Professional Documents
Culture Documents
Proxy com AD
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/samba36-3.6.3.tbz
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/heimdal-1.4_1.tbz
cd /usr/local/lib
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10
Pacotes para 64 bits
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/samba36-
3.6.3.tbz
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/heimdal-
1.4_1.tbz
cd /usr/local/lib
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10
Configurando Samba
Edite o arquivo /usr;/local/samba/smb.conf
[global]
interfaces = em1
bind interfaces only = yes
netbios name = PFSENSE
workgroup = DOMINIOSTATO
realm = DOMINIOSTATO.NET
server string = Domain Proxy Server
encrypt passwords = yes
security = ADS
password server = 192.168.1.250
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_SNDBUF=8192
printcap name = /etc/printcap
preferred master = no
dns proxy = no
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
cups options = raw
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/ksadmind.log
[libdefaults]
default_realm = DOMINIOSTATO.NET
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
; default_tgs_enctypes = DES.CBC.CRC DES.CBC.MD5 RC4.HMAC
; default_tkt_enctypes = DES.CBC.CRC DES.CBC.MD5 RC4.HMAC
; preferred_enctypes = DES.CBC.CRC DES.CBC.MD5 RC4.HMAC
[domain_realm]
.dominiostato.net= DOMINIOSTATO.NET
dominiostato.net= DOMINIOSTATO.NET
[kdc]
profile = /var/heimdal/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/var/heimdal/kadm5.acl
*/*administrador@DOMINIOSTATO.NET *
/var/heimdal/kdc.conf
[kdcdfefaults]
acl_file = /var/heimdal/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/heimdal/kadm5.keytab
v4_mode = noreauth
[libdefaults]
default_realm = DOMINIOSTATO.NET
[realms]
DOMINIOSTATO.NET = {
master_key_type = des.cbc.crc
supported_enctypes = des3.hmac.sha1:normal arcfourhmac:
normal des.hmac.sha1:normal des.cbc.md5:normal des.cbc.crc:normal
des.cbc.crc:v4 des.cbc.crc:afs3
}
/etc/rc.conf.local
samba_enable="YES
winbindd_enable="YES"
Configurar o DNS Client
kinit Administrator@DOMINIO.COM
klist
wbinfo t
wbinfo g
wbinfo u
net ads info
Configurando Squid
V em services , Proxy Server, em Custom Options adicione o seguinte
conteudo:
Antes de mais nada, para rodar este procedimento necessrio que voc
seja administrador da mquina local.
Execute o Execute o comando "gpedit.msc" e navegue na arvore seguindo
esta sequncia:
Diretiva computador local
Configuraes do Windows
Configuraes de segurana
Diretivas locais
Opes de segurana
Segurana de rede: nvel de autenticao lan manager
Marque a opo: enviar lm e ntlm - usar nivel de segurana NTLMv2
Vale Lembrar que isso tambm pode ser feito por GPO no AD.