[FUG-BR] Samba 3.3.3 + FreeBSD 7.2 + Windonws
Galera, bom dia. Bom, instalei o samba no meu servidor através do ports, mas não consigo autenticar usuarios no mesmo (ainda não é um PDC). Segue abaixo meu smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = MYGROUP # server string is the equivalent of the NT Description field server string = Samba Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = user # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 192.168.0. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, cups, sysv, plp, lprng, aix, hpux, qnx ; printing = cups # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # log file = /var/log/samba/log.%m log file = /var/log/samba/samba.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = NT-Server-Name # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of ; realm = MY_REALM # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/etc/smb.conf.%m # Most people will find that this option gives better performance. # See the chapter 'Samba performance issues' in the Samba HOWTO Collection # and the manual pages for details. # You may want to add the following on a Linux system: ; socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 ;interfaces = 192.168.0.180/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job
Re: [FUG-BR] qmail-ldap e badrcptto
Não uso qmail, mas será que essas expressões regulares não ancoram,
automaticamente, o padrão de busca ao início (^) e ao fim ($) da string?
Porque, se matheus* se transformar implicitamente em ^matheus*$, esse
padrão não vai realmente se aplicar a math...@ Se você quisesse algo
assim, teria que usar ou matheus.* ou mat...@.*.
2009/7/3 Fernando Buzon Macedo ferna...@bebedouro.sp.gov.br
Eu que falava do badrcptto, na verdade seria o qregex!
###
qregex-20060423.patch
Adiciona a possibilidade de usar expressões regulares nos arquivos
badmailfrom, badmailfromnorelay, badrcptto, badrcpttonorelay e badhelo.
###
Eu fiz um teste com o badmailfrom.
Por exemplo:
Se eu coloco: math...@bebedouro.sp.gov.br
funciona e rejeita os emails do matheus
mas se eu coloco:
matheus*
ai ja não funciona!
Deveria funcionar certo?
Então quando eu disse do badrcptto que não funciona vcs esqueçam isso,
O caso é que o patch do qregex que não funciona.
Só pra desencargo segue o meu showconfig:
=== The following configuration options are available for qmail-
ldap-1.03.20060201_3:
LOCALTIME_PATCH=on emit dates in the local timezone
TLS=on SMTP TLS support
ALTQUEUE=on run a QMAILQUEUE external queue
BIGBROTHER=off use the control/bigbrother program
BIGTODO=on use big_todo qmail patch
BIND_8_COMPAT=off Needed if compile fails building dns.c
CLEARTEXTPASSWD=off use cleartext passwords (Dangerous!)
DASH_EXT=on dash_ext extended mail addresses add
DATA_COMPRESS=on smtp on the fly DATA compression
EXTERNAL_TODO=on external high-performance todo processing
IGNOREVERISIGN=off disallow dns wildchar matches on gtlds
QLDAP_CLUSTER=on cluster support
QMQP_COMPRESS=on QMQP on the fly compression
QUOTATRASH=on include the Trash in the quota
SMTPEXECCHECK=on smtp DOS/Windows executable detection
AUTOMAILDIRMAKE=on the auto-maildir-make feature
AUTOHOMEDIRMAKE=on auto-homedir-make feature
LDAP_DEBUG=on possibility to log and debug imap/pop
SMTPEXTFORK=off Allow qmail-smtpd fork external progs
XF_QUITASAP=off Close SMTP session ASAP (SMTPEXTFORK)
SENDERCHECK4=on LOOSE checks exclusively for RELAY clients
QEXTRA=off enable QUEUE_EXTRA copy feature
=== Use 'make config' to modify these settings
Em 02/07/2009, às 16:03, Rodrigo Graeff escreveu:
Excelente solução pro firewall cara, porém mais um detalhe. Dependendo
do patch de smtp_auth, há um problema na sintaxe para carregar o
qmail-smtpd nos arquivos de run.. O normal é usar algo do tipo:
exec /usr/local/bin/softlimit -m 12exec /usr/local/bin/softlimit -m
1200 \
/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c
$MAXSMTPD \
-u $QMAILDUID -g $NOFILESGID 0
125 /var/qmail/bin/qmail-smtpd othos.com.br \
/usr/local/vpopmail/bin/vchkpw /usr/bin/true 21
Porém no meu caso, eu preciso fornecer o FQDN logo após o qmail-smtpd
ficando mais ou menos assim:
125 /var/qmail/bin/qmail-smtpd dominio.com.br \
/usr/local/vpopmail/bin/vchkpw /usr/bin/true 21
Caso contrário, ele se torna openrelay...
Ve se da a liga de ser algo assim por ai.
[ ]s
On Thu, 2009-07-02 at 15:51 -0300, Fernando Buzon Macedo wrote:
Obrigado pela atenção.
No meu firewall eu faço anti-spoof para o endereço de loopback da
seguinte forma:
${fwcmd} add 2 allow all from any to any via lo0
${fwcmd} add 3 deny all from 127.0.0.0/8 to any
também faço anti-spoof para as minhas redes internas...
Eu fiz uma regra de log no firewall pra ver quem estava chegando na
porta 25.
E quando faço o test de open relay (www.antispam-ufrj.pads.ufrj.br)
chega com o ip deles mesmo, no caso esse abaixo:
Jul 2 15:44:59 qmail kernel: ipfw: 1 Accept TCP 146.164.48.5:34719
192.168.1.233:25 in via em0
e ele permite o relay!
No meu caso o FDP que estava usando meu servidor pra enviar spam
sempre vinha com toyotalotterydeparm...@yahoo.com.hk
eu coloquei ele no badmailfrom e com o script do Patrick (qmail-
adm.sh) eu apaguei da fila esses emails. até ai tudo bem, só que o
meu
servidor continua openrelay! rs
no meu servidor antigo que era com vpopmail, eu lembro perfeitamente
que esse teste nr 10 quem o bloqueava era o badrcptto.
que agora não bloqueia mais...
E eu sempre recarregos os serviços quando modifico os arquivos de
control.
Mais uma vez obrigado pela atenção!
Fernando.
Em 02/07/2009, às 15:38, Rodrigo Graeff escreveu:
Estar openrelay não tem absolutamente nada a ver com o fato do
qregex
não estar funcionando. Se tu estas liberando 127.0.0.1 para ter
qualquer
relay, é melhor bloquear endereços 127.0.0.0/8 na interface de rede
externa, bem como 192.168.1.0/24..
Quanto ao qregex não funcionar, chegaste a testar outro arquivo ?
badmailfrom ? badhelo ?? Sei que parece estúpido, porém é preciso um
kill
