Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Pfsense Ad

    Încărcat de

    Raphael Zippin
    26 vizualizări18 pagini
    Tutorial para adicionar o pfsense no ad

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Tutorial para adicionar o pfsense no ad

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    26 vizualizări18 pagini

    Pfsense Ad

    Încărcat de

    Raphael Zippin
    Tutorial para adicionar o pfsense no ad

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 18

    i386

    Code:
    pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/samba36-3.6.3.tbz
    pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/heimdal-1.4_1.tbz
    cd /usr/local/lib
    fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10

    amd64
    Code:
    pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/samba36-3.6.3.tbz
    pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/heimdal-1.4_1.tbz
    cd /usr/local/lib
    fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10
    fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10

    Files to modify

    /etc/krb5.conf

    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/ksadmind.log

    [libdefaults]
    default_realm = DOMAIN.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = false
    ticket_lifetime = 24h
    forwardable = yes
    default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
    default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
    preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

    [realms]
    DOMAIN.LOCAL = {
    kdc = 192.168.138.11:88
    admin_server = ws2012.domain.local.:749
    default_domain = domain.
    }

    [domain_realm]
    .domain.local = DOMAIN.LOCAL
    domain.local = DOMAIN.LOCAL

    [kdc]
    profile = /var/heimdal/kdc.conf

    [appdefaults]
    pam = {
    debug = false

    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
    }

    /usr/local/etc/smb.conf

    [global]

    netbios name = PFSENSE


    workgroup = DOMAIN
    realm = DOMAIN.LOCAL
    server string = Domain Proxy Server
    encrypt passwords = yes
    security = ADS
    password server = ws2012.domain.local
    log level = 3
    log file = /var/log/samba/%m.log
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = /etc/printcap
    preferred master = No
    dns proxy = No
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    idmap backend = idmap_rid:DOMAIN=10000-20000
    winbind use default domain = yes
    winbind separator = /
    winbind enum users = yes
    winbind enum groups = yes

    cups options = raw

    /var/heimdal/kdc.conf

    [kdcdfefaults]
    acl_file = /var/kerberos/krb5kdc/kadm5.acl
    dict_file = /usr/share/dict/words
    admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
    v4_mode = noreauth

    [libdefaults]
    default_realm = DOMAIN.

    [realms]

    DOMAIN. = {
    master_key_type = des-cbc-crc
    supported_enctypes = des3-hmac-sha1:normal arcfourhmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbccrc:normal
    des-cbc-crc:v4 des-cbc-crc:afs3
    }

    /var/heimdal/kadm5.acl
    */administrator@DOMAIN.LOCAL

    /usr/local/etc/rc.d/samba
    :%s/NO/YES/g
    # /usr/local/etc/rc.d/samba onerestart
    # kinit Administrator

    # net ads join -U Administrator@DOMAIN.LOCAL

    # /usr/local/etc/rc.d/samba onerestart

    services -> proxy server -> general settings -> custom options
    e cole estas linhas
    acl_uses_indirect_client on;follow_x_forwarded_for allow localhost;auth_param ntlm program
    /usr/local/bin/ntlm_auth --use-cached-creds --helper-protocol=squid-2.5-ntlmssp;auth_param ntlm children
    10;auth_param ntlm keep_alive on;acl password proxy_auth REQUIRED;http_access allow password;

    NOTA IMPORTANTE PARA WINDOWS 7


    No windows 7 so implementadas uma srie de novas politicas de
    segurana , uma delas inclusive barra a autenticao transparente
    que usamos em nossos proxys. Para resolver este problema siga este
    pequeno manual que orienta como dever ser feita esta liberao
    Antes de mais nada , para rodar este procedimento necessrio que
    voc seja administrador da mquina local.
    Execute o Execute o comando "gpedit.msc" e navegue na arvore
    seguindo esta sequencia:

    Diretiva computador local

    Configuraes do windows

    Configuraes de segurana

    Diretivas locais

    Opes de segurana

    Segurana de rede: nvel de autenticao lan manager

    Marque a opo: enviar lm e ntlm - usar nivel de


    segurana NTLMv2

    Adicionando na inicializao

    # mv /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

    S-ar putea să vă placă și