Ola,<br><br>Tenho um servidor samba rodando como PDC da rede, estou utilizando o Fedora 5.<br>Tem algumas mensagens que estao se repetindo no log... <br><br>p 29 09:09:25 linuxserver smbd[28045]: [2006/09/29 09:09:25, 0] lib/util_sock.c:read_data(534)
<br>Sep 29 09:09:25 linuxserver smbd[28045]: read_data: read failure for 4 bytes to client <a href="http://192.168.254.235">192.168.254.235</a>. Error = Conexão fechada pela outra ponta<br><br>Nas estacoes eu consegui conectar com o servidor, o que nao funcionou foi a configuracao para usuario administrador! Segui esse tutorial para a configuracao:
<br><br><a href="http://www.dicas-l.com.br/dicas-l/20050202.php">http://www.dicas-l.com.br/dicas-l/20050202.php</a><br><br><br>#####Arquivo configuracao firewall######<br><br>#!/bin/sh<br><br>echo "Iniciando FIREWALL em modo Cliente com politica DROP"
<br><br>iptables -F<br>iptables -t nat -F<br>iptables -t mangle -F<br><br>iptables -P INPUT DROP<br>iptables -P OUTPUT DROP<br>iptables -P FORWARD DROP<br> <br>##Verificar essas regras####<br> <br>##### Proteção contra IP Spoofing #####
<br>echo "Ativando protecao contra IP Spoofing..."<br> for i in /proc/sys/net/ipv4/conf/*/rp_filter; do<br> echo 1 >$i<br> done<br> <br>##### Ativamos o redirecionamento de pacotes (requerido para NAT) #####
<br>echo "Ativando o redirecionamento de pacotes..."<br>echo 1 >/proc/sys/net/ipv4/ip_forward<br>echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts <br> <br>###############################################################
<br># Tabela filter #<br>###############################################################<br> <br># LIBERA TODAS AS CONEXOES ESTABELECIDAS OU RELATADAS<br>iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
<br>iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT<br><br><br># LIBERA LOCALHOST<br>iptables -A INPUT -s <a href="http://127.0.0.1">127.0.0.1</a> -j ACCEPT<br>iptables -A OUTPUT -d <a href="http://127.0.0.1">
127.0.0.1</a> -j ACCEPT<br><br>##Cliente###<br># LIBERA DNS<br>iptables -A OUTPUT -p udp --dport 53 -j ACCEPT<br>iptables -A INPUT -p udp --sport 53 -j ACCEPT<br><br># LIBERA HTTP<br>iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
<br>iptables -A INPUT -p tcp --sport 80 -j ACCEPT<br><br># LIBERA PROXY<br>iptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT<br>iptables -A INPUT -p tcp --sport 3128 -j ACCEPT<br><br># LIBERA FTP<br>iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
<br>iptables -A INPUT -p tcp --sport 21 -j ACCEPT<br><br>iptables -A OUTPUT -p udp --dport 21 -j ACCEPT<br>iptables -A INPUT -p udp --sport 21 -j ACCEPT<br><br>iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT<br>iptables -A INPUT -p tcp --sport 20 -j ACCEPT
<br><br>iptables -A OUTPUT -p udp --dport 20 -j ACCEPT<br>iptables -A INPUT -p udp --sport 20 -j ACCEPT<br><br># LIBERA SSH<br>iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT<br>iptables -A INPUT -p tcp --sport 22 -j ACCEPT
<br><br># LIBERA HTTPS<br>iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT<br>iptables -A INPUT -p tcp --sport 443 -j ACCEPT<br><br># LIBERA MSN<br>iptables -A OUTPUT -p tcp --dport 1863 -j ACCEPT<br>iptables -A INPUT -p tcp --sport 1863 -j ACCEPT
<br><br>#SERVIDOR<br><br># LIBERA TUDO PARA VINDO DA REDE LOCAL<br>iptables -A INPUT -s <a href="http://192.168.254.0/24">192.168.254.0/24</a> -i eth0 -j ACCEPT<br>iptables -A OUTPUT -d <a href="http://192.168.254.0/24">192.168.254.0/24
</a> -o eth0 -j ACCEPT<br><br><br># ACEITA CONEXOES FTP<br>iptables -A INPUT -p tcp --dport 2121 -j ACCEPT<br>iptables -A OUTPUT -p tcp --sport 2121 -j ACCEPT<br><br>iptables -A INPUT -p tcp --dport 8800:8900 -j ACCEPT<br>
iptables -A OUTPUT -p tcp --sport 8800:8900 -j ACCEPT<br><br># ACEITA CONEXOES NOVAS SSH (SERVIDOR)<br>iptables -A INPUT -p tcp --dport 22 -j ACCEPT<br>iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT<br><br># ACEITA CONEXOES NOVAS HTTP (SERVIDOR)
<br>iptables -A INPUT -p tcp --dport 80 -j ACCEPT<br>iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT<br><br>#ACEITA CONEXOES OPENVPN<br>iptables -A INPUT -p tcp --dport 5000:5001 -j ACCEPT<br>iptables -A OUTPUT -p tcp --sport 5000:5001 -j ACCEPT
<br><br># LIBERANDO PING<br>#Ping da internet<br>iptables -A INPUT -i eth1 -p icmp -m limit --limit 2/s -j ACCEPT<br>iptables -A OUTPUT -p icmp -j ACCEPT<br><br><br>##### Chain FORWARD ####<br>echo "Definindo regras da Chain FORWARD..."
