PAM, NIS, LDAP, Kerberos, DS me Samba 4 AD-DC - SMB Networks

Taupū whanui o te raupapa: Tuihono Rorohiko mo nga SME: Whakataki

Kia ora e hoa ma, e hoa ma!

Me tenei tuhinga ka mea atu ahau Kia ora koutou ki te Hapori MaiLinux. He poroporoaki motuhake mo tetahi Hapori Motuhake. Mai i tenei wa ka uru atu au ki taku kaupapa ake ka taea e koe te mohio http://www.gigainside.com.

Ko te kaupapa matua o te pou ko te tuku i te «Whakaahua nui»Mo nga Ratonga Motuhake me nga Raupaparorohiko Koreutu kei a maatau nei. Ko te mea ke ko ta maatau hiahia. No reira ka roa, ahakoa e mohio ana taatau kei te poka ke i nga ture whanui o te tuhi tuhinga. Ko te tumanako i paingia e nga Kaiwhakahaere Punaha.

E hiahia ana matou ki te tohu ko te kawa noa ki te nuinga o nga punaha whakamana hou ko te LDAP, ana kaore i te mangere ki te ata tirotiro i nga korero, mai i nga tuhinga ako ka kitea i runga i te papaanga mana http://www.openldap.org/.

Kaore maatau e whakaatu whakamaarama taipitopito - nga hononga ranei - mo nga waahanga kua kapi i nga tuhinga o mua, mo nga waahanga ranei e ngawari ana te uru ki Wikipedia me etahi atu papaanga, tuhinga ranei i runga i te Ipurangi, kia kore ai e ngaro te kaupapa o te korero e hiahia ana tatou hoatu. Ka whakamahia hoki e matou he momo whakauru ingoa i roto i te Ingarihi me te Paniora, i te mea e whakaaro ana maatau ko te nuinga o nga punaha i whanau mai me nga ingoa i te reo Ingarihi, a he tino painga mo te Sysadmin ki te whakauru i a raatau ki ta raatau reo taketake..

  • WFP: Kōwae Motuhake Motuhake
  • NIS: Whatunga_Information_Service.
  • LDAP: Kawa Uru Whaiaronga Kōmāmā.
  • Kerberos: He kawa ahuru ki te whakamana i nga kaiwhakamahi, rorohiko me nga ratonga kei runga tonu i te whatunga, te whakaatu i o raatau tohu ki nga whakaurunga o te Kerberos.
  • DS: Tūmau Whaiaronga Ratonga Whaiaronga ranei
  • AD-DC: Whaiaronga Hohe - Kaiwhakahaere Rohe

Taurangi

WFP

Ka whakatapua e maatau tetahi waahanga iti mo tenei momo whakatuturutanga o te rohe, ka kite koe i nga mahi o ia ra e whakamahia whanui ana inaia, hei tauira, ka uru atu matou ki tetahi waahanga mahi ki te Kaiwhakahaere Rohe te Whaiaronga Hohe ranei; ki te whakamahere i nga kaiwhakamahi kei te rongoa i nga papaanga korero LDAP o waho me te mea he kaiwhakamahi o te rohe; ki te whakamahere i nga kaiwhakamahi kua penapena ki te Roopu Whakahaere o tetahi Whaiaronga Hohe me te mea he kaiwhakamahi o te rohe, me era atu.

NIS

De Wikipedia:

  • Ko te Punaha Whakamaarama Whatunga (e mohiotia ana e tona ingoa NIS, me te tikanga Paniora ko te Whatunga Papatono Whatunga), te ingoa o te kawa-tohu ratonga a te kaihoko-kaitoha i hangaia e Sun Microsystems mo te tuku i nga raraunga whirihora i nga punaha tohatoha penei i nga ingoa o nga kaiwhakamahi me nga kaitautoko i waenga i nga rorohiko i runga i te whatunga.Ko te NIS e hangai ana ki te ONC RPC, ana ko te kaituku, ko te wharepukapuka taha-kiritaki, me nga taputapu whakahaere.

    Ko te NIS i tapaina tuatahihia ko nga Wharangi kowhai, ko te YP ranei, e whakamahia tonutia ana hei toro atu ki a ia. Heoi, ko taua ingoa he tohu tohu na te British Telecom, e kii ana kia whakataka e Sun tena ingoa. Heoi ko te YP he kuhimua i nga ingoa o te nuinga o nga whakahau e pa ana ki te NIS, penei i te ypserv me te ypbind.

    He maha nga korero e whakawhiwhia ana e DNS, ko te mea nui ko te reta i waenga i te ingoa kōpuku me te wāhitau IP. Mo etahi atu momo korero, kaore he ratonga penei. I tetahi atu, mena ka whakahaere noa koe i tetahi LAN iti kaore he hononga Ipurangi, kaore e pai ki te whakatuu DNS. Koinei te take i whakawhanakehia ai e Sun te punaha korero korero (NIS). Ka whakawhiwhia e te NIS nga papanga uru uru whanui ka taea te whakamahi hei tohatoha, hei tauira, nga korero kei roto i te passwd me te whakaropu i nga konae ki nga kōpuku katoa o to whatunga. He penei te ahua o te whatunga ki te punaha kotahi, he rite nga kaute ki runga i nga kohinga katoa. Waihoki, ka taea te whakamahi i te NIS ki te tohatoha i nga korero ingoa ingoa node kei roto / etc / manaaki ki nga miihini katoa i te whatunga.

    I tenei ra kei te waatea te NIS i nga tohatoha Unix katoa, ana kei konaa nga tono koreutu. I whakaputahia e te BSD Net-2 tetahi mea i ahu mai i te whakamahinga tohutoro rohe a te iwi i koha e Sun. Ko te waehere wharepukapuka mo te waahanga o te kaitono o tenei putanga he wa roa kei roto i te GNU / Linux libc mo te wa roa, ana ko nga kaupapa whakahaere i tukuna ki a GNU / Linux e Swen Thümmler. Heoi, kei te ngaro tetahi kaiwhakarato NIS mo te whakamahinga tohutoro.

    Kua whanaketia e Peter Eriksson he whakatinanatanga hou e kiia ana ko NYS. Ka tautokohia te NIS taketake me te waahanga whakarei o Sun NIS +. [1] Kaore i te NYS te whakarato i nga taputapu NIS maha me te kaituku, engari kei te taapirihia he waahanga hou o nga mahi wharepukapuka e hiahia ana koe ki te whakakao ki to riiki mena e hiahia ana koe ki te whakamahi. Kei roto i tenei he mahere whirihoranga hou mo te whakatau i te ingoa kōpuku hei whakakapi i te kaupapa o nāianei e whakamahia ana e te konae "host.conf".

