Beruflich Dokumente
Kultur Dokumente
Code:
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/samba36-3.6.3.tbz
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/heimdal-1.4_1.tbz
cd /usr/local/lib
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10
amd64
Code:
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/samba36-3.6.3.tbz
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/heimdal-1.4_1.tbz
cd /usr/local/lib
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10
Files to modify
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/ksadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
DOMAIN.LOCAL = {
kdc = 192.168.138.11:88
admin_server = ws2012.domain.local.:749
default_domain = domain.
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
[kdc]
profile = /var/heimdal/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/usr/local/etc/smb.conf
[global]
/var/heimdal/kdc.conf
[kdcdfefaults]
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
v4_mode = noreauth
[libdefaults]
default_realm = DOMAIN.
[realms]
DOMAIN. = {
master_key_type = des-cbc-crc
supported_enctypes = des3-hmac-sha1:normal arcfourhmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbccrc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
}
/var/heimdal/kadm5.acl
*/administrator@DOMAIN.LOCAL
/usr/local/etc/rc.d/samba
:%s/NO/YES/g
# /usr/local/etc/rc.d/samba onerestart
# kinit Administrator
# /usr/local/etc/rc.d/samba onerestart
services -> proxy server -> general settings -> custom options
e cole estas linhas
acl_uses_indirect_client on;follow_x_forwarded_for allow localhost;auth_param ntlm program
/usr/local/bin/ntlm_auth --use-cached-creds --helper-protocol=squid-2.5-ntlmssp;auth_param ntlm children
10;auth_param ntlm keep_alive on;acl password proxy_auth REQUIRED;http_access allow password;
Configuraes do windows
Configuraes de segurana
Diretivas locais
Opes de segurana
Adicionando na inicializao
# mv /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh