Diferencia entre revisiones de «Samba»
(→Force passwd change) |
|||
Línea 101: | Línea 101: | ||
== Force passwd change == | == Force passwd change == | ||
− | net sam set pwdmustchangenow <username> yes | + | net sam set pwdmustchangenow <username> yes |
+ | == Privileges == | ||
+ | Grant add to domain privileges to a group | ||
+ | net rpc rights grant "Soporte Tecnico" SeMachineAccountPrivilege | ||
= Errores = | = Errores = |
Revisión actual del 16:42 9 nov 2009
Contenido
Guias y documentos
Oficiales
Otras
Integracion OpenLDAP y Samba
Seguridad en desktops
Windows
Mediante la utilización de Group Policies
A system policy can be used in a Windows NT domain as a remote administration tool for implementing a similar computing environment on all clients and limiting the abilities of users to change configuration settings on their systems or allowing them to run only a limited set of programs. One application of system policies is to use them along with mandatory profiles to implement a collection of computers for public use, such as in a library, school, or Internet cafe.
A system policy is a collection of registry settings that is stored in a file on the PDC and is automatically downloaded to the clients when users log on to the domain. The file containing the settings is created on a Windows system using the System Policy Editor. Because the format of the registry is different between Windows 95/98/Me and Windows NT/2000/XP, it is necessary to make sure that the file that is created is in the proper format. This is a very simple matter because when the System Policy Editor runs on Windows 95/98/Me, it will create a file in the format for Windows 95/98/Me, and if it is run on Windows NT/2000/XP, it will use the format needed by those versions. After the policy file is created with the System Policy Editor, it is stored on the primary domain controller and is automatically downloaded by the clients during the logon process, and the policies are applied to the client system.
On Windows NT 4.0 Server, you can run the System Policy Editor by logging in to the system as Administrator or another user in the Administrators group, opening the Start menu, and selecting Programs, then Administrative Tools, then System Policy Editor. On Windows 2000 Advanced Server, open the Start menu and click Run . . . . In the dialog box that comes up, type in C:\winnt\poledit.exe, and click the OK button.
Group policies
Samba supports some group policies. To do so, it must be acting as a PDC, or using winbind that is pointing to a DC. This is because users must log on for the policies to be applied. See 3.12, “Setting up a Samba PDC” on page 71 and 3.13, “Setting up roaming profiles” on page 75 for these two setups.
Samba supports:
- Roaming profiles and folder redirection
- Logon scripts
- NT 4 System policies
Samba does not support:
- Software distribution
- Rights management and other security-oriented features
- Desktop configuration and control
Samba-3 will support many more group policies.
Not available at this time - it requires tight integration with Active Directory, and that's a Samba4 issue. NT4 system policies are the best you can hope for with Samba 3.0.
System Policy Editor - poledit
Definicion de GPOs en Windows 200x
nitrobit group policy
http://www.nitrobit.com/GroupPolicy.html
Explicacion de las politicas
- http://www.infopeople.org/resources/security/workstation/policies.html
- http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html
- https://adelie.ucs.ed.ac.uk/dstwiki/index.php/GPO
Notas:
- http://www.windowsitpro.com/SQLServer/Article/ArticleID/45614/SQLServer_45614.html
- http://www2.cio.com/analyst/report2346.html
Articulos relacionados a la integracion
Guias
- http://www.ldapguru.com/modules/mylinks/visit.php?cid=7&lid=80
- http://www.idealx.org/prj/samba/smbldap-howto.fr.html
- http://samba.idealx.org/
- http://g.unsa.edu.ar/trinidad/
- http://lucas.ok.cl/Tutoriales/doc-openldap-samba-cups-python/htmls/
- http://groucho.dsic.upv.es/cursos/Integracion/html/
- http://es.tldp.org/Tutoriales/doc-openldap-samba-cups-python/html/ldap+samba+cups+pykota.html
- http://aqua.subnet.at/~max/ldap/
- http://www.cxro.lbl.gov/comp_services/samba_ldap_pdc_howto.htm
- http://www.unav.es/cti/smb-ldap-3-howto.html
Notas:
Samba configuration tips
- In order to visualize correctly from a windows machine files containing french accents I use the following charset option in /etc/samba/smb.conf in the general section:
unix charset = iso8859-15
mount -t smbfs -o username=domain\\miusuario,password=mipass //192.168.124.1/public /mnt/public
Browsear samba desde el nautilus
Para que funcione el smb:// hay que instalar
apt-get install libsmbclient libgnomevfs2-extra
Force passwd change
net sam set pwdmustchangenow <username> yes
Privileges
Grant add to domain privileges to a group
net rpc rights grant "Soporte Tecnico" SeMachineAccountPrivilege
Errores
Solucion:
apt-get install smbfs