    Ko te libc GNU, e mohiotia ana ko te libc6 i roto i te hapori GNU / Linux, kei roto i te waahanga whakahou o te tautoko NIS tuku iho na Thorsten Kukuk i tuku. Ka tautokohia nga mahinga wharepukapuka katoa na NYS, ka whakamahi hoki i te kaupapa whirihora NYS. Ko nga taputapu me te kaituku mahi e hiahiatia tonu ana, engari ma te whakamahi i te GNU libc ka penapena i nga mahi taapiri me te whakakii i te whare pukapuka.

    .

Ingoa rorohiko me te ingoa rohe, atanga whatunga me te taumira

  • Ka tiimata mai i tetahi waahanga maamaa-kaore he atanga whakairoiro- o te Debian 8 "Jessie". Ko te rohe swl.fan te tikanga "Nga Kaihauturu o te Rorohiko Koreutu." He aha te ingoa pai ake i tenei?.
pakiaka @ rangatira: ~ # ingoa rangatira
ariki
pakiaka @ rangatira: ~ # ingoa rangatira -f
rangatira.swl.fan

pakiaka @ rangatira: ~ # ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN roopu taunoa hono hono / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 host range range lo valid_lft forever prefer_lft forever inet6 :: 1/128 kaitautoko kaiwhakauru whai mana_lft ake ake manakohia_lft ake ake 2: eth0: mtu 1500 qdisc pfifo_fast state UP roopu taunoa qlen 1000 hono / ether 00: 0c: 29: 4c: 76: d9 brd ff: ff: ff: ff: ff: ff inet 192.168.10.5/24 brd 192.168.10.255 whanui ao eth0 valid_lft ake ake prefer_lft ake tonu inet6 fe80 :: 20c: 29ff: fe4c: 76d9 / 64 hono whanui valid_lft ake ake manakohia_lft ake ake

pakiaka @ rangatira: ~ # ngeru /etc/resolv.conf 
rapu swl.fan nameserver 127.0.0.1

Te whakauru i te bind9, isc-dhcp-server me te ntp

here9

pakiaka @ rangatira: ~ # aptitude install bind9 bind9-tuhinga Tuhinga
pakiaka @ rangatira: ~ # systemctl status bind9

pakiaka @ rangatira: ~ # nano /etc/bind/named.conf
whakauruhia "/etc/bind/named.conf.options"; whakauruhia "/etc/bind/named.conf.local"; whakauruhia "/etc/bind/named.conf.default-zones";

pakiaka @ rangatira: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original

pakiaka @ rangatira: ~ # nano /etc/bind/named.conf.options
kōwhiringa {whaiaronga "/ var / cache / bind"; // Mena he papangaahi kei waenga i a koe me nga kaitohu ingoa e hiahia ana koe // ki te korero, me whakatika pea e koe te pātūahi kia taea ai e te maha / nga tauranga te korero. Tirohia http://www.kb.cert.org/vuls/id/800113

        // Mena i whakawhiwhia e to ISP tetahi neke atu ranei o nga wahitau IP mo te // nameservers pumau, ka hiahia pea koe ki te whakamahi hei kaiwhakariterite. // Whakakorea te poraka e whai ake nei, ka whakauruhia nga wahitau hei whakakapi i te // -whainga-a-katoa. // forwarders {// 0; //}; // =________________________________________________________ =================) $ // Mena ka takahia e nga BIND he hapa he korero mo te matua pakiaka kua pau, // me whakahou i o ki. Tirohia https://www.isc.org/bind-keys
        // =________________________________________________________ = =================== $ // Kare matou e hiahia ki te DNSSEC
        dnssec-whakahohea kore;
        // dnssec-validation auto; auth-nxdomain kore; # rite ki RFC1035 whakarongo-i-v6 {tetahi; }; // Mo nga tirotiro mai i te localhost me te sysadmin // ma te dig swl.fan axfr // Kaore o maatau pononga DNS ... tae noa ki tenei wa
        tukua-whakawhiti {localhost; 192.168.10.1; };
}; pakiaka @ rangatira: ~ # ingoa-haki

pakiaka @ rangatira: ~ # nano /etc/bind/zones.rfcFreeBSD
// Mokowā Wāhi Tiritahi (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Hononga-rohe / APIPA (RFC 3927, 5735 me 6303)
rohe "254.169.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// Nga tohu kawa IETF (RFC 5735 me 5736)
rohe "0.0.192.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// TEST-NET- [1-3] mo te Tuhinga (RFC 5735, 5737 me 6303)
rohe "2.0.192.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "100.51.198.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "113.0.203.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IPv6 Tauira Tauira mo te Tuhinga (RFC 3849 me 6303)
rohe "8.bd0.1.0.0.2.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// Nga Ingoa Rohe mo te Tuhinga me te Whakamatau (BCP 32)
rohe "whakamātautau" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "tauira" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "muhu" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "example.com" {momo momo; konae "/etc/bind/db.empty"; }; rohe "example.net" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "example.org" {momo momo; konae "/etc/bind/db.empty"; };

// Whakamatau Tohu Waitohu Paerewa (RFC 2544 me 5735)
rohe "18.198.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "19.198.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IANA Rahui - Waahi Akomanga E Tawhito (RFC 5735)
rohe "240.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "241.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "242.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "243.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "244.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "245.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "246.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "247.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "248.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "249.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "250.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "251.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "252.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "253.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "254.in-addr.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IPv6 Wāhitau Kore Waitohungia (RFC 4291)
rohe "1.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "3.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "4.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "5.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "6.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "7.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "8.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "9.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "a.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "b.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "c.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "d.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "e.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "0.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "1.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "2.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "3.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "4.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "5.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "6.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "7.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "8.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "9.f.ip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "afip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "bfip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "0.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "1.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "2.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "3.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "4.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "5.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "6.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "7.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IPv6 ULA (RFC 4193 me 6303)
rohe "CFip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "dfip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IPv6 Hononga Paetata (RFC 4291 me 6303)
rohe "8.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "9.efip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "aefip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "befip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IPv6 Nga Wāhitau Paetata-Paetata Whakakorea (RFC 3879 me 6303)
rohe "cefip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "defip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "eefip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; }; rohe "fefip6.arpa" {momo rangatira; konae "/etc/bind/db.empty"; };

// IP6.INT kua Tangohia (RFC 4159)
rohe "ip6.int" {momo rangatira; konae "/etc/bind/db.empty"; };

pakiaka @ rangatira: ~ # nano /etc/bind/named.conf.local
// // Mahia he whirihoranga rohe i konei // // Whakaarohia te taapiri i nga rohe o te 1918 ki konei, ki te kore e whakamahia i roto i to // whakahaere whakauru "/etc/bind/zones.rfc1918";
whakauruhia "/etc/bind/zones.rfcFreeBSD";

