Manual Completo: Controlador de Dominio Samba AD DC<\/title>\n <style>\n .manual-container {\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\n line-height: 1.7;\n color: #333;\n max-width: 1200px;\n margin: 0 auto;\n padding: 20px;\n }\n \n .container {\n background: white;\n border-radius: 15px;\n padding: 40px;\n box-shadow: 0 20px 40px rgba(0,0,0,0.1);\n margin: 20px 0;\n border: 1px solid #e9ecef;\n }\n \n h1 {\n color: #2c3e50;\n text-align: center;\n font-size: 2.5em;\n margin-bottom: 10px;\n background: linear-gradient(45deg, #3498db, #2c3e50);\n -webkit-background-clip: text;\n -webkit-text-fill-color: transparent;\n background-clip: text;\n }\n \n .subtitle {\n text-align: center;\n color: #7f8c8d;\n font-size: 1.2em;\n margin-bottom: 40px;\n font-style: italic;\n }\n \n h2 {\n color: #2980b9;\n border-left: 5px solid #3498db;\n padding-left: 15px;\n margin-top: 40px;\n font-size: 1.8em;\n background: linear-gradient(90deg, #f8f9fa 0%, transparent 100%);\n padding: 15px;\n border-radius: 0 10px 10px 0;\n }\n \n h3 {\n color: #27ae60;\n margin-top: 30px;\n font-size: 1.4em;\n border-bottom: 2px solid #27ae60;\n padding-bottom: 5px;\n display: inline-block;\n }\n \n h4 {\n color: #e67e22;\n margin-top: 25px;\n font-size: 1.2em;\n }\n \n .intro-box {\n background: linear-gradient(135deg, #74b9ff, #0984e3);\n color: white;\n padding: 30px;\n border-radius: 15px;\n margin: 30px 0;\n box-shadow: 0 10px 30px rgba(116, 185, 255, 0.3);\n }\n \n .phase-card {\n background: #f8f9fa;\n border: 1px solid #e9ecef;\n border-radius: 10px;\n padding: 25px;\n margin: 20px 0;\n box-shadow: 0 5px 15px rgba(0,0,0,0.08);\n transition: transform 0.3s ease;\n }\n \n .phase-card:hover {\n transform: translateY(-5px);\n box-shadow: 0 10px 25px rgba(0,0,0,0.15);\n }\n \n .code-block {\n background: #2d3748;\n color: #e2e8f0;\n padding: 20px;\n border-radius: 10px;\n overflow-x: auto;\n margin: 15px 0;\n border-left: 4px solid #4299e1;\n font-family: 'Courier New', monospace;\n box-shadow: inset 0 2px 4px rgba(0,0,0,0.2);\n }\n \n .command {\n background: #1a202c;\n color: #68d391;\n padding: 15px;\n border-radius: 8px;\n font-family: 'Courier New', monospace;\n margin: 10px 0;\n border-left: 3px solid #68d391;\n }\n \n .warning-box {\n background: linear-gradient(135deg, #ff7675, #d63031);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #d63031;\n }\n \n .success-box {\n background: linear-gradient(135deg, #00b894, #00a085);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #00a085;\n }\n \n .info-box {\n background: linear-gradient(135deg, #74b9ff, #0984e3);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #0984e3;\n }\n \n .tip-box {\n background: linear-gradient(135deg, #fdcb6e, #e17055);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #e17055;\n }\n \n ul, ol {\n padding-left: 25px;\n }\n \n li {\n margin: 8px 0;\n }\n \n .config-table {\n width: 100%;\n border-collapse: collapse;\n margin: 20px 0;\n background: white;\n border-radius: 10px;\n overflow: hidden;\n box-shadow: 0 5px 15px rgba(0,0,0,0.1);\n }\n \n .config-table th {\n background: linear-gradient(135deg, #667eea, #764ba2);\n color: white;\n padding: 15px;\n text-align: left;\n font-weight: 600;\n }\n \n .config-table td {\n padding: 12px 15px;\n border-bottom: 1px solid #eee;\n }\n \n .config-table tr:hover {\n background: #f8f9fa;\n }\n \n .architecture-grid {\n display: grid;\n grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));\n gap: 20px;\n margin: 30px 0;\n }\n \n .arch-card {\n background: linear-gradient(135deg, #a8edea, #fed6e3);\n padding: 25px;\n border-radius: 15px;\n text-align: center;\n box-shadow: 0 10px 25px rgba(0,0,0,0.1);\n }\n \n .step-counter {\n background: linear-gradient(135deg, #667eea, #764ba2);\n color: white;\n width: 30px;\n height: 30px;\n border-radius: 50%;\n display: inline-flex;\n align-items: center;\n justify-content: center;\n margin-right: 10px;\n font-weight: bold;\n }\n \n .verification-steps {\n background: #e8f5e8;\n border: 2px solid #27ae60;\n border-radius: 10px;\n padding: 20px;\n margin: 20px 0;\n }\n \n .troubleshooting {\n background: #fff3cd;\n border: 2px solid #ffc107;\n border-radius: 10px;\n padding: 20px;\n margin: 20px 0;\n }\n \n .highlight {\n background: linear-gradient(135deg, #ffecd2, #fcb69f);\n padding: 3px 8px;\n border-radius: 5px;\n font-weight: 600;\n }\n \n .feature-grid {\n display: grid;\n grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));\n gap: 20px;\n margin: 30px 0;\n }\n \n .feature-card {\n background: white;\n border: 2px solid #e9ecef;\n border-radius: 10px;\n padding: 20px;\n text-align: center;\n transition: all 0.3s ease;\n box-shadow: 0 5px 15px rgba(0,0,0,0.1);\n }\n \n .feature-card:hover {\n border-color: #3498db;\n transform: translateY(-5px);\n }\n \n .icon {\n font-size: 2em;\n margin-bottom: 15px;\n display: block;\n }\n <\/style>\n<\/head>\n<body>\n <div class=\"manual-container\">\n <div class=\"container\">\n <h1>\ud83d\udcda Manual Completo: Controlador de Dominio Samba AD DC<\/h1>\n <p class=\"subtitle\">Implementaci\u00f3n en Debian 12 con Administraci\u00f3n desde Windows 10<\/p>\n \n <div class=\"intro-box\">\n <h3>\ud83c\udfaf Introducci\u00f3n<\/h3>\n <p>Este manual describe la instalaci\u00f3n completa de un Controlador de Dominio Principal (PDC) usando Samba Active Directory Domain Controller en Debian 12, junto con la administraci\u00f3n desde Windows 10 Professional.