De gacq wiki
Saltar a: navegación, buscar

Guias y documentos



Integracion OpenLDAP y Samba

Seguridad en desktops


Mediante la utilización de Group Policies

A system policy can be used in a Windows NT domain as a remote administration tool for implementing a similar computing environment on all clients and limiting the abilities of users to change configuration settings on their systems or allowing them to run only a limited set of programs. One application of system policies is to use them along with mandatory profiles to implement a collection of computers for public use, such as in a library, school, or Internet cafe.

A system policy is a collection of registry settings that is stored in a file on the PDC and is automatically downloaded to the clients when users log on to the domain. The file containing the settings is created on a Windows system using the System Policy Editor. Because the format of the registry is different between Windows 95/98/Me and Windows NT/2000/XP, it is necessary to make sure that the file that is created is in the proper format. This is a very simple matter because when the System Policy Editor runs on Windows 95/98/Me, it will create a file in the format for Windows 95/98/Me, and if it is run on Windows NT/2000/XP, it will use the format needed by those versions. After the policy file is created with the System Policy Editor, it is stored on the primary domain controller and is automatically downloaded by the clients during the logon process, and the policies are applied to the client system.

On Windows NT 4.0 Server, you can run the System Policy Editor by logging in to the system as Administrator or another user in the Administrators group, opening the Start menu, and selecting Programs, then Administrative Tools, then System Policy Editor. On Windows 2000 Advanced Server, open the Start menu and click Run . . . . In the dialog box that comes up, type in C:\winnt\poledit.exe, and click the OK button.

Group policies

Samba supports some group policies. To do so, it must be acting as a PDC, or using winbind that is pointing to a DC. This is because users must log on for the policies to be applied. See 3.12, “Setting up a Samba PDC” on page 71 and 3.13, “Setting up roaming profiles” on page 75 for these two setups.

Samba supports:

  • Roaming profiles and folder redirection
  • Logon scripts
  • NT 4 System policies

Samba does not support:

  • Software distribution
  • Rights management and other security-oriented features
  • Desktop configuration and control

Samba-3 will support many more group policies.

Not available at this time - it requires tight integration with Active Directory, and that's a Samba4 issue. NT4 system policies are the best you can hope for with Samba 3.0.

System Policy Editor - poledit

Definicion de GPOs en Windows 200x

nitrobit group policy

Explicacion de las politicas


Articulos relacionados a la integracion



Samba configuration tips

  • In order to visualize correctly from a windows machine files containing french accents I use the following charset option in /etc/samba/smb.conf in the general section:
unix charset = iso8859-15

Mounting a Windows share using a domain account

mount -t smbfs -o username=domain\\miusuario,password=mipass // /mnt/public

Browsear samba desde el nautilus

Para que funcione el smb:// hay que instalar

apt-get install libsmbclient libgnomevfs2-extra

Force passwd change

net sam set pwdmustchangenow <username> yes


Grant add to domain privileges to a group

net rpc rights grant "Soporte Tecnico" SeMachineAccountPrivilege


"smbfs: mount_data version 1919251317 is not supported" al montar un share


apt-get install smbfs