// Whakapuakanga o te ingoa, te momo, te waahi, me te whakaaetanga whakahou // o nga Rohe Puka DNS DNS // Ko nga Rohe e rua he MASTER rohe "swl.fan" {momo rangatira; konae "/var/lib/bind/db.swl.fan"; }; rohe "10.168.192.in-addr.arpa" {momo rangatira; konae "/var/lib/bind/db.10.168.192.in-addr.arpa"; };

pakiaka @ rangatira: ~ # ingoa-haki

pakiaka @ rangatira: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ IN SOA rangatira.swl.fan. pakiaka.master.swl.fan. (1; 1D rangatū; tāmata 1H; ngana anō 1W; pau te 3H); iti rawa ranei; Te wa tirotiro kino kino hei oranga; @ IN NS rangatira.swl.fan. @ IN MX 10 mēra.swl.fan. @ IN A 192.168.10.5 @ IN TXT "Mo nga Kaihauturu Raupaparorohiko Koreutu"; sysadmin IN A 192.168.10.1 fileserver IN A 192.168.10.4 rangatira IN A 192.168.10.5 proxyweb IN A 192.168.10.6 blog IN A 192.168.10.7 ftpserver IN A 192.168.10.8 mail IN A 192.168.10.9

pakiaka @ rangatira: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ IN SOA rangatira.swl.fan. pakiaka.master.swl.fan. (1; 1D rangatū; tāmata 1H; ngana anō 1W; pau te 3H); iti rawa ranei; Te wa tirotiro kino kino hei oranga; @ IN NS rangatira.swl.fan. ; 1 IN PTR sysadmin.swl.fan. 4 IN PTR fileserver.swl.fan. 5 IN PTR rangatira.swl.fan. 6 IN PTR takawaenga.swl.fan. 7 IN PTR blog.swl.fan. 8 IN PTR ftpserver.swl.fan. 9 IN PTR mēra.swl.fan.

pakiaka @ rangatira: ~ # ingoa-takiuru swl.fan /var/lib/bind/db.swl.fan
rohe swl.fan/IN: utaina rangatū 1 OK
pakiaka @ rangatira: ~ # ingoa-tirohia te rohe 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
rohe 10.168.192.in-addr.arpa/IN: utaina rangatū 1 OK

pakiaka @ rangatira: ~ # ingoa-haki -zp
pakiaka @ rangatira: ~ # systemctl ka tiimata i te bind9.service
pakiaka @ rangatira: ~ # systemctl status bind9.service

Bind9 nga arowhai

pakiaka @ rangatira: ~ # keri swl.fan axfr
pakiaka @ rangatira: ~ # keri 10.168.192.in-addr.arpa axfr
pakiaka @ rangatira: ~ # keri IN SOA swl.fan
pakiaka @ rangatira: ~ # keri IN NS swl.fan
pakiaka @ rangatira: ~ # keri IN MX swl.fan
pakiaka @ rangatira: ~ # proxyweb host root @ rangatira: ~ # nping --tcp -p 53 -c 3 localhost
pakiaka @ rangatira: ~ # nping --udp -p 53 -c 3 localhost
pakiaka @ rangatira: ~ # nping --tcp -p 53 -c 3 rangatira.swl.fan
pakiaka @ rangatira: ~ # nping --udp -p 53 -c 3 rangatira.swl.fan
Tīmata Nping 0.6.47 ( http://nmap.org/nping ) i te 2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / A Peke mata i tukuna: 84 (0B) | RCC: 0 (3B) | Ngaro: 100.00 (1%) Kua oti: 3.01 te wahitau IP i whakairihia i te XNUMX hēkona 

isc-dhcp-tūmau

pakiaka @ rangatira: ~ # aptitude tāuta isc-dhcp-server
pakiaka @ rangatira: ~ # nano / etc / taunoa / isc-dhcp-kaituku
# I runga i ngahea atanga kia tukuna e te kaituku DHCP (dhcpd) nga tono a te DHCP? # Wehea nga atanga maha ki nga waahi, hei tauira, "eth0 eth1".
INTERFACES = "eth0"

pakiaka @ rangatira: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n Kaiwhakamahi dhcp-kī
pakiaka @ rangatira: ~ # ngeru Kdhcp-matua. +157 + 51777. rangatira 
-Tauira-matua: -1.3 Algorithm: 157 (HMAC_MD5) Kī: Ba9GVadq4vOCixjPN94dCQ == Pae: AAA = Hangaia: 20170527133656 Whakaputa: 20170527133656 Whakahohe: 20170527133656

pakiaka @ rangatira: ~ # nano dhcp.key
kī matua dhcp-kī {
        hātepe hātepe hmac-md5;
        muna "Ba9GVadq4vOCixjPN94dCQ == ";
}; pakiaka @ rangatira: ~ # whakauru -o pakiaka -g herea -m 0640 dhcp.key /etc/bind/dhcp.key root @ rangatira: ~ # whakauru -o pakiaka -g pakiaka -m 0640 dhcp.key / etc / dhcp /dhcp.key root @ rangatira: ~ # nano /etc/bind/named.conf.local
whakauruhia "/etc/bind/dhcp.key";

rohe "swl.fan" {momo rangatira; konae "/var/lib/bind/db.swl.fan";
        tukua-whakahou {key dhcp-key; };
}; rohe "10.168.192.in-addr.arpa" {momo rangatira; konae "/var/lib/bind/db.10.168.192.in-addr.arpa";
        tukua-whakahou {key dhcp-key; };
};

pakiaka @ rangatira: ~ # ingoa-haki

pakiaka @ rangatira: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
pakiaka @ rangatira: ~ # nano /etc/dhcp/dhcpd.conf
ddns-whakahou-kāhua taupua; ddns-whakahoutanga i runga i; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; waihohia nga whakahoutanga-a-kaihoko; whakahou-whakahou whakapae teka; # Akene me hiahiatia i runga i te mana o Debian; kōwhiringa ip-whakamua atu; kōwhiringa ingoa-ingoa "swl.fan"; whakauruhia "/etc/dhcp/dhcp.key"; rohe swl.fan. {tuatahi 127.0.0.1; kī dhcp-kī matua; } rohe 10.168.192.in-addr.arpa. {tuatahi 127.0.0.1; kī dhcp-kī matua; } tohatoha-whatunga hononga {subnet 192.168.10.0 netmask 255.255.255.0 {pouara whiringa 192.168.10.1; kōwhiringa subnet-mask 255.255.255.0; kōwhiringa haapurororaa-wahitau 192.168.10.255; kōwhiringa rohe-ingoa-kaitoha 192.168.10.5; kōwhiringa netbios-ingoa-kaitoha 192.168.10.5; kōwhiringa ntp-kaiwhakarato 192.168.10.5; kōwhiringa-waahi waahi 192.168.10.5; awhe 192.168.10.30 192.168.10.250; }}

