Veo dos líneas passwd server. No sé si ambas se refieren al mismo
servidor.
Tengo entendido que en un mensaje anterior habías dado a entender que
estabas unido con un usuario del dominio. Cito:
"y si tenia instalado el krb5-user, ya tengo la pc en el dominio, y
estoy
> trabajando logueado con un usuario del dominio. "
Y por otra parte me dices que usaste Likewise. Debería ser suficiente.
Revisa con cuidado los pasos que has seguido. Si estás haciendo cambios,
anótalos para referencia posterior y así regresar a casilla 1 si es
necesario. La anterior documentación que te mandé, me parece, menciona
comprobaciones en varios pasos.
Te mando otra documentación sobre cómo unir un Samba a un dominio
controlado por ADS. Es de aquí de la lista, del colega Jusset.
Fumero
El lun, 17-10-2011 a las 08:44 -0400, Ing. Alnair Reyes Pérez escribió:
> no había respondido porque estuve unos días sin pinchar, miren seguí las
> instrucciones que me dicen, aquí les mando adjuntos todos los archivos
> de configuración envueltos en este proceso, los resultados en este
> momento son:
>
> -la pc esta unida al dominio, sale en el Active Directory y en el
> entorno de red de windows.
> -no me puedo loguear con un usuario del dominio, ya eso lo había hecho
> pero tenia que agregar en los grupos que quisiera a
> CALDERAS\administrator, esto no lo hice, pues no me lo decían, pero
> bueno esto es lo de menos, en esta pc solo me logueo yo, seria mas
> cómodo loguearme como el admin del ads para no tener que autenticarme
> cada vez que quiero entrar a otra pc, pero es opcional.
> -cuando trato de entrar a la pc desde otra me pide usuario y contraseña.
> -ahora para loguearme en mi pc con mi usuario me pide la contraseña dos
> veces.
>
> revisen y díganme ahora que puede suceder, ah, para unir la pc al
> dominio use likewise, después para que saliera en el entorno de red de
> windows si tuve que hacer los cambios en el smb.
>
> saludos.
> ------------ próxima parte ------------
> [libdefaults]
> default_realm = CALDERAS.VC.MINAZ.CU
>
> # The following krb5.conf variables are only for MIT Kerberos.
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> # The following encryption type specification will be used by MIT Kerberos
> # if uncommented. In general, the defaults in the MIT Kerberos code are
> # correct and overriding these specifications only serves to disable new
> # encryption types as they are added, creating interoperability problems.
> #
> # Thie only time when you might need to uncomment these lines and change
> # the enctypes is if you have local software that will break on ticket
> # caches containing ticket encryption types it doesn't know about (such as
> # old versions of Sun Java).
>
> # default_tgs_enctypes = des3-hmac-sha1
> # default_tkt_enctypes = des3-hmac-sha1
> # permitted_enctypes = des3-hmac-sha1
>
> # The following libdefaults parameters are only for Heimdal Kerberos.
> v4_instance_resolve = false
> v4_name_convert = {
> host = {
> rcmd = host
> ftp = ftp
> }
> plain = {
> something = something-else
> }
> }
> fcc-mit-ticketflags = true
> default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> dns_lookup_kdc = true
>
> [realms]
> CALDERAS.VC.MINAZ.CU = {
> kdc = servidor.calderas.vc.minaz.cu
> }
>
> [domain_realm]
> .calderas.vc.minaz.cu = CALDERAS.VC.MINAZ.CU
> calderas.vc.minaz.cu = CALDERAS.VC.MINAZ.CU
>
> [login]
> krb4_convert = true
> krb4_get_tickets = false
> [appdefaults]
> pam = {
> mappings = CALDERAS\\(.*) $1...@calderas.vc.minaz.cu
> forwardable = true
> validate = true
> }
> httpd = {
> mappings = CALDERAS\\(.*) $1...@calderas.vc.minaz.cu
> reverse_mappings = (.*)@CALDERAS\.VC\.MINAZ\.CU CALDERAS\$1
> }
> ------------ próxima parte ------------
> #======================= Global Settings =======================
>
> [global]
> log file = /var/log/samba/log.%m
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> obey pam restrictions = yes
> map to guest = bad user
> encrypt passwords = true
> passwd program = /usr/bin/passwd %u
> passdb backend = tdbsam
> dns proxy = no
> netbios name = ADMIN
> server string =
> password server = 172.20.16.1
> unix password sync = yes
> workgroup = CALDERAS
> os level = 20
> security = ads
> syslog = 0
> usershare allow guests = yes
> panic action = /usr/share/samba/panic-action %d
> max log size = 1000
> pam password change = yes
> realm = CALDERAS.VC.MINAZ.CU
> password server = servidor.calderas.vc.minaz.cu
> winbind use default domain = yes
> idmap uid=10000-20000
> idmap gid=10000-20000
> template shell=/bin/bash
> template homedir=/home/%U
> passdb expand explicit = no
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> guest ok = no
> read only = yes
> create mask = 0700
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> browseable = yes
> read only = yes
> guest ok = no
>
> [Almacen]
> writeable = yes
> public = yes
> path = /media/Almacen
> ------------ próxima parte ------------
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> #passwd: compat lsass
> #group: compat lsass
> #shadow: compat
>
> passwd: compat winbind
> group: compat winbind
> shadow: compat winbind
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
> ------------ próxima parte ------------
> #
> # /etc/pam.d/common-account - authorization settings common to all services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of the authorization modules that define
> # the central access policy for use on the system. The default is to
> # only deny service to users whose accounts are expired in /etc/shadow.