<\/p>\n \n <div class=\"architecture-grid\">\n <div class=\"arch-card\">\n <h4>\ud83d\udda5\ufe0f VM1: Controlador de Dominio<\/h4>\n <p>Debian 12 + Samba AD DC<\/p>\n <\/div>\n <div class=\"arch-card\">\n <h4>\ud83d\udcc1 VM2: Servidor de Archivos<\/h4>\n <p>Futuro servidor de archivos<\/p>\n <\/div>\n <div class=\"arch-card\">\n <h4>\ud83d\udcbb Clientes Windows<\/h4>\n <p>Windows 10 Professional para administraci\u00f3n<\/p>\n <\/div>\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\ude80 Fase 1: Instalaci\u00f3n de Debian 12<\/h2>\n \n <h3>1.1 Preparaci\u00f3n del Sistema<\/h3>\n <p><strong>Distribuci\u00f3n:<\/strong> <span class=\"highlight\">Debian 12 “Bookworm”<\/span><\/p>\n <ul>\n <li><strong>ISO recomendada:<\/strong> netinst (650MB)<\/li>\n <li><strong>Tipo de instalaci\u00f3n:<\/strong> Servidor m\u00ednimo<\/li>\n <\/ul>\n \n <h3>1.2 Selecci\u00f3n de Paquetes durante la Instalaci\u00f3n<\/h3>\n <p>Durante la instalaci\u00f3n, en “Selecci\u00f3n de programas”:<\/p>\n \n <div class=\"success-box\">\n <h4>\u2705 Marcar:<\/h4>\n <ul>\n <li>Entorno de escritorio Debian<\/li>\n <li>SSH server<\/li>\n <li>Utilidades est\u00e1ndar del sistema<\/li>\n <\/ul>\n <\/div>\n \n <div class=\"warning-box\">\n <h4>\u274c Desmarcar:<\/h4>\n <ul>\n <li>GNOME (no necesario para servidor)<\/li>\n <li>Web server<\/li>\n <li>Otros entornos gr\u00e1ficos<\/li>\n <\/ul>\n <\/div>\n \n <h3>1.3 Configuraci\u00f3n de Kerberos<\/h3>\n <p>Durante la instalaci\u00f3n se configurar\u00e1 Kerberos autom\u00e1ticamente:<\/p>\n \n <div class=\"code-block\">\n<strong>Configurando la autenticaci\u00f3n de Kerberos:<\/strong>\n– Reino (Realm): MIEMPRESA.LOCAL\n– Servidores de Kerberos: 127.0.0.1\n– Servidor administrativo: 127.0.0.1\n <\/div>\n \n <div class=\"info-box\">\n <strong>\ud83d\udcdd Nota:<\/strong> Se usa 127.0.0.1 porque esta VM ser\u00e1 el controlador principal.\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\u2699\ufe0f Fase 2: Configuraci\u00f3n Post-Instalaci\u00f3n<\/h2>\n \n <h3>2.1 Configuraci\u00f3n de Red<\/h3>\n <p>Configurar IP est\u00e1tica:<\/p>\n \n <div class=\"command\">sudo nano \/etc\/network\/interfaces<\/div>\n \n <div class=\"code-block\">\n# Interfaz principal\nauto ens18\niface ens18 inet static\n address 192.168.50.251\/24\n gateway 192.168.50.1\n dns-nameservers 127.0.0.1 8.8.8.8\n <\/div>\n \n <h3>2.2 Configuraci\u00f3n de Hostname<\/h3>\n <div class=\"command\">\n# Establecer hostname<br>\nsudo hostnamectl set-hostname dc01.miempresa.local<br><br>\n# Configurar \/etc\/hosts<br>\nsudo nano \/etc\/hosts\n <\/div>\n \n <div class=\"code-block\">\n127.0.0.1 localhost\n192.168.50.251 dc01.miempresa.local dc01\n\n# Comentar o eliminar l\u00edneas como:\n# 127.0.1.1 nombre-anterior\n <\/div>\n \n <h3>2.3 Reiniciar Servicios de Red<\/h3>\n <div class=\"command\">\nsudo systemctl restart networking<br>\nsudo reboot\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udd27 Fase 3: Instalaci\u00f3n y Configuraci\u00f3n de Samba AD DC<\/h2>\n \n <h3>3.1 Actualizaci\u00f3n del Sistema<\/h3>\n <div class=\"command\">sudo apt update && sudo apt upgrade -y<\/div>\n \n <h3>3.2 Instalaci\u00f3n de Paquetes Necesarios<\/h3>\n <div class=\"command\">sudo apt install samba winbind krb5-user dnsutils -y<\/div>\n \n <h3>3.3 Preparaci\u00f3n de Samba<\/h3>\n <div class=\"command\">\n# Detener servicios existentes<br>\nsudo systemctl stop samba-ad-dc smbd nmbd winbind<br><br>\n# Hacer backup de configuraci\u00f3n existente<br>\nsudo mv \/etc\/samba\/smb.conf \/etc\/samba\/smb.conf.backup<br><br>\n# Limpiar datos anteriores si existen<br>\nsudo rm -rf \/var\/lib\/samba\/private\/*<br>\nsudo rm -rf \/var\/lib\/samba\/sysvol\n <\/div>\n \n <h3>3.4 Provisionamiento del Dominio<\/h3>\n <div class=\"command\">sudo samba-tool domain provision –use-rfc2307 –interactive<\/div>\n \n <div class=\"tip-box\">\n <h4>\ud83d\udca1 Respuestas durante el provisionamiento:<\/h4>\n <ul>\n <li><strong>Realm:<\/strong> MIEMPRESA.LOCAL<\/li>\n <li><strong>Domain:<\/strong> MIEMPRESA<\/li>\n <li><strong>Server Role:<\/strong> dc<\/li>\n <li><strong>DNS backend:<\/strong> SAMBA_INTERNAL<\/li>\n <li><strong>DNS forwarder IP:<\/strong> 8.8.8.8<\/li>\n <li><strong>Administrator password:<\/strong> [Contrase\u00f1a segura]<\/li>\n <\/ul>\n <\/div>\n \n <h3>3.5 Configuraci\u00f3n Final<\/h3>\n <div class=\"command\">\n# Copiar configuraci\u00f3n de Kerberos<br>\nsudo cp \/var\/lib\/samba\/private\/krb5.conf \/etc\/krb5.conf<br><br>\n# Configurar DNS del sistema<br>\nsudo nano \/etc\/resolv.conf\n <\/div>\n \n <div class=\"code-block\">\nnameserver 127.0.0.1\nnameserver 8.8.8.8\nsearch miempresa.local\n <\/div>\n \n <h3>3.6 Iniciar Servicios<\/h3>\n <div class=\"command\">\nsudo systemctl unmask samba-ad-dc<br>\nsudo systemctl enable samba-ad-dc<br>\nsudo systemctl start samba-ad-dc\n <\/div>\n \n <div class=\"verification-steps\">\n <h3>3.7 Verificaci\u00f3n del Funcionamiento<\/h3>\n <div class=\"command\">\n# Verificar estado del servicio<br>\nsudo systemctl status samba-ad-dc<br><br>\n# Verificar nivel del dominio<br>\nsudo samba-tool domain level show<br><br>\n# Probar DNS interno<br>\nnslookup miempresa.local 127.0.0.1<br><br>\n# Probar autenticaci\u00f3n Kerberos<br>\nkinit Administrator@MIEMPRESA.LOCAL<br><br>\n# Ver informaci\u00f3n del dominio<br>\nsudo samba-tool domain info 127.0.0.1\n <\/div>\n \n <div class=\"success-box\">\n <h4>\ud83c\udf89 Resultado esperado:<\/h4>\n <ul>\n <li>Servicio activo y funcionando<\/li>\n <li>DNS resolviendo correctamente<\/li>\n <li>Autenticaci\u00f3n Kerberos exitosa<\/li>\n <li>Dominio respondiendo correctamente<\/li>\n <\/ul>\n <\/div>\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udc65 Fase 4: Administraci\u00f3n B\u00e1sica desde L\u00ednea de Comandos<\/h2>\n \n <h3>4.1 Gesti\u00f3n de Usuarios<\/h3>\n \n <h4>Crear usuarios:<\/h4>\n <div class=\"command\">\n# Usuario b\u00e1sico<br>\nsudo samba-tool user create juan.perez –given-name=”Juan” –surname=”P\u00e9rez”<br><br>\n# Usuario con informaci\u00f3n completa<br>\nsudo samba-tool user create maria.garcia \\<br>\n –given-name=”Mar\u00eda” \\<br>\n –surname=”Garc\u00eda” \\<br>\n –mail-address=”maria.garcia@miempresa.local” \\<br>\n –description=”Secretaria Administraci\u00f3n” \\<br>\n –department=”Administraci\u00f3n” \\<br>\n –company=”MiEmpresa”\n <\/div>\n \n <h4>Gestionar usuarios:<\/h4>\n <div class=\"command\">\n# Listar usuarios<br>\nsudo samba-tool user list<br><br>\n# Ver