pakiaka @ rangatira: ~ # dhcpd -t
Kaituku Ratonga Ipurangi Kaituku DHCP Tūmau 4.3.1 Manatu Tika 2004-2014 Kaituku Ratonga Ipurangi. Pūmau te mana. Mo nga korero, tirohia koa https://www.isc.org/software/dhcp/
Whirihora i te konae: /etc/dhcp/dhcpd.conf Kōnae Papatohu: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid

pakiaka @ rangatira: ~ # systemctl ka tiimata i te bind9.service 
pakiaka @ rangatira: ~ # systemctl status bind9.service 

pakiaka @ rangatira: ~ # systemctl tiimata te isc-dhcp-server.service
pakiaka @ rangatira: ~ # systemctl mana isc-dhcp-server.service

ntp

pakiaka @ rangatira: ~ # maramatanga ki te whakauru ntpdate
pakiaka @ rangatira: ~ # cp /etc/ntp.conf /etc/ntp.conf.original
pakiaka @ rangatira: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift tatauranga loopstats peerstats clockstats filegen loopstats file loopstats momo ra whakahohea filegen peertats file peertats momo ra whakahohea filegen clockstats konae karaka momo momo ra whakahohea te kaiwhakarato 192.168.10.1 te aukati i te -4 waehere kore tohu kore tohu -6 taunoa kod notrap nomodify nopeer noquery rāhui 127.0.0.1 rāhui :: 1 paho 192.168.10.255

pakiaka @ rangatira: ~ # systemctl tīmata anō i te ntp.service 
pakiaka @ rangatira: ~ # systemctl status ntp.service
pakiaka @ rangatira: ~ # ntpdate -u sysadmin.swl.fan
27 Mei 10:04:01 ntpdate [18769]: whakatikatika i te kaituku waa 192.168.10.1 whakaweto 0.369354 hekona

Nga arowhai o te ao mo te ntp, bind9 me te isc-dhcp-server

Mai i te Linux, BSD, Mac OS, te Matapihi ranei, tirohia ranei kua tika te tuku o te waa. Kei te whiwhi ia i tetahi wahitau IP hihiri a ko te ingoa o taua kaihauturu kua whakatauhia ma nga uiui DNS tika me te whakahoki. Hurihia te ingoa o te kaihoko ka mahi ano i nga arowhai katoa. Kaua e haere kia mohio ra koe kei te mahi tika nga ratonga kua whakauruhia mai. Mo tetahi mea i tuhia e matou nga tuhinga katoa mo DNS me DHCP i roto Tuihono Rorohiko mo nga SME.

NIS Whakauru Tūmau

pakiaka @ rangatira: ~ # aptitude show nis
Nga pakanga ki: netstd (<= 1.26) Whakaahuatanga: nga kaihoko me nga daemon mo te Ratonga Whakawhiti Whatunga (NIS) Ma tenei putea e whakarato nga taputapu hei whakarite me te pupuri i te rohe NIS. Ko te NIS, e mohiotia ana ko nga Wharangi kowhai (YP), te nuinga e whakamahia ana kia waiho nga miihini maha i roto i te whatunga ki te tohatoha i nga korero kaute, penei i te konae kupuhipa

pakiaka @ rangatira: ~ # aptitude tāuta nis
Whirihoranga Mōkī ┌─────────────────────────┤ Kore Whirihoranga ├──────────────── ──────────┐ │ Tohua te NIS "ingoa rohe" mo tenei punaha. Mena e hiahia ana koe kia noho noa tenei miihini │ │, me whakauru e koe te ingoa o te rohe │ │ NIS e hiahia ana koe ki te whakauru. │ │ │ │ Ano hoki, mena ka waiho tenei miihini hei kaituku NIS, ka taea e koe te whakauru i tetahi "ingoa ingoa" NIS hou, te ingoa ranei o tetahi rohe NIS │ │. │ │ │ │ NIS Roopu: │ │ │ │ swl.fan ________________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Ka whakaroa i a koe na te mea kaore te whirihoranga ratonga i te mea penei. Tatari koa kia oti te mahinga.

pakiaka @ rangatira: ~ # nano / etc / taunoa / nis
# He kaiwhakarato NIS taatau mena he aha te momo (uara: teka, pononga, rangatira)?
NISSERVER = rangatira

root @ master: ~ # nano /etc/ypserv.securenets # securenets Ka tautuhia e tenei konae nga mana uru ki to kaitoha NIS # mo nga kaihoko NIS (me nga kaitoha pononga - kei te whakamahia e te ypxfrd tenei # konae). Kei tenei konae netmask / takirua whatunga. # He waimarie IP ki nga kaihoko me taurite kia kotahi te # o era. # # Ka taea e te tangata te whakamahi i te kupu "manaaki" hei utu mo te netmask # 255.255.255.255. Ko nga wahitau IP anake e whakaaehia ana ki tenei konae # kaore ko nga ingoa ingoa. # # Whakaaetia te urunga mo te localhost 255.0.0.0 127.0.0.0 i nga wa katoa # Ma tenei raina e uru ai nga tangata katoa. TONO TONO! # 0.0.0.0 0.0.0.0
255.255.255.0 192.168.10.0

pakiaka @ rangatira: ~ # nano / var / yp / Makefile # Me whakakotahi e tatou te konae passwd me te konae atarangi? # MERGE_PASSWD = pono | teka
MERGE_PASSWD = pono

# Me whakakotahi e tatou te konae roopu ki te konae gshadow? # MERGE_GROUP = pono | teka
MERGE_GROUP = pono

Ka hangaia e maatau te papaarangi NIS

pakiaka @ rangatira: ~ # / usr / lib / yp / ypinit -m
I tenei wa, me hanga e maatau he raarangi o nga kaihautu ka whakahaere i nga kaiwhakarato NIS. master.swl.fan kei roto i te raarangi o nga kaiwhakarato NIS. Tena koa taapirihia nga ingoa mo etahi atu kaihautu, kotahi mo ia raina. Ka mutu ana koe ki te raarangi, patohia a . te kaitautoko ka whai ake hei taapiri: master.swl.fan ka whai ake te kaihautu hei taapiri: Ko te raarangi o nga kaitoha NIS penei: master.swl.fan Kei te tika tenei? [y / n: y] Me hiahia ratau mo etahi meneti hei hanga i nga putunga paatai ​​... hanga [1]: Te waiho i te whaiaronga '/var/yp/swl.fan' master.swl.fan kua whakatuhia hei kaiwhakahaere matua NIS . Ka taea e koe te whakahaere ypinit -s master.swl.fan i runga i te kaitoha pononga katoa.

pakiaka @ rangatira: ~ # systemctl restart nis
pakiaka @ rangatira: ~ # systemctl status nis

