[FUG-BR] Samba 3.3.3 + FreeBSD 7.2 + Windonws
Galera, bom dia. Bom, instalei o samba no meu servidor através do ports, mas não consigo autenticar usuarios no mesmo (ainda não é um PDC). Segue abaixo meu smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = MYGROUP # server string is the equivalent of the NT Description field server string = Samba Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = user # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 192.168.0. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, cups, sysv, plp, lprng, aix, hpux, qnx ; printing = cups # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # log file = /var/log/samba/log.%m log file = /var/log/samba/samba.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = NT-Server-Name # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of ; realm = MY_REALM # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/etc/smb.conf.%m # Most people will find that this option gives better performance. # See the chapter 'Samba performance issues' in the Samba HOWTO Collection # and the manual pages for details. # You may want to add the following on a Linux system: ; socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 ;interfaces = 192.168.0.180/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job
Re: [FUG-BR] qmail-ldap e badrcptto
Não uso qmail, mas será que essas expressões regulares não ancoram, automaticamente, o padrão de busca ao início (^) e ao fim ($) da string? Porque, se matheus* se transformar implicitamente em ^matheus*$, esse padrão não vai realmente se aplicar a math...@ Se você quisesse algo assim, teria que usar ou matheus.* ou mat...@.*. 2009/7/3 Fernando Buzon Macedo ferna...@bebedouro.sp.gov.br Eu que falava do badrcptto, na verdade seria o qregex! ### qregex-20060423.patch Adiciona a possibilidade de usar expressões regulares nos arquivos badmailfrom, badmailfromnorelay, badrcptto, badrcpttonorelay e badhelo. ### Eu fiz um teste com o badmailfrom. Por exemplo: Se eu coloco: math...@bebedouro.sp.gov.br funciona e rejeita os emails do matheus mas se eu coloco: matheus* ai ja não funciona! Deveria funcionar certo? Então quando eu disse do badrcptto que não funciona vcs esqueçam isso, O caso é que o patch do qregex que não funciona. Só pra desencargo segue o meu showconfig: === The following configuration options are available for qmail- ldap-1.03.20060201_3: LOCALTIME_PATCH=on emit dates in the local timezone TLS=on SMTP TLS support ALTQUEUE=on run a QMAILQUEUE external queue BIGBROTHER=off use the control/bigbrother program BIGTODO=on use big_todo qmail patch BIND_8_COMPAT=off Needed if compile fails building dns.c CLEARTEXTPASSWD=off use cleartext passwords (Dangerous!) DASH_EXT=on dash_ext extended mail addresses add DATA_COMPRESS=on smtp on the fly DATA compression EXTERNAL_TODO=on external high-performance todo processing IGNOREVERISIGN=off disallow dns wildchar matches on gtlds QLDAP_CLUSTER=on cluster support QMQP_COMPRESS=on QMQP on the fly compression QUOTATRASH=on include the Trash in the quota SMTPEXECCHECK=on smtp DOS/Windows executable detection AUTOMAILDIRMAKE=on the auto-maildir-make feature AUTOHOMEDIRMAKE=on auto-homedir-make feature LDAP_DEBUG=on possibility to log and debug imap/pop SMTPEXTFORK=off Allow qmail-smtpd fork external progs XF_QUITASAP=off Close SMTP session ASAP (SMTPEXTFORK) SENDERCHECK4=on LOOSE checks exclusively for RELAY clients QEXTRA=off enable QUEUE_EXTRA copy feature === Use 'make config' to modify these settings Em 02/07/2009, às 16:03, Rodrigo Graeff escreveu: Excelente solução pro firewall cara, porém mais um detalhe. Dependendo do patch de smtp_auth, há um problema na sintaxe para carregar o qmail-smtpd nos arquivos de run.. O normal é usar algo do tipo: exec /usr/local/bin/softlimit -m 12exec /usr/local/bin/softlimit -m 1200 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 125 /var/qmail/bin/qmail-smtpd othos.com.br \ /usr/local/vpopmail/bin/vchkpw /usr/bin/true 21 Porém no meu caso, eu preciso fornecer o FQDN logo após o qmail-smtpd ficando mais ou menos assim: 125 /var/qmail/bin/qmail-smtpd dominio.com.br \ /usr/local/vpopmail/bin/vchkpw /usr/bin/true 21 Caso contrário, ele se torna openrelay... Ve se da a liga de ser algo assim por ai. [ ]s On Thu, 2009-07-02 at 15:51 -0300, Fernando Buzon Macedo wrote: Obrigado pela atenção. No meu firewall eu faço anti-spoof para o endereço de loopback da seguinte forma: ${fwcmd} add 2 allow all from any to any via lo0 ${fwcmd} add 3 deny all from 127.0.0.0/8 to any também faço anti-spoof para as minhas redes internas... Eu fiz uma regra de log no firewall pra ver quem estava chegando na porta 25. E quando faço o test de open relay (www.antispam-ufrj.pads.ufrj.br) chega com o ip deles mesmo, no caso esse abaixo: Jul 2 15:44:59 qmail kernel: ipfw: 1 Accept TCP 146.164.48.5:34719 192.168.1.233:25 in via em0 e ele permite o relay! No meu caso o FDP que estava usando meu servidor pra enviar spam sempre vinha com toyotalotterydeparm...@yahoo.com.hk eu coloquei ele no badmailfrom e com o script do Patrick (qmail- adm.sh) eu apaguei da fila esses emails. até ai tudo bem, só que o meu servidor continua openrelay! rs no meu servidor antigo que era com vpopmail, eu lembro perfeitamente que esse teste nr 10 quem o bloqueava era o badrcptto. que agora não bloqueia mais... E eu sempre recarregos os serviços quando modifico os arquivos de control. Mais uma vez obrigado pela atenção! Fernando. Em 02/07/2009, às 15:38, Rodrigo Graeff escreveu: Estar openrelay não tem absolutamente nada a ver com o fato do qregex não estar funcionando. Se tu estas liberando 127.0.0.1 para ter qualquer relay, é melhor bloquear endereços 127.0.0.0/8 na interface de rede externa, bem como 192.168.1.0/24.. Quanto ao qregex não funcionar, chegaste a testar outro arquivo ? badmailfrom ? badhelo ?? Sei que parece estúpido, porém é preciso um kill