informaci\u00f3n de usuario<br>\nsudo samba-tool user show juan.perez<br><br>\n# Cambiar contrase\u00f1a<br>\nsudo samba-tool user setpassword juan.perez<br><br>\n# Habilitar\/deshabilitar usuario<br>\nsudo samba-tool user enable juan.perez<br>\nsudo samba-tool user disable juan.perez\n <\/div>\n \n <h3>4.2 Gesti\u00f3n de Grupos<\/h3>\n <div class=\"command\">\n# Crear grupo<br>\nsudo samba-tool group add “Administracion”<br><br>\n# Agregar usuario a grupo<br>\nsudo samba-tool group addmembers “Administracion” juan.perez<br><br>\n# Listar miembros de grupo<br>\nsudo samba-tool group listmembers “Administracion”\n <\/div>\n \n <h3>4.3 Crear Estructura Organizacional<\/h3>\n <div class=\"command\">\n# Crear unidades organizacionales<br>\nsudo samba-tool ou create “OU=Usuarios,DC=miempresa,DC=local”<br>\nsudo samba-tool ou create “OU=Equipos,DC=miempresa,DC=local”<br>\nsudo samba-tool ou create “OU=Servidores,DC=miempresa,DC=local”<br>\nsudo samba-tool ou create “OU=Grupos,DC=miempresa,DC=local”\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udda5\ufe0f Fase 5: Administraci\u00f3n desde Windows 10 Professional<\/h2>\n \n <h3>5.1 Preparaci\u00f3n del Equipo Windows<\/h3>\n \n <h4>Configurar DNS:<\/h4>\n <ol>\n <li>Ir a <strong>Configuraci\u00f3n<\/strong> \u2192 <strong>Red e Internet<\/strong> \u2192 <strong>Ethernet\/WiFi<\/strong><\/li>\n <li>Hacer clic en <strong>Propiedades<\/strong><\/li>\n <li>En <strong>Configuraci\u00f3n de IP<\/strong>, seleccionar <strong>Editar<\/strong><\/li>\n <li>Configurar:\n <ul>\n <li><strong>DNS primario:<\/strong> 192.168.50.251<\/li>\n <li><strong>DNS secundario:<\/strong> 8.8.8.8<\/li>\n <\/ul>\n <\/li>\n <\/ol>\n \n <h4>Verificar conectividad:<\/h4>\n <div class=\"command\">\nnslookup miempresa.local 192.168.50.251<br>\nping dc01.miempresa.local<br>\ntelnet 192.168.50.251 389\n <\/div>\n \n <h3>5.2 Unir el Equipo al Dominio<\/h3>\n <ol>\n <li><strong>Panel de Control<\/strong> \u2192 <strong>Sistema y seguridad<\/strong> \u2192 <strong>Sistema<\/strong><\/li>\n <li>Hacer clic en <strong>Configuraci\u00f3n avanzada del sistema<\/strong><\/li>\n <li>En pesta\u00f1a <strong>Nombre de equipo<\/strong>, hacer clic en <strong>Cambiar<\/strong><\/li>\n <li>Seleccionar <strong>Dominio<\/strong> e introducir: <span class=\"highlight\">miempresa.local<\/span><\/li>\n <li>Introducir credenciales:\n <ul>\n <li><strong>Usuario:<\/strong> Administrator<\/li>\n <li><strong>Contrase\u00f1a:<\/strong> [La configurada durante el provisionamiento]<\/li>\n <\/ul>\n <\/li>\n <li>Reiniciar cuando se solicite<\/li>\n <\/ol>\n \n <h3>5.3 Instalaci\u00f3n de Herramientas Administrativas (RSAT)<\/h3>\n \n <div class=\"info-box\">\n <h4>En Windows 10:<\/h4>\n <ol>\n <li><strong>Configuraci\u00f3n<\/strong> \u2192 <strong>Aplicaciones<\/strong> \u2192 <strong>Caracter\u00edsticas opcionales<\/strong><\/li>\n <li><strong>Agregar una caracter\u00edstica<\/strong><\/li>\n <li>Buscar e instalar:\n <ul>\n <li>RSAT: Active Directory Domain Services and Lightweight Directory Services Tools<\/li>\n <li>RSAT: Group Policy Management Tools<\/li>\n <li>RSAT: DNS Server Tools<\/li>\n <\/ul>\n <\/li>\n <\/ol>\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udd10 Fase 6: Administraci\u00f3n Avanzada con Windows 10<\/h2>\n \n <h3>6.1 Gesti\u00f3n de Usuarios desde Windows<\/h3>\n \n <div class=\"feature-grid\">\n <div class=\"feature-card\">\n <span class=\"icon\">\ud83d\udc64<\/span>\n <h4>Crear usuarios<\/h4>\n <p>Abrir <strong>Usuarios y equipos de Active Directory<\/strong> \u2192 Navegar a la OU deseada \u2192 Hacer clic derecho \u2192 <strong>Nuevo<\/strong> \u2192 <strong>Usuario<\/strong><\/p>\n <\/div>\n \n <div class=\"feature-card\">\n <span class=\"icon\">\ud83d\udc65<\/span>\n <h4>Gesti\u00f3n de Grupos<\/h4>\n <p>Crear grupos de seguridad y distribuci\u00f3n con diferentes \u00e1mbitos (Global, Universal, Local de dominio)<\/p>\n <\/div>\n \n <div class=\"feature-card\">\n <span class=\"icon\">\ud83d\udee1\ufe0f<\/span>\n <h4>Pol\u00edticas de Grupo<\/h4>\n <p>Configurar GPOs para seguridad, restricciones de escritorio y pol\u00edticas de contrase\u00f1as<\/p>\n <\/div>\n \n <div class=\"feature-card\">\n <span class=\"icon\">\ud83c\udf10<\/span>\n <h4>Administraci\u00f3n DNS<\/h4>\n <p>Gestionar zonas directas e inversas, crear registros A, CNAME, MX<\/p>\n <\/div>\n <\/div>\n \n <h3>6.2 Configuraci\u00f3n de Pol\u00edticas de Grupo (GPO)<\/h3>\n \n <div class=\"tip-box\">\n <h4>\ud83d\udca1 Crear nueva GPO:<\/h4>\n <ol>\n <li>Abrir <strong>Administraci\u00f3n de directivas de grupo<\/strong><\/li>\n <li>Hacer clic derecho en el dominio \u2192 <strong>Crear un GPO en este dominio y vincularlo aqu\u00ed<\/strong><\/li>\n <li><strong>Nombre:<\/strong> “Pol\u00edtica de Seguridad B\u00e1sica”<\/li>\n <\/ol>\n <\/div>\n \n <table class=\"config-table\">\n <thead>\n <tr>\n <th>Pol\u00edtica<\/th>\n <th>Configuraci\u00f3n Recomendada<\/th>\n <th>Ubicaci\u00f3n<\/th>\n <\/tr>\n <\/thead>\n <tbody>\n <tr>\n <td>Longitud m\u00ednima de contrase\u00f1a<\/td>\n <td>8 caracteres<\/td>\n <td>Configuraci\u00f3n del equipo \u2192 Directivas \u2192 Configuraci\u00f3n de Windows \u2192 Configuraci\u00f3n de seguridad<\/td>\n <\/tr>\n <tr>\n <td>Complejidad de contrase\u00f1a<\/td>\n <td>Habilitada<\/td>\n <td>Directivas de cuenta \u2192 Directiva de contrase\u00f1as<\/td>\n <\/tr>\n <tr>\n <td>Vigencia m\u00e1xima<\/td>\n <td>90 d\u00edas<\/td>\n <td>Directivas de cuenta \u2192 Directiva de contrase\u00f1as<\/td>\n <\/tr>\n <tr>\n <td>Umbral de bloqueo<\/td>\n <td>5 intentos<\/td>\n <td>Directivas de cuenta \u2192 Directiva de bloqueo<\/td>\n <\/tr>\n <\/tbody>\n <\/table>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udcc1 Fase 7: Configuraci\u00f3n del Servidor de Archivos (VM2)<\/h2>\n \n <h3>7.1 Preparaci\u00f3n de la Segunda VM<\/h3>\n \n <div class=\"architecture-grid\">\n <div class=\"arch-card\">\n <h4>\ud83d\udcbe Especificaciones<\/h4>\n <ul>\n <li><strong>SO:<\/strong> Debian 12 (m\u00ednima)<\/li>\n <li><strong>RAM:<\/strong> 4GB<\/li>\n <li><strong>Disco:<\/strong> Seg\u00fan necesidades<\/li>\n <li><strong>Red:<\/strong> IP est\u00e1tica<\/li>\n <\/ul>\n <\/div>\n \n <div class=\"arch-card\">\n <h4>\ud83d\udd27 Instalaci\u00f3n<\/h4>\n <div class=\"command\">\nsudo apt install samba cifs-utils realmd sssd-tools\n <\/div>\n <\/div>\n <\/div>\n \n <h3>7.2 Unir al Dominio<\/h3>\n <div class=\"command\">\n# Unirse al dominio<br>\nsudo realm join MIEMPRESA.LOCAL -U Administrator<br><br>\n# Verificar uni\u00f3n<br>\nsudo realm list\n <\/div>\n \n <h3>7.3 Configurar Compartimientos<\/h3>\n <div class=\"code-block\">\n[compartido]\n path = \/srv\/samba\/compartido\n browseable = yes\n read only = no\n force create mode = 0660\n force directory mode = 2770\n valid users = @”MIEMPRESA\\Domain Users”\n \n[administracion]\n path = \/srv\/samba\/administracion\n browseable = yes\n read only = no\n force create mode = 0660\n force directory mode = 2770\n valid users = @”MIEMPRESA\\Administracion”\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udd27 Fase 8: Mantenimiento y Monitoreo<\/h2>\n \n <h3>8.1 Script de Respaldo Autom\u00e1tico<\/h3>\n <div class=\"code-block\">\n#!\/bin\/bash\n# \/usr\/local\/bin\/backup-samba.sh\n\nBACKUP_DIR=”\/backup\/samba”\nDATE=$(date +%Y%m%d_%H%M%S)\n\n# Crear directorio de respaldo\nmkdir -p $BACKUP_DIR\n\n# Respaldar base de datos de Samba\nsamba-tool domain backup online –targetdir=$BACKUP_DIR\/db_$DATE\n\n# Respaldar configuraci\u00f3n\ntar -czf $BACKUP_DIR\/config_$DATE.tar.gz \/etc\/samba\/ \/etc\/krb5.conf\n\n# Limpiar respaldos antiguos (mantener 7 d\u00edas)\nfind $BACKUP_DIR -type f -mtime +7 -delete\n\necho “Respaldo completado: $DATE”\n <\/div>\n \n <h3>8.2 Programar Respaldo Diario<\/h3>\n <div class=\"command\">\nsudo crontab -e<br>\n# Agregar l\u00ednea:<br>\n0 2 * * * \/usr\/local\/bin\/backup-samba.sh\n <\/div>\n \n <h3>8.3 Comandos de Monitoreo<\/h3>\n <div class=\"command\">\n# Estado de servicios<br>\nsystemctl status samba-ad-dc<br><br>\n# Replicaci\u00f3n de AD<br>\nsamba-tool drs showrepl<br><br>\n# Logs de Samba<br>\ntail -f \/var\/log\/samba\/log.samba\n <\/div>\n <\/div>\n\n <div class=\"troubleshooting\">\n <h2>\ud83d\udea8 Resoluci\u00f3n de Problemas Comunes<\/h2>\n \n <h3>Problemas de DNS<\/h3>\n <div class=\"command\">\n# Verificar configuraci\u00f3n DNS<br>\nnslookup miempresa.local 127.0.0.1<br>\nnslookup dc01.miempresa.local 127.0.0.1<br><br>\n# Reiniciar servicio DNS<br>\nsudo systemctl restart samba-ad-dc\n <\/div>\n \n <h3>Problemas de Autenticaci\u00f3n<\/h3>\n <div class=\"command\">\n# Verificar sincronizaci\u00f3n de tiempo<br>\nsudo ntpdate -s time.nist.gov<br><br>\n# Limpiar cache de Kerberos<br>\nsudo kdestroy<br><br>\n# Regenerar tickets<br>\nkinit Administrator@MIEMPRESA.LOCAL\n <\/div>\n <\/div>\n\n <div class=\"info-box\">\n <h2>\ud83d\udcca Puertos Utilizados por Active Directory<\/h2>\n \n <table class=\"config-table\">\n <thead>\n <tr>\n <th>Puerto<\/th>\n <th>Protocolo<\/th>\n <th>Servicio<\/th>\n <\/tr>\n <\/thead>\n <tbody>\n <tr><td>53<\/td><td>TCP\/UDP<\/td><td>DNS<\/td><\/tr>\n <tr><td>88<\/td><td>TCP\/UDP<\/td><td>Kerberos<\/td><\/tr>\n <tr><td>135<\/td><td>TCP<\/td><td>RPC Endpoint Mapper<\/td><\/tr>\n <tr><td>139<\/td><td>TCP<\/td><td>NetBIOS Session Service<\/td><\/tr>\n <tr><td>389<\/td><td>TCP\/UDP<\/td><td>LDAP<\/td><\/tr>\n <tr><td>445<\/td><td>TCP<\/td><td>SMB over TCP<\/td><\/tr>\n <tr><td>464<\/td><td>TCP\/UDP<\/td><td>Kerberos kpasswd<\/td><\/tr>\n <tr><td>636<\/td><td>TCP<\/td><td>LDAPS<\/td><\/tr>\n <tr><td>3268<\/td><td>TCP<\/td><td>Global Catalog<\/td><\/tr>\n <tr><td>3269<\/td><td>TCP<\/td><td>Global Catalog over SSL<\/td><\/tr>\n <\/tbody>\n <\/table>\n <\/div>\n\n <div class=\"success-box\">\n <h2>\ud83c\udf89 Conclusi\u00f3n<\/h2>\n <p>Este manual proporciona una gu\u00eda completa para implementar un controlador de dominio robusto y escalable usando Samba AD DC en Debian 12. La arquitectura separada entre controlador de dominio y servidor de archivos permite un mantenimiento eficiente y respaldos r\u00e1pidos.<\/p>\n \n <h3>\ud83c\udf1f Caracter\u00edsticas del proyecto implementado:<\/h3>\n <ul>\n <li>\u2705 Controlador de dominio completamente funcional<\/li>\n <li>\u2705 Compatible con clientes Windows<\/li>\n <li>\u2705 Administraci\u00f3n remota desde Windows 10<\/li>\n <li>\u2705 Arquitectura escalable y mantenible<\/li>\n <li>\u2705 Respaldos eficientes<\/li>\n <li>\u2705 Monitoreo y resoluci\u00f3n de problemas<\/li>\n <li>\u2705 Soporte extendido hasta 2028 (Debian 12)<\/li>\n <\/ul>\n \n <p>El sistema est\u00e1 preparado para un uso productivo a largo plazo con el soporte extendido de Debian 12.<\/p>\n <\/div>\n <\/div>\n <\/div>\n<\/body>\n<\/html>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Manual Completo: Controlador de Dominio Samba AD DC \ud83d\udcda Manual Completo: Controlador de Dominio Samba AD DC Implementaci\u00f3n en Debian 12 con Administraci\u00f3n desde Windows 10 \ud83c\udfaf Introducci\u00f3n Este manual describe la instalaci\u00f3n completa de un Controlador de Dominio Principal (PDC) usando Samba Active Directory Domain Controller en Debian 12, junto con la administraci\u00f3n desde […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-3921","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages\/3921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/comments?post=3921"}],"version-history":[{"count":10,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages\/3921\/revisions"}],"predecessor-version":[{"id":3933,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages\/3921\/revisions\/3933"}],"wp:attachment":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/media?parent=3921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

\n\t\t\t\t\t\t

\n\t\t\t\t\t

\n\t\t\t

\n\t\t\t\t\t\t

\n\t\t\t\t