Ka taapirihia e maatau nga kaiwhakamahi o te rohe

pakiaka @ rangatira: ~ # adduser bilbo
Ka taapirihia te kaiwhakamahi "bilbo '... Te taapiri i te roopu hou` bilbo' (1001) ... Te taapiri i te kaiwhakamahi hou" bilbo '(1001) me te roopu` bilbo' ... Te hanga i te whaiaronga kaainga `/ home / bilbo ' ... Te kape i nga konae mai i te `/ etc / skel '... Whakauruhia te kupuhipa UNIX hou: Patohia te kupuhipa UNIX hou: passwd: kuputuhi i whakahou tika Te huri i nga korero a te kaiwhakamahi mo te bilbo Whakauruhia te uara hou, paatohia te ENTER ki te whakamahi i te taunoa Ingoa Katoa []: Bilbo Bagins Ruma Tau []: Waea Mahi []: Waea Kaainga []: Etahi []: Kei te tika nga korero? [Y / n]

pakiaka @ rangatira: ~ # adduser strides root @ master: ~ # adduser legolas

me era atu.

pakiaka @ rangatira: ~ # waewae maihao
Whakauru: legolas Ingoa: Legolas Archer Directory: / home / legolas Shell: / bin / bash Kaua rawa e uru atu. Kaore he miera. Kaore he Mahere.

Ka whakahouhia e maatau te papaarangi NIS

pakiaka @ rangatira: / var / yp # hanga
hanga [1]: Whakauru i te whaiaronga '/var/yp/swl.fan' Kei te whakahou i te passwd.byname ... Kei te whakahou i te passwd.byuid ... Kei te whakahou i te group.byname ... Kei te whakahou i te group.bygid ... Kei te whakahou i te netid.byname. .. Te whakahou i te shadow.byname ... Kua warewarehia -> hanumi me te passwd hanga [1]: Waenga whaiaronga '/var/yp/swl.fan'

Ka taapirihia e maatau nga waahanga NIS ki te isc-dhcp-server

pakiaka @ rangatira: ~ # nano /etc/dhcp/dhcpd.conf
ddns-whakahou-kāhua taupua; ddns-whakahoutanga i runga i; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; waihohia nga whakahoutanga-a-kaihoko; whakahou-whakahou whakapae teka; mana; kōwhiringa ip-whakamua atu; kōwhiringa ingoa-ingoa "swl.fan"; whakauruhia "/etc/dhcp/dhcp.key"; rohe swl.fan. {tuatahi 127.0.0.1; kī dhcp-kī matua; } rohe 10.168.192.in-addr.arpa. {tuatahi 127.0.0.1; kī dhcp-kī matua; } tohatoha-whatunga hononga {subnet 192.168.10.0 netmask 255.255.255.0 {pouara whiringa 192.168.10.1; kōwhiringa subnet-mask 255.255.255.0; kōwhiringa haapurororaa-wahitau 192.168.10.255; kōwhiringa rohe-ingoa-kaitoha 192.168.10.5; kōwhiringa netbios-ingoa-kaitoha 192.168.10.5; kōwhiringa ntp-kaiwhakarato 192.168.10.5; kōwhiringa-waahi waahi 192.168.10.5;
                kōwhiringa nis-rohe "swl.fan";
                kōwhiringa nis-servers 192.168.10.5;
                awhe 192.168.10.30 192.168.10.250; }}

pakiaka @ rangatira: ~ # dhcpd -t
pakiaka @ rangatira: ~ # systemctl tīmata anō i te isc-dhcp-server.service

NIS Kaitono Kaitono

  • Ka tiimata mai i tetahi waahanga maamaa-kaore he atanga whakairoiro- o te Debian 8 "Jessie".
pakiaka @ mēra: ~ # ingoamuna -f
mail.swl.fan

pakiaka @ mēra: ~ # ip addr
2: eth0: mtu 1500 qdisc pfifo_fast state UP roopu taunoa qlen 1000 hono / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.9/24 brd 192.168.10.255 whanui ao eth0

pakiaka @ mēra: ~ # aptitude tāuta nis
pakiaka @ mēra: ~ # nano /etc/yp.conf # # yp.conf Whirihoranga konae mo te mahi ypbind. Ka taea e koe te tautuhi a-ringa i nga kaiwhakarato # NIS ki te kore e kitea ma te # paoho i runga i te kupenga a rohe (ko te taunoa). # # Tirohia te whaarangi a-wharangi mo te wetewete o tenei konae. # # MAHI: Mo te "ypserver", whakamahia nga wāhitau IP, kia mahara kei te # / kei roto te kaihautu i te / etc / ope. Kotahi noa te whakamaoritanga o tenei konae # ana, ana mena kaore e tae atu te DNS engari kaore e taea te whakatau i te ypserver kaore e herea e te ypbind ki te kaitoha. # ypserver ypserver.network.com ypserver master.swl.fan rohe swl.fan

pakiaka @ mēra: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Tauira whirihoranga mo te GNU Ingoa Whakawhiti Ratonga mahi. # Mena kei a koe nga kohinga `glibc-doc-tohutoro 'me` info' kua whakauruhia, ngana: #` info libc "Whakawhiti Ratonga Ingoa" 'mo nga korero mo tenei konae. passwd: compat nis group: compat nis shadow: compat nis gshadow: host files: files dns nis network: files kawa: db files services: db files ethers: db files rpc: db files netgroup: nis

pakiaka @ mēra: ~ # nano /etc/pam.d/common-session
# pam-auth-whakahou (8) mo nga korero taipitopito.
wātū kōwhiri pam_mkhomedir.so skel = / etc / skel umask = 077
# anei nga waahanga mo ia-paatete (te poraka "Paraimere")

pakiaka @ mēra: ~ # systemctl status nis
pakiaka @ mēra: ~ # systemctl restart nis

Ka katia e matou te huihuinga ka tiimata ano engari me te kaiwhakamahi kua rehitatia ki te papaarangi NIS i te rangatira.swl.fan.

pakiaka @ mēra: ~ # putanga
takiuru Hononga ki te mēra kua kati.

buzz @ sysadmin: ~ $ ssh legolas @ mēra
legolas @ mail's password: Hangaia te raarangi '/ kaainga / legolas'. Ko nga kaupapa whakauru me te punaha Debian GNU / Linux he raupaparorohiko koreutu; ko nga kupu tohatoha tika mo ia hotaka e whakaahuahia ana ki nga konae takitahi i te / usr / share / doc / * / mana pupuri. Ko te Debian GNU / Linux he TUPONO KORE HE WHAKAMATORI, ki te whānuitanga e whakaaehia ana e te ture e pa ana.
legolas @ mēra: ~ $ pwd
/ kaainga / legolas
legolas @ mēra: ~ $ 

