LINUX.ORG.RU
решено ФорумAdmin

SAMBA AD VPN

 , , ,


0

1

Здравствуйте, нужна ваша помощь. Есть ВПС на которой установлен pptp сервер. На pptp подключаеться клиент и заходит в домен, но на шары netlogon, sysvol зайти не может, вечный логин, либо путь не найден. Если ПК не введен в домен и зайти по \\10.0.0.1 то шары успешно открываются при логине того же юзера. Конфиги выкладываю ниже.

/etc/samba/smb.conf

# Global parameters
[global]
workgroup = DC
realm = DC.KONONOV.PW
netbios name = PDC
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
idmap uid = 10000 - 40000
idmap gid = 10000 - 40000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
template shell = /bin/bash
winbind refresh tickets = yes

[netlogon]
path = /var/lib/samba/sysvol/dc.kononov.pw/scripts
read only = No
security = domain

[sysvol]
path = /var/lib/samba/sysvol
read only = No
security = domain

/etc/hosts

127.0.0.1 localhost.localdomain localhost
10.0.0.1 PDC.dc.kononov.pw PDC

/etc/hostname

PDC

/etc/resolv.conf

domain dc.kononov.pw
nameserver 10.0.0.1

/etc/pptd.conf

option /etc/ppp/pptpd-options
logwtmp
localip 10.0.0.1
remoteip 10.0.0.100-200

/etc/ppp/pptpd-options

name pptpd
domain dc.kononov.pw
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}
ms-dns 10.0.0.1
ms-wins 10.0.0.1
proxyarp
nodefaultroute
lock
nobsdcomp
novj
novjccomp
nologfd

ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 91.201.42.108 netmask 255.255.255.0 broadcast 91.201.42.255
inet6 fe80::825:d2ff:fe8c:a856 prefixlen 64 scopeid 0x20<link>
ether 0a:25:d2:8c:a8:56 txqueuelen 1000 (Ethernet)
RX packets 567087 bytes 471285629 (449.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 495329 bytes 473810584 (451.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.0.0.0 broadcast 10.255.255.255
ether 0a:25:d2:8c:a8:56 txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 586 bytes 76592 (74.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 586 bytes 76592 (74.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1496
inet 10.0.0.1 netmask 255.255.255.255 destination 10.0.0.100
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 169234 bytes 12947470 (12.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 323693 bytes 439740654 (419.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

host -t SRV _ldap._tcp.dc.kononov.pw.
_ldap._tcp.dc.kononov.pw has SRV record 0 100 389 PDC.dc.kononov.pw.
host -t SRV _kerberos._udp.dc.kononov.pw.
_kerberos._udp.dc.kononov.pw has SRV record 0 100 88 PDC.dc.kononov.pw.
host -t A pdc.dc.kononov.pw
pdc.dc.kononov.pw has address 91.201.42.108
pdc.dc.kononov.pw has address 10.0.0.1
smbclient -L localhost -U%
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Domain=[DC] OS=[Windows 6.1] Server=[Samba 4.3.6-Debian]

Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.3.6-Debian)
Domain=[DC] OS=[Windows 6.1] Server=[Samba 4.3.6-Debian]

Server Comment
--------- -------
KONONOV Samba 4.3.6-Debian

Workgroup Master
--------- -------
DC KONONOV
smbclient //localhost/netlogon -UAdministrator -c 'ls'

WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Enter Administrator's password:
Domain=[DC] OS=[Windows 6.1] Server=[Samba 4.3.6-Debian]
. D 0 Thu Mar 10 20:24:22 2016
.. D 0 Thu Mar 10 20:24:34 2016

4548704 blocks of size 1024. 983920 blocks available
klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@DC.KONONOV.PW

Valid starting Expires Service principal
17.03.2016 19:42:45 18.03.2016 05:42:45 krbtgt/DC.KONONOV.PW@DC.KONONOV.PW
renew until 18.03.2016 19:42:40
kinit administrator@DC.KONONOV.PW

Password for administrator@DC.KONONOV.PW:
Warning: Your password will expire in 41 days on Чт 28 апр 2016 18:03:11
/etc/sysctl.conf

net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT

Разобрался, нужно в /etc/hosts добавить 10.0.0.1 dc.kononov.pw dc

VovanSSS ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.