\n\t\t\t\t\t\t\t\t\t\n\n\n \n \n Manual Completo: Controlador de Dominio Samba AD DC<\/title>\n <style>\n .manual-container {\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\n line-height: 1.7;\n color: #333;\n max-width: 1200px;\n margin: 0 auto;\n padding: 20px;\n }\n \n .container {\n background: white;\n border-radius: 15px;\n padding: 40px;\n box-shadow: 0 20px 40px rgba(0,0,0,0.1);\n margin: 20px 0;\n border: 1px solid #e9ecef;\n }\n \n h1 {\n color: #2c3e50;\n text-align: center;\n font-size: 2.5em;\n margin-bottom: 10px;\n background: linear-gradient(45deg, #3498db, #2c3e50);\n -webkit-background-clip: text;\n -webkit-text-fill-color: transparent;\n background-clip: text;\n }\n \n .subtitle {\n text-align: center;\n color: #7f8c8d;\n font-size: 1.2em;\n margin-bottom: 40px;\n font-style: italic;\n }\n \n h2 {\n color: #2980b9;\n border-left: 5px solid #3498db;\n padding-left: 15px;\n margin-top: 40px;\n font-size: 1.8em;\n background: linear-gradient(90deg, #f8f9fa 0%, transparent 100%);\n padding: 15px;\n border-radius: 0 10px 10px 0;\n }\n \n h3 {\n color: #27ae60;\n margin-top: 30px;\n font-size: 1.4em;\n border-bottom: 2px solid #27ae60;\n padding-bottom: 5px;\n display: inline-block;\n }\n \n h4 {\n color: #e67e22;\n margin-top: 25px;\n font-size: 1.2em;\n }\n \n .intro-box {\n background: linear-gradient(135deg, #74b9ff, #0984e3);\n color: white;\n padding: 30px;\n border-radius: 15px;\n margin: 30px 0;\n box-shadow: 0 10px 30px rgba(116, 185, 255, 0.3);\n }\n \n .phase-card {\n background: #f8f9fa;\n border: 1px solid #e9ecef;\n border-radius: 10px;\n padding: 25px;\n margin: 20px 0;\n box-shadow: 0 5px 15px rgba(0,0,0,0.08);\n transition: transform 0.3s ease;\n }\n \n .phase-card:hover {\n transform: translateY(-5px);\n box-shadow: 0 10px 25px rgba(0,0,0,0.15);\n }\n \n .code-block {\n background: #2d3748;\n color: #e2e8f0;\n padding: 20px;\n border-radius: 10px;\n overflow-x: auto;\n margin: 15px 0;\n border-left: 4px solid #4299e1;\n font-family: 'Courier New', monospace;\n box-shadow: inset 0 2px 4px rgba(0,0,0,0.2);\n }\n \n .command {\n background: #1a202c;\n color: #68d391;\n padding: 15px;\n border-radius: 8px;\n font-family: 'Courier New', monospace;\n margin: 10px 0;\n border-left: 3px solid #68d391;\n }\n \n .warning-box {\n background: linear-gradient(135deg, #ff7675, #d63031);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #d63031;\n }\n \n .success-box {\n background: linear-gradient(135deg, #00b894, #00a085);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #00a085;\n }\n \n .info-box {\n background: linear-gradient(135deg, #74b9ff, #0984e3);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #0984e3;\n }\n \n .tip-box {\n background: linear-gradient(135deg, #fdcb6e, #e17055);\n color: white;\n padding: 20px;\n border-radius: 10px;\n margin: 20px 0;\n border-left: 5px solid #e17055;\n }\n \n ul, ol {\n padding-left: 25px;\n }\n \n li {\n margin: 8px 0;\n }\n \n .config-table {\n width: 100%;\n border-collapse: collapse;\n margin: 20px 0;\n background: white;\n border-radius: 10px;\n overflow: hidden;\n box-shadow: 0 5px 15px rgba(0,0,0,0.1);\n }\n \n .config-table th {\n background: linear-gradient(135deg, #667eea, #764ba2);\n color: white;\n padding: 15px;\n text-align: left;\n font-weight: 600;\n }\n \n .config-table td {\n padding: 12px 15px;\n border-bottom: 1px solid #eee;\n }\n \n .config-table tr:hover {\n background: #f8f9fa;\n }\n \n .architecture-grid {\n display: grid;\n grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));\n gap: 20px;\n margin: 30px 0;\n }\n \n .arch-card {\n background: linear-gradient(135deg, #a8edea, #fed6e3);\n padding: 25px;\n border-radius: 15px;\n text-align: center;\n box-shadow: 0 10px 25px rgba(0,0,0,0.1);\n }\n \n .step-counter {\n background: linear-gradient(135deg, #667eea, #764ba2);\n color: white;\n width: 30px;\n height: 30px;\n border-radius: 50%;\n display: inline-flex;\n align-items: center;\n justify-content: center;\n margin-right: 10px;\n font-weight: bold;\n }\n \n .verification-steps {\n background: #e8f5e8;\n border: 2px solid #27ae60;\n border-radius: 10px;\n padding: 20px;\n margin: 20px 0;\n }\n \n .troubleshooting {\n background: #fff3cd;\n border: 2px solid #ffc107;\n border-radius: 10px;\n padding: 20px;\n margin: 20px 0;\n }\n \n .highlight {\n background: linear-gradient(135deg, #ffecd2, #fcb69f);\n padding: 3px 8px;\n border-radius: 5px;\n font-weight: 600;\n }\n \n .feature-grid {\n display: grid;\n grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));\n gap: 20px;\n margin: 30px 0;\n }\n \n .feature-card {\n background: white;\n border: 2px solid #e9ecef;\n border-radius: 10px;\n padding: 20px;\n text-align: center;\n transition: all 0.3s ease;\n box-shadow: 0 5px 15px rgba(0,0,0,0.1);\n }\n \n .feature-card:hover {\n border-color: #3498db;\n transform: translateY(-5px);\n }\n \n .icon {\n font-size: 2em;\n margin-bottom: 15px;\n display: block;\n }\n <\/style>\n<\/head>\n<body>\n <div class=\"manual-container\">\n <div class=\"container\">\n <h1>\ud83d\udcda Manual Completo: Controlador de Dominio Samba AD DC<\/h1>\n <p class=\"subtitle\">Implementaci\u00f3n en Debian 12 con Administraci\u00f3n desde Windows 10<\/p>\n \n <div class=\"intro-box\">\n <h3>\ud83c\udfaf Introducci\u00f3n<\/h3>\n <p>Este manual describe la instalaci\u00f3n completa de un Controlador de Dominio Principal (PDC) usando Samba Active Directory Domain Controller en Debian 12, junto con la administraci\u00f3n desde Windows 10 Professional.<\/p>\n \n <div class=\"architecture-grid\">\n <div class=\"arch-card\">\n <h4>\ud83d\udda5\ufe0f VM1: Controlador de Dominio<\/h4>\n <p>Debian 12 + Samba AD DC<\/p>\n <\/div>\n <div class=\"arch-card\">\n <h4>\ud83d\udcc1 VM2: Servidor de Archivos<\/h4>\n <p>Futuro servidor de archivos<\/p>\n <\/div>\n <div class=\"arch-card\">\n <h4>\ud83d\udcbb Clientes Windows<\/h4>\n <p>Windows 10 Professional para administraci\u00f3n<\/p>\n <\/div>\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\ude80 Fase 1: Instalaci\u00f3n de Debian 12<\/h2>\n \n <h3>1.1 Preparaci\u00f3n del Sistema<\/h3>\n <p><strong>Distribuci\u00f3n:<\/strong> <span class=\"highlight\">Debian 12 “Bookworm”<\/span><\/p>\n <ul>\n <li><strong>ISO recomendada:<\/strong> netinst (650MB)<\/li>\n <li><strong>Tipo de instalaci\u00f3n:<\/strong> Servidor m\u00ednimo<\/li>\n <\/ul>\n \n <h3>1.2 Selecci\u00f3n de Paquetes durante la Instalaci\u00f3n<\/h3>\n <p>Durante la instalaci\u00f3n, en “Selecci\u00f3n de programas”:<\/p>\n \n <div class=\"success-box\">\n <h4>\u2705 Marcar:<\/h4>\n <ul>\n <li>Entorno de escritorio Debian<\/li>\n <li>SSH server<\/li>\n <li>Utilidades est\u00e1ndar del sistema<\/li>\n <\/ul>\n <\/div>\n \n <div class=\"warning-box\">\n <h4>\u274c Desmarcar:<\/h4>\n <ul>\n <li>GNOME (no necesario para servidor)<\/li>\n <li>Web server<\/li>\n <li>Otros entornos gr\u00e1ficos<\/li>\n <\/ul>\n <\/div>\n \n <h3>1.3 Configuraci\u00f3n de Kerberos<\/h3>\n <p>Durante la instalaci\u00f3n se configurar\u00e1 Kerberos autom\u00e1ticamente:<\/p>\n \n <div class=\"code-block\">\n<strong>Configurando la autenticaci\u00f3n de Kerberos:<\/strong>\n– Reino (Realm): MIEMPRESA.LOCAL\n– Servidores de Kerberos: 127.0.0.1\n– Servidor administrativo: 127.0.0.1\n <\/div>\n \n <div class=\"info-box\">\n <strong>\ud83d\udcdd Nota:<\/strong> Se usa 127.0.0.1 porque esta VM ser\u00e1 el controlador principal.\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\u2699\ufe0f Fase 2: Configuraci\u00f3n Post-Instalaci\u00f3n<\/h2>\n \n <h3>2.1 Configuraci\u00f3n de Red<\/h3>\n <p>Configurar IP est\u00e1tica:<\/p>\n \n <div class=\"command\">sudo nano \/etc\/network\/interfaces<\/div>\n \n <div class=\"code-block\">\n# Interfaz principal\nauto ens18\niface ens18 inet static\n address 192.168.50.251\/24\n gateway 192.168.50.1\n dns-nameservers 127.0.0.1 8.8.8.8\n <\/div>\n \n <h3>2.2 Configuraci\u00f3n de Hostname<\/h3>\n <div class=\"command\">\n# Establecer hostname<br>\nsudo hostnamectl set-hostname dc01.miempresa.local<br><br>\n# Configurar \/etc\/hosts<br>\nsudo nano \/etc\/hosts\n <\/div>\n \n <div class=\"code-block\">\n127.0.0.1 localhost\n192.168.50.251 dc01.miempresa.local dc01\n\n# Comentar o eliminar l\u00edneas como:\n# 127.0.1.1 nombre-anterior\n <\/div>\n \n <h3>2.3 Reiniciar Servicios de Red<\/h3>\n <div class=\"command\">\nsudo systemctl restart networking<br>\nsudo reboot\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udd27 Fase 3: Instalaci\u00f3n y Configuraci\u00f3n de Samba AD DC<\/h2>\n \n <h3>3.1 Actualizaci\u00f3n del Sistema<\/h3>\n <div class=\"command\">sudo apt update && sudo apt upgrade -y<\/div>\n \n <h3>3.2 Instalaci\u00f3n de Paquetes Necesarios<\/h3>\n <div class=\"command\">sudo apt install samba winbind krb5-user dnsutils -y<\/div>\n \n <h3>3.3 Preparaci\u00f3n de Samba<\/h3>\n <div class=\"command\">\n# Detener servicios existentes<br>\nsudo systemctl stop samba-ad-dc smbd nmbd winbind<br><br>\n# Hacer backup de configuraci\u00f3n existente<br>\nsudo mv \/etc\/samba\/smb.conf \/etc\/samba\/smb.conf.backup<br><br>\n# Limpiar datos anteriores si existen<br>\nsudo rm -rf \/var\/lib\/samba\/private\/*<br>\nsudo rm -rf \/var\/lib\/samba\/sysvol\n <\/div>\n \n <h3>3.4 Provisionamiento del Dominio<\/h3>\n <div class=\"command\">sudo samba-tool domain provision –use-rfc2307 –interactive<\/div>\n \n <div class=\"tip-box\">\n <h4>\ud83d\udca1 Respuestas durante el provisionamiento:<\/h4>\n <ul>\n <li><strong>Realm:<\/strong> MIEMPRESA.LOCAL<\/li>\n <li><strong>Domain:<\/strong> MIEMPRESA<\/li>\n <li><strong>Server Role:<\/strong> dc<\/li>\n <li><strong>DNS backend:<\/strong> SAMBA_INTERNAL<\/li>\n <li><strong>DNS forwarder IP:<\/strong> 8.8.8.8<\/li>\n <li><strong>Administrator password:<\/strong> [Contrase\u00f1a segura]<\/li>\n <\/ul>\n <\/div>\n \n <h3>3.5 Configuraci\u00f3n Final<\/h3>\n <div class=\"command\">\n# Copiar configuraci\u00f3n de Kerberos<br>\nsudo cp \/var\/lib\/samba\/private\/krb5.conf \/etc\/krb5.conf<br><br>\n# Configurar DNS del sistema<br>\nsudo nano \/etc\/resolv.conf\n <\/div>\n \n <div class=\"code-block\">\nnameserver 127.0.0.1\nnameserver 8.8.8.8\nsearch miempresa.local\n <\/div>\n \n <h3>3.6 Iniciar Servicios<\/h3>\n <div class=\"command\">\nsudo systemctl unmask samba-ad-dc<br>\nsudo systemctl enable samba-ad-dc<br>\nsudo systemctl start samba-ad-dc\n <\/div>\n \n <div class=\"verification-steps\">\n <h3>3.7 Verificaci\u00f3n del Funcionamiento<\/h3>\n <div class=\"command\">\n# Verificar estado del servicio<br>\nsudo systemctl status samba-ad-dc<br><br>\n# Verificar nivel del dominio<br>\nsudo samba-tool domain level show<br><br>\n# Probar DNS interno<br>\nnslookup miempresa.local 127.0.0.1<br><br>\n# Probar autenticaci\u00f3n Kerberos<br>\nkinit Administrator@MIEMPRESA.LOCAL<br><br>\n# Ver informaci\u00f3n del dominio<br>\nsudo samba-tool domain info 127.0.0.1\n <\/div>\n \n <div class=\"success-box\">\n <h4>\ud83c\udf89 Resultado esperado:<\/h4>\n <ul>\n <li>Servicio activo y funcionando<\/li>\n <li>DNS resolviendo correctamente<\/li>\n <li>Autenticaci\u00f3n Kerberos exitosa<\/li>\n <li>Dominio respondiendo correctamente<\/li>\n <\/ul>\n <\/div>\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udc65 Fase 4: Administraci\u00f3n B\u00e1sica desde L\u00ednea de Comandos<\/h2>\n \n <h3>4.1 Gesti\u00f3n de Usuarios<\/h3>\n \n <h4>Crear usuarios:<\/h4>\n <div class=\"command\">\n# Usuario b\u00e1sico<br>\nsudo samba-tool user create juan.perez –given-name=”Juan” –surname=”P\u00e9rez”<br><br>\n# Usuario con informaci\u00f3n completa<br>\nsudo samba-tool user create maria.garcia \\<br>\n –given-name=”Mar\u00eda” \\<br>\n –surname=”Garc\u00eda” \\<br>\n –mail-address=”maria.garcia@miempresa.local” \\<br>\n –description=”Secretaria Administraci\u00f3n” \\<br>\n –department=”Administraci\u00f3n” \\<br>\n –company=”MiEmpresa”\n <\/div>\n \n <h4>Gestionar usuarios:<\/h4>\n <div class=\"command\">\n# Listar