Ka hurihia e matou te kupuhipa a te kaiwhakamahi legolas ka tirohia

legolas @ mēra: ~ $ yppasswd 
Te huri i nga korero kaute NIS mo nga legolas i runga i te master.swl.fan. Tena koa whakauruhia te kupuhipa tawhito: legolas Te huri i te kupuhipa NIS mo nga legolas i runga i te master.swl.fan. Whakauruhia mai he kupuhipa hou: kopere Ko nga kupuhipa me whai reta nui me nga reta iti, me nga reta kore ranei. Tena koa whakauruhia te kupuhipa hou: Arquero2017 Tena koa patohia te kupuhipa hou: Arquero2017 Kua hurihia te kupuhipa NIS ki te master.swl.fan.

legolas @ mēra: ~ $ putanga
takiuru Hononga ki te mēra kua kati.

buzz @ sysadmin: ~ $ ssh legolas @ mēra
legolas @ mail's password's password: Arquero2017

Ko nga kaupapa whakauru me te punaha Debian GNU / Linux he raupaparorohiko koreutu; ko nga kupu tohatoha tika mo ia hotaka e whakaahuahia ana ki nga konae takitahi i te / usr / share / doc / * / mana pupuri. Ko te Debian GNU / Linux he TUPONO KORE HE WHAKAMATORI, ki te whānuitanga e whakaaehia ana e te ture e pa ana. Takiuru whakamutunga: Mane Haratua 27 12:51:50 2017 mai i sysadmin.swl.fan
legolas @ mēra: ~ $

Ko te Ratonga NIS kua whakatinanahia ki te kaitoha me te taumata kaihoko ka mahi tika.

LDAP

Mai i Wikipedia:

  • Ko te LDAP te kupu whakapoto mo te Kawa Uru Whaiaronga Maama (i roto i te Kawa Uru Whaiaronga Maama Paniora) e pa ana ki tetahi kawa taumata-tono e taea ai te uru ki tetahi ratonga whaiaronga kua tohaina, tohaina hoki ki te rapu i nga korero maha kei roto i te whatunga taiao. Kei te whakaarohia ko te LDAP he paetukutuku (ahakoa he rereke te punaha penapena) ka taea te patai.Ko te whaiaronga ko te huinga o nga taonga me nga huanga kua whakaritehia i runga i te tikanga arorangi me te hierarchical. Ko te tauira noa ko te whaiaronga waea, kei roto ko te ingoa o nga ingoa (tangata, whakahaere ranei) e whakaraupapa taatai ​​ana, me ia ingoa me te wahitau me te nama waea e piri ana. Kia maarama ake ai, he pukapuka, he kopaki ranei, e tuhia ai nga ingoa o nga taangata, nama waea me nga wahitau, ka whakaraupapahia

    I etahi wa ka whakaatuhia e te rakau whaiaronga LDAP nga momo torangapu, rohe whenua, rohe whakahaere ranei, kei i te tauira i kowhiria. Ko nga whakamahinga o te LDAP o tenei wa kei te whakamahi i nga Ingoa Ingoa Rohe (DNS) hei hanga i nga taumata teitei ake o te hierarchy. Ka huri ana koe ki raro i te raarangi whaiaronga, ka puta mai pea nga urunga hei tohu i nga taangata, i nga wae whakahaere, i nga kaituhi, i nga tuhinga, i nga roopu taangata, i tetahi mea ranei e whakaatu ana i te urunga kua tukuna ki te raakau (he maha ranei nga urunga).

    I te nuinga o te waa, ka penapenahia e ia nga korero tuuturu (ingoa kaiwhakamahi me te kupuhipa) ka whakamahia hei whakamana, ahakoa ka taea te penapena i etahi atu korero (nga korero whakapiri a te kaiwhakamahi, te waahi o nga momo rauemi whatunga, nga whakaaetanga, nga tiwhikete me etahi atu. Hei whakarapopototanga, ko te LDAP he kawa whakauru whakauru ki nga huinga korero i runga i te whatunga.

    Ko te putanga o naianei ko te LDAPv3, ana kua tautuhia ki nga RFC RFC 2251 me te RFC 2256 (tuhinga turanga LDAP), RFC 2829 (tikanga whakamana mo te LDAP), RFC 2830 (toronga mo TLS), me te RFC 3377 (whakaritenga hangarau)

    .

Mo te roa, Ko te kawa LDAP - me ona papaanga raraunga hototahi, kaore ranei ki te OpenLDAP - koinei te mea e whakamahia ana i roto i te nuinga o nga punaha whakamotuhēhēnga o enei ra. Hei tauira mo te korero o mua, ka whakaatuhia i raro ake etahi ingoa o nga punaha -Rekau, Motuhake ranei - e whakamahi ana i nga papaarangi LDAP hei tuara hei pupuri i a raatau taonga katoa:

  • OpenLDAP
  • Tūmau Whaiaronga Apache
  • Kaitohu Whaiaronga Potae Whero - 389 DS
  • Ratonga Whaiaronga Novell - eDirectory
  • SUN Microsystem Whakatuwhera DS
  • Kaiwhakahaere Tuakiri Hat Whero
  • FreeIPA
  • Samba NT4 Kaiwhakarite Rohe Tauhira.
    E hiahia ana matou ki te whakamarama ko tenei punaha he whanaketanga o te Team Samba me Samba 3.xxx + OpenLDAP as backend. Kaore rawa a Microsoft i whakatinana i etahi mea penei. I peke mai i nga Kaiwhakahaere Roopu NT 4 ki o raatau Raarangi Hohe
  • Samba 4 Whaiaronga Hohe - Kaiwhakahaere Rohe
  • ClearOS
  • Zentyal
  • Tūmau rangatōpū a UCS
  • Whaiaronga Hohe a Microsoft

Kei ia whakamahinga ona ake ahuatanga, a ko te mea paerewa katoa me te hototahi ko te OpenLDAP.

Whaiaronga Hohe, ko te mea taketake mai i a Microsoft, ko tera mai i Samba 4 ranei, kei roto i te uniana o etahi waahanga matua e:

Kaua tatou e whakapoauau a Ratonga Whaiaronga o Ratonga Whaiaronga me te Whaiaronga Active o Whaiaronga Hohe. Kaore pea te mea o mua e manaaki i te whakatuturutanga a Kerberos, engari kaore e whakaekea te ratonga Whatunga Microsoft e tukuna ana e te Rohe Matapihi, kaore ano hoki a raatau Kaiwhakahaere Rohe Windows.

