SWL Network (III): Debian Wheezy da ClearOS. LDAP Tantance kalmar sirri

Barka dai abokai !. Za mu yi hanyar sadarwa tare da kwamfutocin tebur da yawa, amma a wannan lokacin tare da Debian 7 "Wheezy" Operating System. A matsayin sa na uwar garke ya KYAUTA. A matsayin bayanai, bari mu lura da wannan aikin Debian-Edu yi amfani da Debian akan sabar ka da kuma wuraren aiki. Kuma wannan aikin yana koya mana kuma yana sauƙaƙa kafa cikakken makaranta.

Yana da mahimmanci a karanta kafin:

• Gabatarwa ga hanyar sadarwa tare da Software na Kyauta (I): Gabatarwar ClearOS

Za mu gani:

• Misali na hanyar sadarwa
• Muna saita abokin ciniki na LDAP
• Fayil din sanyi da aka kirkira da / ko aka gyara
• Fayil din /etc/ldap/ldap.conf

Misali na hanyar sadarwa

• Mai Kula da Yanki, DNS, DHCP, OpenLDAP, NTP: Kamfanin ClearOS 5.2sp1.
• Sunan Mai Kulawa: tsakiya
• Sunan Yanki: abokai.cu
• Mai sarrafa IP: 10.10.10.60
• ---------------
• Siffar Debian: Haushi.
• Sunan kungiya: debian 7
• Adireshin IP: Amfani da DHCP
  

Muna saita abokin ciniki na LDAP

Dole ne mu sami bayanan sabar OpenLDAP a hannu, wanda muke samu daga shafin yanar gizon gudanarwa na ClearOS a cikin «Littafin Adireshi »->« Domain da LDAP":

LDAP Base DN: dc = abokai, dc = cu LDAP Bind DN: cn = manajan, cn = na ciki, dc = abokai, dc = cu LDAP Bind Kalmar wucewa: kLGD + Mj + ZTWzkD8W

Mun shigar da fakitin larura. Kamar yadda mai amfani tushen muna aiwatarwa:

ƙwarewa shigar libnss-ldap nscd yatsa

Lura cewa fitowar umarnin baya ya hada da kunshin libpam-ldap. Yayin aiwatar da kafuwa zasu yi mana tambayoyi da yawa, waɗanda dole ne mu amsa su daidai. Amsoshin zasu kasance game da wannan misalin:

LDAP uwar garken URI: ldap: //10.10.10.60
Fitaccen suna (DN) na tushen bincike: dc = abokai, dc = cu
LDAP sigar don amfani: 3
Asusun LDAP don tushe: cn = manajan, cn = na ciki, dc = abokai, dc = cu
Kalmar wucewa don tushen LDAP: kLGD + Mj + ZTWzkD8W

Yanzu ya sanar da cewa fayil din /etc/nsswitch.conf ba a sarrafa shi ta atomatik, kuma dole ne mu canza shi da hannu. Shin kuna son ba da damar asusun mai gudanarwa na LDAP yayi aiki kamar mai gudanarwa na gida?: Si
Shin ana buƙatar mai amfani don samun damar bayanan LDAP?: A'a
Asusun mai kula da LDAP: cn = manajan, cn = na ciki, dc = abokai, dc = cu
Kalmar wucewa don tushen LDAP: kLGD + Mj + ZTWzkD8W

Idan ba mu yi kuskure ba a cikin amsoshin da suka gabata, za mu aiwatar a matsayin mai amfani tushen:

dpkg-sake tsara libnss-ldap
dpkg-sake saita libpam-ldap

Kuma muna amsa daidai tambayoyin da aka tambaya a baya, tare da ƙarin tambayar kawai:

Algorithm na ɓoye na gida don amfani dashi don kalmomin shiga: md5

Ojo lokacin bada amsa saboda ƙimar tsoho da aka bamu shine Kirkiro, kuma dole ne mu bayyana cewa hakan ne md5. Hakanan yana nuna mana allo a cikin yanayin wasan bidiyo tare da fitowar umarnin pam-auth-sabuntawa kashe kamar yadda tushen, wanda dole ne mu yarda da shi.

Mun gyara fayil din /etc/nsswitch.conf, kuma mun bar shi tare da abubuwan da ke tafe:

# /etc/nsswitch.conf # # Misalin daidaitawar GNU Sunan Sabis na Canja aiki. # Idan kuna da 'fakitin glibc-doc-reference' da 'info' kunshe, ku gwada: # 'info libc' 'Canja Sabis na Suna' 'don bayani game da wannan fayil ɗin. passwd:         mai dacewa ldap
rukuni:          mai dacewa ldap
inuwa:         mai dacewa ldap

rundunoni: fayiloli mdns4_minimal [NOTFOUND = dawo] dns mdns4 cibiyoyin sadarwa: ladabi na fayiloli: db sabis ayyuka: db fayiloli ethers: db files rpc: db fayiloli netgroup: nis