usuarios<br>\nsudo samba-tool user list<br><br>\n# Ver informaci\u00f3n de usuario<br>\nsudo samba-tool user show juan.perez<br><br>\n# Cambiar contrase\u00f1a<br>\nsudo samba-tool user setpassword juan.perez<br><br>\n# Habilitar\/deshabilitar usuario<br>\nsudo samba-tool user enable juan.perez<br>\nsudo samba-tool user disable juan.perez\n <\/div>\n \n <h3>4.2 Gesti\u00f3n de Grupos<\/h3>\n <div class=\"command\">\n# Crear grupo<br>\nsudo samba-tool group add “Administracion”<br><br>\n# Agregar usuario a grupo<br>\nsudo samba-tool group addmembers “Administracion” juan.perez<br><br>\n# Listar miembros de grupo<br>\nsudo samba-tool group listmembers “Administracion”\n <\/div>\n \n <h3>4.3 Crear Estructura Organizacional<\/h3>\n <div class=\"command\">\n# Crear unidades organizacionales<br>\nsudo samba-tool ou create “OU=Usuarios,DC=miempresa,DC=local”<br>\nsudo samba-tool ou create “OU=Equipos,DC=miempresa,DC=local”<br>\nsudo samba-tool ou create “OU=Servidores,DC=miempresa,DC=local”<br>\nsudo samba-tool ou create “OU=Grupos,DC=miempresa,DC=local”\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udda5\ufe0f Fase 5: Administraci\u00f3n desde Windows 10 Professional<\/h2>\n \n <h3>5.1 Preparaci\u00f3n del Equipo Windows<\/h3>\n \n <h4>Configurar DNS:<\/h4>\n <ol>\n <li>Ir a <strong>Configuraci\u00f3n<\/strong> \u2192 <strong>Red e Internet<\/strong> \u2192 <strong>Ethernet\/WiFi<\/strong><\/li>\n <li>Hacer clic en <strong>Propiedades<\/strong><\/li>\n <li>En <strong>Configuraci\u00f3n de IP<\/strong>, seleccionar <strong>Editar<\/strong><\/li>\n <li>Configurar:\n <ul>\n <li><strong>DNS primario:<\/strong> 192.168.50.251<\/li>\n <li><strong>DNS secundario:<\/strong> 8.8.8.8<\/li>\n <\/ul>\n <\/li>\n <\/ol>\n \n <h4>Verificar conectividad:<\/h4>\n <div class=\"command\">\nnslookup miempresa.local 192.168.50.251<br>\nping dc01.miempresa.local<br>\ntelnet 192.168.50.251 389\n <\/div>\n \n <h3>5.2 Unir el Equipo al Dominio<\/h3>\n <ol>\n <li><strong>Panel de Control<\/strong> \u2192 <strong>Sistema y seguridad<\/strong> \u2192 <strong>Sistema<\/strong><\/li>\n <li>Hacer clic en <strong>Configuraci\u00f3n avanzada del sistema<\/strong><\/li>\n <li>En pesta\u00f1a <strong>Nombre de equipo<\/strong>, hacer clic en <strong>Cambiar<\/strong><\/li>\n <li>Seleccionar <strong>Dominio<\/strong> e introducir: <span class=\"highlight\">miempresa.local<\/span><\/li>\n <li>Introducir credenciales:\n <ul>\n <li><strong>Usuario:<\/strong> Administrator<\/li>\n <li><strong>Contrase\u00f1a:<\/strong> [La configurada durante el provisionamiento]<\/li>\n <\/ul>\n <\/li>\n <li>Reiniciar cuando se solicite<\/li>\n <\/ol>\n \n <h3>5.3 Instalaci\u00f3n de Herramientas Administrativas (RSAT)<\/h3>\n \n <div class=\"info-box\">\n <h4>En Windows 10:<\/h4>\n <ol>\n <li><strong>Configuraci\u00f3n<\/strong> \u2192 <strong>Aplicaciones<\/strong> \u2192 <strong>Caracter\u00edsticas opcionales<\/strong><\/li>\n <li><strong>Agregar una caracter\u00edstica<\/strong><\/li>\n <li>Buscar e instalar:\n <ul>\n <li>RSAT: Active Directory Domain Services and Lightweight Directory Services Tools<\/li>\n <li>RSAT: Group Policy Management Tools<\/li>\n <li>RSAT: DNS Server Tools<\/li>\n <\/ul>\n <\/li>\n <\/ol>\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udd10 Fase 6: Administraci\u00f3n Avanzada con Windows 10<\/h2>\n \n <h3>6.1 Gesti\u00f3n de Usuarios desde Windows<\/h3>\n \n <div class=\"feature-grid\">\n <div class=\"feature-card\">\n <span class=\"icon\">\ud83d\udc64<\/span>\n <h4>Crear usuarios<\/h4>\n <p>Abrir <strong>Usuarios y equipos de Active Directory<\/strong> \u2192 Navegar a la OU deseada \u2192 Hacer clic derecho \u2192 <strong>Nuevo<\/strong> \u2192 <strong>Usuario<\/strong><\/p>\n <\/div>\n \n <div class=\"feature-card\">\n <span class=\"icon\">\ud83d\udc65<\/span>\n <h4>Gesti\u00f3n de Grupos<\/h4>\n <p>Crear grupos de seguridad y distribuci\u00f3n con diferentes \u00e1mbitos (Global, Universal, Local de dominio)<\/p>\n <\/div>\n \n <div class=\"feature-card\">\n <span class=\"icon\">\ud83d\udee1\ufe0f<\/span>\n <h4>Pol\u00edticas de Grupo<\/h4>\n <p>Configurar GPOs para seguridad, restricciones de escritorio y pol\u00edticas de contrase\u00f1as<\/p>\n <\/div>\n \n <div class=\"feature-card\">\n <span class=\"icon\">\ud83c\udf10<\/span>\n <h4>Administraci\u00f3n DNS<\/h4>\n <p>Gestionar zonas directas e inversas, crear registros A, CNAME, MX<\/p>\n <\/div>\n <\/div>\n \n <h3>6.2 Configuraci\u00f3n de Pol\u00edticas de Grupo (GPO)<\/h3>\n \n <div class=\"tip-box\">\n <h4>\ud83d\udca1 Crear nueva GPO:<\/h4>\n <ol>\n <li>Abrir <strong>Administraci\u00f3n de directivas de grupo<\/strong><\/li>\n <li>Hacer clic derecho en el dominio \u2192 <strong>Crear un GPO en este dominio y vincularlo aqu\u00ed<\/strong><\/li>\n <li><strong>Nombre:<\/strong> “Pol\u00edtica de Seguridad B\u00e1sica”<\/li>\n <\/ol>\n <\/div>\n \n <table class=\"config-table\">\n <thead>\n <tr>\n <th>Pol\u00edtica<\/th>\n <th>Configuraci\u00f3n Recomendada<\/th>\n <th>Ubicaci\u00f3n<\/th>\n <\/tr>\n <\/thead>\n <tbody>\n <tr>\n <td>Longitud m\u00ednima de contrase\u00f1a<\/td>\n <td>8 caracteres<\/td>\n <td>Configuraci\u00f3n del equipo \u2192 Directivas \u2192 Configuraci\u00f3n de Windows \u2192 Configuraci\u00f3n de seguridad<\/td>\n <\/tr>\n <tr>\n <td>Complejidad de contrase\u00f1a<\/td>\n <td>Habilitada<\/td>\n <td>Directivas de cuenta \u2192 Directiva de contrase\u00f1as<\/td>\n <\/tr>\n <tr>\n <td>Vigencia m\u00e1xima<\/td>\n <td>90 d\u00edas<\/td>\n <td>Directivas de cuenta \u2192 Directiva de contrase\u00f1as<\/td>\n <\/tr>\n <tr>\n <td>Umbral de bloqueo<\/td>\n <td>5 intentos<\/td>\n <td>Directivas de cuenta \u2192 Directiva de bloqueo<\/td>\n <\/tr>\n <\/tbody>\n <\/table>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udcc1 Fase 7: Configuraci\u00f3n del Servidor de Archivos (VM2)<\/h2>\n \n <h3>7.1 Preparaci\u00f3n de la Segunda VM<\/h3>\n \n <div class=\"architecture-grid\">\n <div class=\"arch-card\">\n <h4>\ud83d\udcbe Especificaciones<\/h4>\n <ul>\n <li><strong>SO:<\/strong> Debian 12 (m\u00ednima)<\/li>\n <li><strong>RAM:<\/strong> 4GB<\/li>\n <li><strong>Disco:<\/strong> Seg\u00fan necesidades<\/li>\n <li><strong>Red:<\/strong> IP est\u00e1tica<\/li>\n <\/ul>\n <\/div>\n \n <div class=\"arch-card\">\n <h4>\ud83d\udd27 Instalaci\u00f3n<\/h4>\n <div class=\"command\">\nsudo apt install samba cifs-utils realmd sssd-tools\n <\/div>\n <\/div>\n <\/div>\n \n <h3>7.2 Unir al Dominio<\/h3>\n <div class=\"command\">\n# Unirse al dominio<br>\nsudo realm join MIEMPRESA.LOCAL -U Administrator<br><br>\n# Verificar uni\u00f3n<br>\nsudo realm list\n <\/div>\n \n <h3>7.3 Configurar Compartimientos<\/h3>\n <div class=\"code-block\">\n[compartido]\n path = \/srv\/samba\/compartido\n browseable = yes\n read only = no\n force create mode = 0660\n force directory mode = 2770\n valid users = @”MIEMPRESA\\Domain Users”\n \n[administracion]\n path = \/srv\/samba\/administracion\n browseable = yes\n read only = no\n force create mode = 0660\n force directory mode = 2770\n valid users = @”MIEMPRESA\\Administracion”\n <\/div>\n <\/div>\n\n <div class=\"phase-card\">\n <h2>\ud83d\udd27 Fase 8: Mantenimiento y Monitoreo<\/h2>\n \n <h3>8.1 Script de Respaldo Autom\u00e1tico<\/h3>\n <div class=\"code-block\">\n#!\/bin\/bash\n# \/usr\/local\/bin\/backup-samba.sh\n\nBACKUP_DIR=”\/backup\/samba”\nDATE=$(date +%Y%m%d_%H%M%S)\n\n# Crear directorio de respaldo\nmkdir -p $BACKUP_DIR\n\n# Respaldar base de datos de Samba\nsamba-tool domain backup online –targetdir=$BACKUP_DIR\/db_$DATE\n\n# Respaldar configuraci\u00f3n\ntar -czf $BACKUP_DIR\/config_$DATE.tar.gz \/etc\/samba\/ \/etc\/krb5.conf\n\n# Limpiar respaldos antiguos (mantener 7 d\u00edas)\nfind $BACKUP_DIR -type f -mtime +7 -delete\n\necho “Respaldo completado: $DATE”\n <\/div>\n \n <h3>8.2 Programar Respaldo Diario<\/h3>\n <div class=\"command\">\nsudo crontab -e<br>\n# Agregar l\u00ednea:<br>\n0 2 * * * \/usr\/local\/bin\/backup-samba.sh\n <\/div>\n \n <h3>8.3 Comandos de Monitoreo<\/h3>\n <div class=\"command\">\n# Estado de servicios<br>\nsystemctl status samba-ad-dc<br><br>\n# Replicaci\u00f3n de AD<br>\nsamba-tool drs showrepl<br><br>\n# Logs de Samba<br>\ntail -f \/var\/log\/samba\/log.samba\n <\/div>\n <\/div>\n\n <div class=\"troubleshooting\">\n <h2>\ud83d\udea8 Resoluci\u00f3n de Problemas Comunes<\/h2>\n \n <h3>Problemas de DNS<\/h3>\n <div class=\"command\">\n# Verificar configuraci\u00f3n DNS<br>\nnslookup miempresa.local 127.0.0.1<br>\nnslookup dc01.miempresa.local 127.0.0.1<br><br>\n# Reiniciar servicio DNS<br>\nsudo systemctl restart samba-ad-dc\n <\/div>\n \n <h3>Problemas de Autenticaci\u00f3n<\/h3>\n <div class=\"command\">\n# Verificar sincronizaci\u00f3n de tiempo<br>\nsudo ntpdate -s time.nist.gov<br><br>\n# Limpiar cache de Kerberos<br>\nsudo kdestroy<br><br>\n# Regenerar tickets<br>\nkinit Administrator@MIEMPRESA.LOCAL\n <\/div>\n <\/div>\n\n <div class=\"info-box\">\n <h2>\ud83d\udcca Puertos Utilizados por Active Directory<\/h2>\n \n <table class=\"config-table\">\n <thead>\n <tr>\n <th>Puerto<\/th>\n <th>Protocolo<\/th>\n <th>Servicio<\/th>\n <\/tr>\n <\/thead>\n <tbody>\n <tr><td>53<\/td><td>TCP\/UDP<\/td><td>DNS<\/td><\/tr>\n <tr><td>88<\/td><td>TCP\/UDP<\/td><td>Kerberos<\/td><\/tr>\n <tr><td>135<\/td><td>TCP<\/td><td>RPC Endpoint Mapper<\/td><\/tr>\n <tr><td>139<\/td><td>TCP<\/td><td>NetBIOS Session Service<\/td><\/tr>\n <tr><td>389<\/td><td>TCP\/UDP<\/td><td>LDAP<\/td><\/tr>\n <tr><td>445<\/td><td>TCP<\/td><td>SMB over TCP<\/td><\/tr>\n <tr><td>464<\/td><td>TCP\/UDP<\/td><td>Kerberos kpasswd<\/td><\/tr>\n <tr><td>636<\/td><td>TCP<\/td><td>LDAPS<\/td><\/tr>\n <tr><td>3268<\/td><td>TCP<\/td><td>Global Catalog<\/td><\/tr>\n <tr><td>3269<\/td><td>TCP<\/td><td>Global Catalog over SSL<\/td><\/tr>\n <\/tbody>\n <\/table>\n <\/div>\n\n <div class=\"success-box\">\n <h2>\ud83c\udf89 Conclusi\u00f3n<\/h2>\n <p>Este manual proporciona una gu\u00eda completa para implementar un controlador de dominio robusto y escalable usando Samba AD DC en Debian 12. La arquitectura separada entre controlador de dominio y servidor de archivos permite un mantenimiento eficiente y respaldos r\u00e1pidos.<\/p>\n \n <h3>\ud83c\udf1f Caracter\u00edsticas del proyecto implementado:<\/h3>\n <ul>\n <li>\u2705 Controlador de dominio completamente funcional<\/li>\n <li>\u2705 Compatible con clientes Windows<\/li>\n <li>\u2705 Administraci\u00f3n remota desde Windows 10<\/li>\n <li>\u2705 Arquitectura escalable y mantenible<\/li>\n <li>\u2705 Respaldos eficientes<\/li>\n <li>\u2705 Monitoreo y resoluci\u00f3n de problemas<\/li>\n <li>\u2705 Soporte extendido hasta 2028 (Debian 12)<\/li>\n <\/ul>\n \n <p>El sistema est\u00e1 preparado para un uso productivo a largo plazo con el soporte extendido de Debian 12.<\/p>\n <\/div>\n <\/div>\n <\/div>\n<\/body>\n<\/html>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Manual Completo: Controlador de Dominio Samba AD DC \ud83d\udcda Manual Completo: Controlador de Dominio Samba AD DC Implementaci\u00f3n en Debian 12 con Administraci\u00f3n desde Windows 10 \ud83c\udfaf Introducci\u00f3n Este manual describe la instalaci\u00f3n completa de un Controlador de Dominio Principal (PDC) usando Samba Active Directory Domain Controller en Debian 12, junto con la administraci\u00f3n desde […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-3921","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages\/3921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/comments?post=3921"}],"version-history":[{"count":10,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages\/3921\/revisions"}],"predecessor-version":[{"id":3933,"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/pages\/3921\/revisions\/3933"}],"wp:attachment":[{"href":"https:\/\/servisistemas.com.co\/servicios-para-redes-computadores\/wp-json\/wp\/v2\/media?parent=3921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}