Ka taea te whakamahi i tetahi Ratonga Whaiaronga, Ratonga Whaiaronga ranei hei whakamana i nga kaiwhakamahi i roto i te whatunga whakauru me nga kaihoko UNIX / Linux me Windows. Mo tera, me whakauru he papatono ki ia kaihoko e mahi ana hei takawaenga i waenga i te Ratonga Whaiaronga me te kaihoko Windows ano, penei i te Raupaparorohiko Koreutu. whaarangi.

Ratonga Whaiaronga me te OpenLDAP

  • Ka tiimata mai i tetahi waahanga maamaa-kaore he atanga whakairoiro- o te Debian 8 "Jessie", me te ingoa miihini "rangatira" e whakamahia ana mo te whakauru i te NIS, me te whirihoranga o tana hononga whatunga me te /etc/resolv.conf konae. I whakauruhia e matou te ntp, bind9 me te isc-dhcp-kaitoha mo tenei kaitoha hou, me te kore e warewarehia nga tirotiro a te ao mo te whakahaere tika o nga ratonga e toru o mua.
pakiaka @ rangatira: ~ # maramatanga ki te whakauru i nga apara-ldap-util

Whirihoranga kohinga

.. Whirihoranga Slapd ├─────────────────────┐ │ Whakauruhia te kupuhipa mo te urunga kaiwhakahaere o to raarangi LDAP │ │. │ │ │ │ Kupuhipa Kaiwhakahaere: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘

Ka tirohia e maatau te whirihoranga tuatahi

pakiaka @ rangatira: ~ # papaki
dn: dc = swl, dc = fan
objectClass: top objectClass: dcObject objectClass: organisation o: swl.fan dc: swl hangangaObjectClass: urunga whakauruUUID: c8510708-da8e-1036-8fe1-71d022a16904 kaihangaName: cn = admin, dc = swl, dc = fan urunga waihangaTimestamp20170531205219: 20170531205219.833955momo000000 Z # 000 # 000000 # 20170531205219 whakarerekē Ingoa: cn = admin, dc = swl, dc = fan whakarereke Tauira: XNUMXZ

dn: cn = kaiwhakahaere, dc = swl, dc = fan
objectClass: simpleSecurityObject te tūemiTūmomo e: organizationalRole cn: admin whakaahuatanga: kaiwhakahaere LDAP userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e-da8fe1036e-entrySw8d-2-dm71c-022-entrySw16904e-da20170531205219fe-20170531205219.834422-urunga-000000-fancimes-c000emp000000a20170531205219-entrySwXNUMX -cXNUMXempXNUMXeXNUMXpmTmlYOVhKSUXNUMX-urunga-XNUMXc-XNUMX-f-XNUMX-urunga-XNUMX-c-XNUMX-fcf-XNUMX-urunga-XNUMX-cXNUMX-daXNUMXfe-XNUMX-urunga-XNUMX-fancimes-whakauru-XNUMX-urunga-ufr-ole -entry: XNUMXZ # XNUMX # XNUMX # XNUMX whakarerekē Ingoa: cn = admin, dc = swl, dc = fan whakarereke Tauira: XNUMXZ

Ka whakarerekehia e matou te konae /etc/ldap/ldap.conf

pakiaka @ rangatira: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = fan URI    ldap: // localhost

Wae Whakahaere me nga roopu «kaiwhakamahi»

Ka taapirihia e maatau nga Units Whakahaere iti rawa, me te roopu Posix «nga kaiwhakamahi» ka waiho hei mema katoa mo nga mema, me te whai i nga tauira o nga punaha maha kei roto i te roopu «kaiwhakamahi«. Ka whakaingoatia e maatau me te ingoa o nga «kaiwhakamahi» kia kore ai e uru atu ki nga pakanga me te roopu «kaiwhakamahiTuhinga o mua.

pakiaka @ rangatira: ~ # nano turanga.ldif
dn: ou = people, dc = swl, dc = fan objectClass: organisationalUnit ou: people dn: ou = roopu, dc = swl, dc = fan objectClass: organisationalUnit ou: roopu dn: cn = kaiwhakamahi, ou = roopu, dc = swl, dc = mea ahanoaKuroro: posixRopu cn: nga kaiwhakamahi gidNumber: 10000

pakiaka @ rangatira: ~ # ldapadd -x -D cn = kaiwhakahaere, dc = swl, dc = fan -W -f turanga.ldif
Whakauruhia te Kupuhipa LDAP: te taapiri i te urunga hou "ou = people, dc = swl, dc = fan" me te taapiri i te urunga hou "ou = roopu, dc = swl, dc = fan"

Ka tirohia e maatau nga tuhinga kua taapirihia

pakiaka @ rangatira: ~ # ldapsearch -x ou = iwi
# tangata, swl.fan dn: ou = tangata, dc = swl, dc = mea ahanoaKonga: whakahaereUnit ou: iwi

pakiaka @ rangatira: ~ # ldapsearch -x ou = roopu
# roopu, swl.fan dn: ou = roopu, dc = swl, dc = mea ahanoaKonga: whakahaereUnit ou: roopu

pakiaka @ rangatira: ~ # ldapsearch -x cn = kaiwhakamahi
# kaiwhakamahi, roopu, swl.fan dn: cn = kaiwhakamahi, ou = roopu, dc = swl, dc = mea ahanoaKonga: posixGroup cn: kaiwhakamahi gidNumber: 10000

Ka taapirihia e maatau etahi kaiwhakamahi

Ko te kupuhipa me kii e taatau ki te LDAP me kii ma te whakahau slappasswd, e whakahoki ana i te kupuhipa SSHA whakamuna.

Kupuhipa mo nga mahi a te kaiwhakamahi:

pakiaka @ rangatira: ~ # slappasswd 
Kupuhipa Hou: Whakauru ano ki te kupuhipa hou: 
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp

Kupuhipa mo nga kaiwhakamahi legolas

pakiaka @ rangatira: ~ # slappasswd 
Kupuhipa Hou: Whakauru ano ki te kupuhipa hou: 
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD

Kupuhipa mo te kaiwhakamahi gandalf

pakiaka @ rangatira: ~ # slappasswd 
Kupuhipa Hou: Whakauru ano ki te kupuhipa hou: 
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u

pakiaka @ rangatira: ~ # nano kaiwhakamahi.ldif
dn: uid = strides, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides giveName: Strides sn: El Rey userPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
uidNumber: 10000 gidNumber: 10000 mēra: trancos@swl.fan
gecos: Strider El Rey takiuruWhakaahua: / bin / bash homeTohuinga: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cn: legolas givenName : Legolas sn: Kaiwhakamahi kaikopere Kupu matua: {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
uidNumber: 10001 gidNumber: 10000 mēra: legolas@swl.fan
gecos: Legolas Archer login Whakauruhe: / bin / bash homeTohu: / home / legolas dn: uid = gandalf, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: gandalf cn: gandalf givenName: Gandalf sn: Te Kaiwhakamahi RuānukuKupu Kupu: {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
uidNumber: 10002 gidNumber: 10000 mēra: gandalf@swl.fan
gecos: Gandalf Ko te Ruānuku takiuruWhakaahua: / ipu / bash kaaingaTohu: / kaainga / gandalf

pakiaka @ rangatira: ~ # ldapadd -x -D cn = kaiwhakahaere, dc = swl, dc = fan -W -f kaiwhakamahi.ldif
Whakauruhia te Kupuhipa LDAP: te taapiri i te urunga hou "uid = strides, ou = people, dc = swl, dc = fan" me te taapiri i te urunga hou "uid = legolas, ou = people, dc = swl, dc = fan" te whakauru i te urunga hou "uid = gandalf, ou = tangata, dc = swl, dc = fan "

