Si, no habia pensado lo del firewall antes.... probaste de ponerle writable = yes en [Profiles] ?
Saludos. Maxi On Sun, 26 Sep 2004 15:27:07 +0200, Manwe Sulimo <[EMAIL PROTECTED]> wrote: > Tenía que haberlo probado antes, pero no se me ocurrió. > > Haciendo un iptables -F resulta que sí que puedo unir al dominio a los > equipos. Aunque no se qué problemas de puertos tengo. > > Mi problema ahora es el siguiente: A la hora de cerrar la sesion en los > equipos windows, me dice que no puede actualizar el perfil movil. He puesto > todos los permisos habidos y por haber en las carpetas del profile de los > usuarios y he comprobado que en el inicio carga los perfiles, pero por alguna > razón no puede escribirlos. > > La magnífica ayuda de windows sólo dice: > > DETALLE: El sistema no puede hallar el archivo especificado > > Sugerencias de puertos y de perfil movil (lo segundo me correo prisa porque > mañana llegan los usuarios al trabajo) > > NOTA: Adjunto el script de iptables, el smb.conf y el log de un acceso > > ****************************************** > > #! /bin/bash > echo "Iniciando iptables..." > echo "" > #echo "1" > /proc/sys/net/ipv4/ip_forward > > #VACIAR LAS COLAS > iptables -t filter -F > iptables -t nat -F > iptables -t mangle -F > echo "Reglas limpiadas" > > #POLITICA POR DEFECTO > iptables -t filter -P INPUT DROP > iptables -t filter -P FORWARD DROP > iptables -t filter -P OUTPUT ACCEPT > echo "Politica establecida" > > #ACEPTA ESTABLECIDAS > iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > #dejamos entrar respuestas > echo "Conexiones establecidas permitidas" > > #ABRIR COSAS > iptables -t filter -A INPUT -i lo -j ACCEPT #localhost > iptables -t filter -A INPUT -p ICMP -j ACCEPT #ICMP > iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT #ssh > iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT #mysql > iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT #spop3 > iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT #smtp > iptables -t filter -A INPUT -p tcp --dport 137 -j ACCEPT #samba > iptables -t filter -A INPUT -p tcp --dport 138 -j ACCEPT #samba > iptables -t filter -A INPUT -p tcp --dport 139 -j ACCEPT #samba > iptables -t filter -A INPUT -p udp --dport 137 -j ACCEPT #samba > iptables -t filter -A INPUT -p udp --dport 138 -j ACCEPT #samba > iptables -t filter -A INPUT -p udp --dport 139 -j ACCEPT #samba > iptables -t filter -A INPUT -p tcp --dport 445 -j ACCEPT #samba > iptables -t filter -A INPUT -p udp --dport 445 -j ACCEPT #samba > iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT #http > iptables -t filter -A INPUT -p udp --dport 80 -j ACCEPT #http > iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT #http > iptables -t filter -A INPUT -p udp --dport 8080 -j ACCEPT #http > iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT #http > iptables -t filter -A INPUT -p udp --dport 443 -j ACCEPT #http > > echo "Puertos especificos abiertos" > > *************************************************** > > # > #======================= Global Settings ===================================== > [global] > > # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH > workgroup = aholab > > #MANWE añadido > netbios name = bips > > # server string is the equivalent of the NT Description field > server string = Servidor Samba de Aholab > > # Security mode. Defines in which mode Samba will operate. Possible > # values are share, user, server, domain and ads. Most people will want > # user level security. See the Samba-HOWTO-Collection for details. > security = user > > # This option is important for security. It allows you to restrict > # connections to machines which are on your local network. The > # following example restricts access to two C class networks and > # the "loopback" interface. For more examples of the syntax see > # the smb.conf man page > hosts allow = 158.227.67. > > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam. smbpasswd is available for backwards > # compatibility. tdbsam requires no further configuration. > passdb backend = tdbsam > > socket options = TCP_NODELAY > > #MANWE > local master = yes > > # OS Level determines the precedence of this server in master browser > # elections. The default value should be reasonable > os level = 64 > > # Domain Master specifies Samba to be the Domain Master Browser. This > # allows Samba to collate browse lists between subnets. Don't use this > # if you already have a Windows NT domain controller doing this job > domain master = yes > > # Preferred Master causes Samba to force a local browser election on startup > # and gives it a slightly higher chance of winning the election > preferred master = yes > > # Enable this if you want Samba to be a domain logon server for > # Windows95 workstations. > domain logons = yes > > logon path = \\%L\Profiles\%U > > # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names > # via DNS nslookups. The default is NO. > dns proxy = no > > # These scripts are used on a domain controller or stand-alone > # machine to add or delete corresponding unix accounts > add user script = /usr/sbin/useradd %u > add group script = /usr/sbin/groupadd %g > add machine script = /usr/sbin/adduser -n -g machines -c Machine -d > /dev/null -s /bin/false %u > delete user script = /usr/sbin/userdel %u > delete user from group script = /usr/sbin/deluser %u %g > delete group script = /usr/sbin/groupdel %g > > #============================ Share Definitions ============================== > ;[homes] > ; comment = Home Directories > ; browseable = no > ; writable = yes > > ##################################### > #CORPUS Y BBDD > [g] > comment = BBDD y PRJ > path = /mnt/raid1/ > browseable = yes > writable = no > public = no > printable = no > create mode = 0440 > directory mode = 0550 > > #HOMES > [h] > comment = HOME > path = /mnt/raid0/aholab/%U > browseable = yes > writable = yes > public = no > printable = no > create mode = 0640 > directory mode = 0750 > > #Intranet > [Intranet] > comment = Programas y documentación > path = /mnt/intranet > browseable = yes > writable = no > public = no > create mode= 0440 > directory mode = 0550 > > # Un-comment the following and create the netlogon directory for Domain Logons > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = yes > writable = no > share modes = no > > # Un-comment the following to provide a specific roving profile share > # the default is to use the user's home directory > [Profiles] > path = /home/Profiles > browseable = no > guest ok = yes > create mask = 0600 > directory mask = 0700 > > ***************************************************************************** > > [2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648) > dagobah (158.227.67.135) connect to service netlogon initially as user nora > (uid=1012, gid=1001) (pid 1918) > [2004/09/26 15:20:41, 1] smbd/service.c:close_cnum(837) > dagobah (158.227.67.135) closed connection to service netlogon > [2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800) > dagobah (158.227.67.135) couldn't find service nora > [2004/09/26 15:20:41, 0] smbd/service.c:make_connection(800) > dagobah (158.227.67.135) couldn't find service nora > [2004/09/26 15:20:41, 1] smbd/service.c:make_connection_snum(648) > dagobah (158.227.67.135) connect to service netlogon initially as user nora > (uid=1012, gid=1001) (pid 1918) > [2004/09/26 15:20:47, 0] rpc_server/srv_util.c:get_domain_user_groups(376) > get_domain_user_groups: primary gid of user [nora] is not a Domain group ! > get_domain_user_groups: You should fix it, NT doesn't like that > [2004/09/26 15:20:49, 1] smbd/service.c:close_cnum(837) > dagobah (158.227.67.135) closed connection to service netlogon > [2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648) > dagobah (158.227.67.135) connect to service Profiles initially as user nora > (uid=1012, gid=1001) (pid 1918) > [2004/09/26 15:20:50, 1] smbd/service.c:make_connection_snum(648) > dagobah (158.227.67.135) connect to service Profiles initially as user nora > (uid=1012, gid=1001) (pid 1918) > [2004/09/26 15:20:52, 1] smbd/service.c:close_cnum(837) > dagobah (158.227.67.135) closed connection to service Profiles > >