no habia respondido porque estuve unos dias sin pinchar, miren segui las
instrucciones que me dicen, aqui les mando adjuntos todos los archivos
de configuracion envueltos en este proceso, los resultados en este
momento son:
-la pc esta unida al dominio, sale en el Active Directory y en el
entorno de red de windows.
-no me puedo loguear con un usuario del dominio, ya eso lo habia hecho
pero tenia que agregar en los grupos que quisiera a
CALDERAS\administrator, esto no lo hice, pues no me lo decian, pero
bueno esto es lo de menos, en esta pc solo me logueo yo, seria mas
comodo loguearme como el admin del ads para no tener que autenticarme
cada vez que quiero entrar a otra pc, pero es opcional.
-cuando trato de entrar a la pc desde otra me pide usuario y contrasena.
-ahora para loguearme en mi pc con mi usuario me pide la contrasena dos
veces.
revisen y diganme ahora que puede suceder, ah, para unir la pc al
dominio use likewise, despues para que saliera en el entorno de red de
windows si tuve que hacer los cambios en el smb.
saludos.
------------ próxima parte ------------
[libdefaults]
default_realm = CALDERAS.VC.MINAZ.CU
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
dns_lookup_kdc = true
[realms]
CALDERAS.VC.MINAZ.CU = {
kdc = servidor.calderas.vc.minaz.cu
}
[domain_realm]
.calderas.vc.minaz.cu = CALDERAS.VC.MINAZ.CU
calderas.vc.minaz.cu = CALDERAS.VC.MINAZ.CU
[login]
krb4_convert = true
krb4_get_tickets = false
[appdefaults]
pam = {
mappings = CALDERAS\\(.*) $1...@calderas.vc.minaz.cu
forwardable = true
validate = true
}
httpd = {
mappings = CALDERAS\\(.*) $1...@calderas.vc.minaz.cu
reverse_mappings = (.*)@CALDERAS\.VC\.MINAZ\.CU CALDERAS\$1
}
------------ próxima parte ------------
#======================= Global Settings =======================
[global]
log file = /var/log/samba/log.%m
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = yes
map to guest = bad user
encrypt passwords = true
passwd program = /usr/bin/passwd %u
passdb backend = tdbsam
dns proxy = no
netbios name = ADMIN
server string =
password server = 172.20.16.1
unix password sync = yes
workgroup = CALDERAS
os level = 20
security = ads
syslog = 0
usershare allow guests = yes
panic action = /usr/share/samba/panic-action %d
max log size = 1000
pam password change = yes
realm = CALDERAS.VC.MINAZ.CU
password server = servidor.calderas.vc.minaz.cu
winbind use default domain = yes
idmap uid=10000-20000
idmap gid=10000-20000
template shell=/bin/bash
template homedir=/home/%U
passdb expand explicit = no
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[Almacen]
writeable = yes
public = yes
path = /media/Almacen
------------ próxima parte ------------
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
#passwd: compat lsass
#group: compat lsass
#shadow: compat
passwd: compat winbind
group: compat winbind
shadow: compat winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
------------ próxima parte ------------
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
#
# here are the per-package modules (the "Primary" block)
account [success=3 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=ok new_authtok_reqd=ok default=ignore] pam_lsass.so
unknown_ok
account [success=1 new_authtok_reqd=done default=ignore] pam_lsass.so
# here's the fallback if no module succeeds
account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
auth sufficient pam_unix.so
auth required pam_winbind.so nullok_secure use_first_pass
------------ próxima parte ------------
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_lsass.so try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
#auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
auth sufficient pam_unix.so
auth required pam_winbind.so nullok_secure use_first_pass
------------ próxima parte ------------
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
#session required pam_unix.so
session sufficient pam_lsass.so
session optional pam_ck_connector.so nox11
# end of pam-auth-update config
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