Mun gyara fayil din /etc/pam.d/ haduwa- don ƙirƙirar aljihunan masu amfani lokacin da suke shiga idan babu su:

[---]
zaman da ake buƙata pam_mkhomedir.so skel = / sauransu / skel / umask = 0022

### Dole ne a hada layin da ke sama KAFIN
# a nan akwai matakan kunshin-kunshin (maɓallin "Firamare") [----]

Muna aiwatarwa a cikin na'ura mai kwakwalwa a matsayin mai amfani tushen, Kawai Don Dubawa, pam-auth-sabuntawa:

Mun sake kunna sabis nscd, kuma muna yin cak:

: ~ # sake kunnawa nscd service
[ok] Sake kunnawa Sabis ɗin Sabis na Daemon: nscd. : ~ # yatsun kafa
Shiga ciki: masu motsa Sunan: Strides El Rey Directory: / gida / masu tafiya Shell: / bin / bash Ba a taɓa shiga ba. Babu wasiku Babu shiri. : ~ # samun hanyoyin wucewa
Strides: x: 1006: 63000: Strides El Rey: / gida / masu tafiya: / bin / bash: ~ # samun passwd legolas
legolas: x: 1004: 63000: Legolas The Elf: / gida / legolas: / bin / bash

Muna gyara manufar sake haɗi tare da sabar OpenLDAP.

Muna shirya azaman mai amfani tushen kuma a hankali, fayil din /etc/libnss-ldap.conf. Muna neman kalmar «wuya«. Muna cire bayanin daga layin #daure_kasuwa da wuya kuma mun barshi kamar haka: ɗaure_kasuwa.

Irin canjin da aka ambata a baya, muna sanya shi a cikin fayil ɗin /etc/pam_ldap.conf.

Sauye-sauyen da ke sama suna kawar da saƙonni da yawa da suka danganci LDAP yayin taya kuma a lokaci guda sanya shi sauri (tsarin taya).

Mun sake farawa Wheezy saboda canje-canjen da aka yi suna da mahimmanci:

: ~ # sake yi

Bayan sake sakewa, zamu iya shiga tare da kowane mai amfani da aka yi rijista a cikin ClearOS OpenLDAP.

Mun bada shawara cewa to wadannan an yi:

• Sanya masu amfani na waje memba na ƙungiyoyi ɗaya kamar mai amfani na gida wanda aka ƙirƙira yayin shigarwar Debian ɗin mu.
• Yin amfani da umarnin amintacce, kashe kamar yadda tushen, ba da izinin izini na dole ga masu amfani da waje.
• Createirƙiri alamar shafi tare da adireshin https://centos.amigos.cu:81/?user en iceweasel, don samun damar shiga shafin sirri a cikin ClearOS, inda zamu iya canza kalmar sirri ta sirri.
• Shigar da OpenSSH-Server -idan ba mu zabi shi ba lokacin shigar da tsarin- don samun damar shiga Debian dinmu daga wata kwamfutar.

Fayil din sanyi da aka kirkira da / ko aka gyara

Batun LDAP yana buƙatar karatu mai yawa, haƙuri da gogewa. Na karshe ba ni da shi. Muna ba da shawarar sosai kan fakitin libnss-ldap y libpam-ldap, A cikin hali na wani manual gyara da cewa yana sa da Tantance kalmar sirri don daina aiki, a reconfigured daidai yin amfani da umurnin dpkg-sake saitawa, hakan yana haifar da DEBCONF.

Fayil ɗin sanyi masu alaƙa sune:

• /etc/libnss-ldap.conf
• /etc/libnss-ldap.asiri
• /etc/pam_ldap.conf
• /etc/pam_ldap.asiri
• /etc/nsswitch.conf
• /etc/pam.d/ haduwa-dawa

Fayil din /etc/ldap/ldap.conf

Ba mu taɓa wannan fayil ɗin ba tukuna. Koyaya, tabbatarwa tana aiki daidai saboda daidaiton fayilolin da aka lissafa a sama da daidaitaccen PAM wanda aka samar pam-auth-sabuntawa. Koyaya, dole ne mu saita shi yadda yakamata. Yana sauƙaƙa amfani da umarni kamar ldapsearch, wanda aka bayar ta kunshin Ldap-kayan aiki. Configurationarin daidaitawa zai zama:

BASE dc = abokai, dc = cu URI ldap: //10.10.10.60 SIZELIMIT 12 TIMELIMIT 15 DEREF ba

Zamu iya bincika idan sabar OpenLDAP na ClearOS yayi aiki daidai, idan muka aiwatar a cikin na'ura mai kwakwalwa:

ldapsearch -d 5 -L "(objectclass = *)"

Umurnin fitarwa yana da yawa. 🙂

Ina son Debian! Kuma an gama aikin yau, Abokai !!!