configuração do samba, mas realmente não tive tempo de ler as configurações da sua estação, mas acho estranho o seu arquivo nsswitch.conf, pois o normal é colocar o winbind apenas nas 3 primeiras linha e não em networks ou netgroup apesar q usei essa configurações aqui para testar e não replicou o erro...

mas de qualquer forma eu tenho varias estação com ubuntu 9.10 no dominio e nenhuma gerou esse erro, assim que possivel vou postar os arquivos de configuração que eu uso ok, mas já pra adiantar consegui fazer esse procedimento seguindo as instrução desse link

http://www.guiadohardware.net/tutoriais/samba-pdc/pagina6.html

eu fiz igualzinho e deu certo tenta fazer isso eu um computador qualquer só para teste
e posta o resultado depois

flw
t+

leandro.miranda
(usa Debian)

Enviado em 06/08/2010 - 15:12h

Estou com um problema parecido, o meu ao ativar o smb.conf como samba PDC ele dá time out no login e não deixa ninguem logar de forma alguma, só removendo o smb.conf que eu consigo logar no servidor. Isso é muito estranho e eu ja rodei o comando no console antes de reiniciar e mesmo assim nao deu.

$sudo pam-auth-update
#pam-auth-update