> #
> # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> # To take advantage of this, it is recommended that you configure any
> # local modules either before or after the default block, and use
> # pam-auth-update to manage selection of other modules. See
> # pam-auth-update(8) for details.
> #
>
> # here are the per-package modules (the "Primary" block)
> account [success=3 new_authtok_reqd=done default=ignore]
> pam_unix.so
> account [success=ok new_authtok_reqd=ok default=ignore]
> pam_lsass.so unknown_ok
> account [success=1 new_authtok_reqd=done default=ignore]
> pam_lsass.so
> # here's the fallback if no module succeeds
> account requisite pam_deny.so
> # prime the stack with a positive return value if there isn't one already;
> # this avoids us returning an error just because nothing sets a success code
> # since the modules above will each just jump around
> account required pam_permit.so
> # and here are more per-package modules (the "Additional" block)
> # end of pam-auth-update config
> auth sufficient pam_unix.so
> auth required pam_winbind.so nullok_secure use_first_pass
> ------------ próxima parte ------------
> #
> # /etc/pam.d/common-auth - authentication settings common to all services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of the authentication modules that define
> # the central authentication scheme for use on the system
> # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
> # traditional Unix authentication mechanisms.
> #
> # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> # To take advantage of this, it is recommended that you configure any
> # local modules either before or after the default block, and use
> # pam-auth-update to manage selection of other modules. See
> # pam-auth-update(8) for details.
>
> # here are the per-package modules (the "Primary" block)
> auth [success=2 default=ignore] pam_unix.so nullok_secure
> auth [success=1 default=ignore] pam_lsass.so try_first_pass
> # here's the fallback if no module succeeds
> auth requisite pam_deny.so
> # prime the stack with a positive return value if there isn't one already;
> # this avoids us returning an error just because nothing sets a success code
> # since the modules above will each just jump around
> #auth required pam_permit.so
> # and here are more per-package modules (the "Additional" block)
> # end of pam-auth-update config
> auth sufficient pam_unix.so
> auth required pam_winbind.so nullok_secure use_first_pass
>
> ------------ próxima parte ------------
> #
> # /etc/pam.d/common-session - session-related modules common to all services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of modules that define tasks to be performed
> # at the start and end of sessions of *any* kind (both interactive and
> # non-interactive).
> #
> # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> # To take advantage of this, it is recommended that you configure any
> # local modules either before or after the default block, and use
> # pam-auth-update to manage selection of other modules. See
> # pam-auth-update(8) for details.
>
> # here are the per-package modules (the "Primary" block)
> session [default=1] pam_permit.so
> # here's the fallback if no module succeeds
> session requisite pam_deny.so
> # prime the stack with a positive return value if there isn't one already;
> # this avoids us returning an error just because nothing sets a success code
> # since the modules above will each just jump around
> session required pam_permit.so
> # and here are more per-package modules (the "Additional" block)
> #session required pam_unix.so
> session sufficient pam_lsass.so
> session optional pam_ck_connector.so nox11
> # end of pam-auth-update config
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
> ______________________________________________________________________
> Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
> Gutl-l@jovenclub.cu
> https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
--
M.Sc. Alberto García Fumero
Usuario Linux 97 318, registrado 10/12/1998
Las autoridades sanitarias advierten:
El uso prolongado de Windows puede provocar dependencia.
--
Todos los mensajes enviados por este servidor han sido revisados con ClamAV en
Partagas y se consideran limpios.
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
