Servidor de domínio

Iniciado por danielrsj, 04 de Julho de 2009, 00:44

tópico anterior - próximo tópico

danielrsj

Olá pessoal,
Sou novo no fórum e usuário recente de linux.
Estou começando uma pesquisa pra implantar um servidor controlador de domínio na empresa e gostaria da ajuda de vcs.
É o seguinte, no windows 2003 eu tenho lá aquele usuários e computadores do active directory.
quando adicionamos um computador na rede o próprio servidor já configura uma conta de computador.
Tem também as GPO's.
Dá pra configurar scripts de inicialização, etc, etc, e tals...

o que estou querendo é que vcs me indiquem o que devo estudar/pesquisar pra montar um controlador de domínio parecido com o 2003 (active directory)

Só o samba já resolve? ou tem que instalar também o kerberos (nem sei pra que serve isso, heheh), openldap, NIS.
Eu li as definições do wikipedia sobre todos esses que mencionem acima, mas aí é que fiquei com a cuca mais confusa. ???... hehehe

obrigado pessoal

gilsonpaulo

De uma olhada neste smb.conf meu, a unica coisa com relação ao cadastro de maquinas, é que vc tem que criar o grupo machines antes.

Com este smb.conf ele ja adiciona as maquinas automaticamente.

[global]
name resolve order = lmhosts host wins bcast
idmap gid = 10000-20000
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:*password\supdated\ssuccessfully* .
obey pam restrictions = yes
enable privileges = yes
show add printer wizard = yes
time server = yes
passwd program = /usr/bin/passwd %u
dns proxy = no
nt acl support = yes
netbios name = SERVIDOR
printing = cups
idmap uid = 10000-20000
logon script = %U.bat
dos charset = CP850
local master = yes
workgroup = GRANITI
os level = 100
printcap name = cups
security = user
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c "Maquinas do Dominio" -s /bin/false "%u"
short preserve case = yes
max log size = 1000
log level = 1
log file = /var/log/samba/log.%m
load printers = yes
guest account = nobody
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
vfs object = recycle
logon drive = H:
username map = /etc/samba/smbusers
domain master = yes
interfaces = lo, eth0, tun0, eth1
encrypt passwords = true
wins proxy = yes
logon home = \\%L\%U
passdb backend = tdbsam
template shell = /bin/bash
wins support = yes
case sensitive = no
server string = %h
path = /var/spool/samba
message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
unix password sync = no
logon path =
syslog = 0
unix charset = ISO8859-1
panic action = /usr/share/samba/panic-action %d
preferred master = yes
bind interfaces only = Yes
domain logons = yes


#### Networking ####

#### Debugging/Accounting ####



####### Authentication #######

; invalid users = root
; pam password change = no
########## Domains ###########
; logon path = \\%L\ProfilesNT\%U
; preserve case = yes
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

########## Printing ##########

; load printers = yes
;    printer admin = @lpadmin

############ Misc ############

; include = /etc/samba/smb.conf.%m
;    winbind enum groups = yes
;    winbind enum users = yes

#Adicionar Maquinas Automaticamente

; add user script = /usr/sbin/useradd "%u"
; add group script = /usr/sbin/groupadd "%g"
; delete user script = /usr/sbin/userdel "%u"
; delele user from group script = /usr/sbin/deluser "%u" "%g"
; delete group script = /usr/sbin/groupdel "%u"

; hidedotfiles = yes
; hide files = /desktop.ini/Desktop.ini/
;       hide files = /desktop.ini/ntuser.ini/NTUSER.*/


[homes]
comment = Home Directories
browseable = no
writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /home/profiles
;    browseable = no
;    guest ok = yes

# automatic printer driver download support
;[print$]
; path = /var/lib/samba/drivers
; guest ok = yes
; browseable = yes
; read only = yes
; since this share is configured as read only, then we need
; a 'write list'.  Check the file system permissions to make
; sure this account can copy files to the share.  If this
; is setup to a non-root account, then it should also exist
; as a 'printer admin'
write list = root

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
use client driver = Yes
browseable = No

;comment = All Printers
; path = /var/spool/samba
; browseable = no
# Set public = yes to allow user 'guest account' to print
; guest ok = no
; writable = no
; printable = yes
# printer admin = root
; public = yes

[Software]
volume = Softwares
comment = Diretorio Arquivos
printable = no
writeable = yes
public = yes
path = /graniti/Softwares
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root
vfs object = /usr/lib/samba/vfs/recicle.so
; vfs option = /etc/samba/recycle.conf

[Backup]
comment = Diretorio Backup
writeable = yes
printable = no
public = yes
path = /graniti/backup
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[Financeiro]
comment = Financeiro
writeable = yes
printable = no
public = yes
path = /graniti/financeiro
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[OS]
comment = Ordem de Serviços
writeable = yes
printable = no
public = yes
path = /graniti/os
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[Orcamento]
comment = Orçamento
writeable = yes
printable = no
public = yes
path = /graniti/orcamento
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[ServExt]
comment = Serviço Externo
writeable = yes
printable = no
public = yes
path = /graniti/se
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[PCompra]
comment = Pedido de Compra
writeable = yes
printable = no
public = yes
path = /graniti/pc
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[Fluxo]
comment = Fluxo
writeable = yes
printable = no
public = yes
path = /graniti/fluxo
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[Gra]
comment = Notas Fiscais
writeable = yes
printable = no
public = yes
path = /graniti/gra
username = root
valid users = administracao,graniti,gilson,recepcao
write list = administracao,graniti,gilson,recepcao
read list = administracao,graniti,gilson,recepcao
force user = root
force group = root

[Raiz]
comment = Raiz Servidor
writeable = yes
printable = no
public = yes
path = /
username = root
valid users = graniti
write list = graniti
read list = graniti
force user = root
force group = root

[Recepcao]
comment = Diretorio Recepcao
writeable = yes
printable = no
public = yes
path = /graniti/Recepcao
username = root
valid users = @ntadmins
write list = @ntadmins
read list = @ntadmins
force user = root
force group = root

tc.espinola

Igual ao AD do Windows 2003 Server ainda não é possível com o Samba, isso está previsto para a próxima versão (4.0), mas você pode montar um domínio semelhante ao NT, acesse este link e veja como montar de maneira rápida e fácil um controlador de domínio no Ubuntu Server: http://www.opcaolinux.com.br/solucoes/opcaolinux-pdc.html.