<br><br>#Habilitar depois<br>iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT<br><br>#Liberando tudo!<br>iptables -A FORWARD -j ACCEPT<br><br>#######################################################<br># Tabela nat #
<br>#######################################################<br>echo "Definindo regras da tabela NAT..."<br> <br>##### Chain POSTROUTING #####<br># Permite qualquer conexão vinda com destino a lo e rede local para eth0
<br>iptables -t nat -A POSTROUTING -o lo -j ACCEPT<br>iptables -t nat -A POSTROUTING -s <a href="http://192.168.254.0/24">192.168.254.0/24</a> -o eth0 -j ACCEPT<br> <br># É feito masquerading dos outros serviços da rede interna indo para a interface eth1
<br>iptables -t nat -A POSTROUTING -s <a href="http://192.168.254.0/24">192.168.254.0/24</a> -o eth1 -j MASQUERADE<br> <br>########### Chain PREROUTING #################################<br>#Redirecionando conexao do squid para a porta 3128
<br>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128<br><br>#===============FIM===================<br># BLOQUEIA TUDO O RESTO COM REGRAS TBM<br>iptables -A OUTPUT -j DROP<br>iptables -A INPUT -j DROP
<br><br>echo "FIREWALL OK..."<br><br><br>#======================= Global Settings =====================================<br> <br> [global]<br># Grupo, nome e comentáo<br>workgroup = JSINFO<br>netbios name = SERVER
<br>server string = Servidor de Arquivos<br> <br># Wins suporte<br>wins support = yes <br><br># Arquivo de log<br>log file = /var/log/samba/%m.log<br># Tamanho maximo do mesmo<br>max log size = 50<br># Nivel de detalhamento dos logs
<br>debug level = 2<br> <br># Aqui eu alterei o 'security = SHARE' para o abaixo<br>security = USER<br> <br># Necessáo para Windows >= 98<br>encrypt passwords = yes <br><br># Senha criptografada :)<br>unix password sync = yes
<br>smb passwd file = /etc/samba/smbpasswd<br>username map = /etc/samba/smbusers<br>passwd program = /usr/bin/passwd %u<br>passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n <br>*passwd:*all*authentication*tokens*updated*successfully*
<br> <br># Isso tem a ver com o desempenho do servidor<br>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192<br> <br># Essa linha é fodona que coloca estaçs 2k para sambar!<br>add machine script = /usr/sbin/adduser -n -r -g machines -c "Samba machine" -d /dev/null -s /bin/false %u
<br>passdb backend = smbpasswd<br> <br># Somente para a LAN<br>interfaces = eth0<br>bind interfaces only = yes<br> <br># Acentos pt_BR<br>unix charset = iso8859-1<br>display charset = cp850<br> <br># Opcoes para PDC da rede
<br>domain logons = Yes<br>os level = 150<br>preferred master = Yes<br>domain master = Yes<br> <br># Arquivo de lote que sera executado no logon<br>logon script = %U.bat<br> <br># Para nãcriar profile so server<br>#logon path =
<br> <br>#idmap uid = 16777216-33554431<br>#idmap gid = 16777216-33554431<br>#template shell = /bin/false<br>#winbind use default domain = no<br><br><br><br>#-------------------------share-----------------------------------------
<br>[homes] <br> comment = Home Directories<br> browseable = no<br> writable = yes<br><br><br>[assistencia]<br> comment = Area da Assistencia<br> path = /home/jsinfo/assistencia<br> browseable = yes<br># writeable = yes
<br># guest ok = yes<br> write list = diego,sergio,rogerio,hidalgo<br> valid users = diego,sergio,rogerio,hidalgo<br> force create mode = 0775<br> force directory mode = 0775<br> admin users = diego<br><br>[loja]
<br> comment = Area Loja JS<br> path = /home/jsinfo/loja<br> public = yes<br> browseable = yes<br> writeable = yes<br> read only = no<br># valid users = diego,sergio,rogerio,karina<br># write list = diego,sergio,rogerio,karina
<br> force create mode = 0775<br> force directory mode = 0775<br> admin users = diego <br> <br># Compartilhamento dados dos clientes<br>[copias]<br> comment = Dados dos Clientes<br> path = /copias<br> public = yes
<br> browseable = yes<br> read only = no<br> write list = diego,sergio,rogerio,hidalgo<br> force create mode = 0775<br> force directory mode = 0775<br> admin users = diego<br><br># Area da Programacao<br>[programacao]
<br> comment = Desenvolvimento de Programas<br> path = /home/jsinfo/programacao<br># public = yes<br> read only = no<br> browseable = yes<br> valid users = diego,sergio,rogerio,desteu<br> force create mode = 0775
<br> force directory mode = 0775<br> admin users = diego<br><br># Un-comment the following and create the netlogon directory for Domain Logons<br> [netlogon]<br> comment = Network Logon Service<br> path = /home/netlogon
<br> guest ok = yes<br> writable = no<br> share modes = no<br>