Ka tirohia e maatau nga tuhinga kua taapirihia

pakiaka @ rangatira: ~ # ldapsearch -x cn = hikoi
pakiaka @ rangatira: ~ # ldapsearch -x uid = hikoi

Ka whakahaerehia e maatau te papaahi papaa korero me nga taputapu papatohu

Ka tohua e maatau te kohinga Tuhinga mo taua mahi. Ko te whakaurunga me te whakaritenga whirihoranga e whai ake nei:

pakiaka @ rangatira: ~ # maramatanga ki te whakauru i nga tuhinga tuhi
 
pakiaka @ rangatira: ~ # mv /etc/ldapscripts/ldapscripts.conf \
/etc/ldapscripts/ldapscripts.conf.original
 
pakiaka @ rangatira: ~ # nano /etc/ldapscripts/ldapscripts.conf
SERVER = localhost BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDCloud = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = nga roopu' USUFFIX = 'ou = people' # MSUFFIX = 'ou = Computers' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # Ka tono te kaihoko a OpenLDAP ki a LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixGroup "/ etc.EMPL /" etc. /ldapadduser.template "PASSWORDGEN =" echo% u "

Panui kei te whakamahia e nga tuhinga nga whakahau mo te kohinga taputapu-ldap-utils. Rere dpkg -L ldap-utils | grep / ipu para kia mohio he aha ra raatau.

pakiaka @ rangatira: ~ # sh -c "echo -n 'admin-password'> \
/etc/ldapscripts/ldapscripts.passwd "
 
pakiaka @ rangatira: ~ # chmod 400 /etc/ldapscripts/ldapscripts.passwd
 
pakiaka @ rangatira: ~ # cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \
/etc/ldapscripts/ldapadduser.template
 
pakiaka @ rangatira: ~ # nano /etc/ldapscripts/ldapadduser.template
dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: cn: Ingoa i homai: sn: ingoa Whakaatu: Tau Uid: gidNumber: 10000 kaaingaParonga: takiuruWhakahere: mēra: @ swl.fan geckos: whakaahuatanga: Pūkete Kaiwhakamahi
 
pakiaka @ rangatira: ~ # nano /etc/ldapscripts/ldapscripts.conf
## ka tangohia e matou nga korero UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"

Ka taapirihia e matou te "bilbo" a te kaiwhakamahi ka waiho hei mema mo te roopu "kaiwhakamahi"

pakiaka @ rangatira: ~ # ldapadduser kaiwhakamahi bilbo
[dn: uid = bilbo, ou = people, dc = swl, dc = fan] Whakauruhia te uara mo "giveName": Bilbo [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Whakauruhia te uara mo " sn ": Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Whakauruhia te uara mo te" displayName ": Bilbo Bagins I angitu te taapiri i te kaiwhakamahi ki te LDAP I tutuki angitu te kupu huna mo te kaiwhakamahi

pakiaka @ rangatira: ~ # ldapsearch -x uid = bilbo
# bilbo, people, swl.fan dn: uid = bilbo, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins displayName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / home / bilbo loginShell: / bin / bash mail: bilbo@swl.fan
gecos: whakaahuatanga bilbo: Pūkete Kaiwhakamahi

Hei kite i te hash o te kupuhipa a te kaiwhakamahi bilbo, me mahi te uiui me te motuhēhē:

pakiaka @ rangatira: ~ # ldapsearch -x -D cn = kaiwhakahaere, dc = swl, dc = fan -W uid = bilbo

Hei whakakore i te kaiwhakamahi bilbo ka mahia e matou:

pakiaka @ rangatira: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo, ou = people, dc = swl, dc = fan
Whakauruhia te Kupuhipa LDAP:

pakiaka @ rangatira: ~ # ldapsearch -x uid = bilbo

Ka whakahaerehia e maatau te papanga papaanga ma te papaanga tukutuku

He Ratonga Whaiaronga mahi a maatau, a he hiahia maatau ki te whakahaere maatau. He maha nga hotaka kua hoahoahia mo tenei mahi, penei i te phpldapadmin, ldap-pūkete-kaiwhakahaere, me etahi atu, e waatea ana mai i nga whare putunga. Ka taea hoki e taatau te whakahaere i tetahi Ratonga Whaiaronga ma te Apache Directory Studio, me tango e tatou mai i te Ipurangi.

Mo etahi atu korero, tirohia koa https://blog.desdelinux.net/ldap-introduccion/, me nga tuhinga e 6 e whai ake nei.

Kaihoko LDAP

Te riipene:

Ki atu kei a matou te tiima mail.swl.fan hei kaiwhakarato mēra i whakatinanahia kia rite ki ta maatau i kite ai i te tuhinga Postfix + Dovecot + Squirrelmail me nga kaiwhakamahi o te rohe, ahakoa i whanakehia i runga i te CentOS, he tohu pea mo Debian me etahi atu waahanga Linux. Kei te hiahia matou, hei taapiri atu ki nga kaiwhakamahi o te rohe kua oti i a maatau te kii, ko nga kaiwhakamahi kei te penapena i te papaa whanui OpenLDAP kei roto rangatira.swl.fan. Ki te whakatutuki i runga ake me «mahere i waho»Ki nga kaiwhakamahi LDAP hei kaiwhakamahi kaainga i runga i te kaituku mail.swl.fan. He tika ano hoki tenei otinga mo nga ratonga e hangai ana ki te whakatuturutanga o te PAM. Te tikanga whanui mo Debian, e whai ake nei:

pakiaka @ mēra: ~ # maramarama ki te whakauru libnss-ldap libpam-ldap ldap-utils

  Tuhinga o mua libnss-ldap ├─────────────────────┐ │ Whakauruhia te URI ("Kaitohu Rauemi Tuturu", ranei │ │ Kaitohu Rauemi Tika) o te kaitoha LDAP. He rite tenei aho ki te │ │ «ldap: //: / ». Ka taea hoki e koe te whakamahi i «mapu: // » ko "ldapi: //". He waatea te nama tauranga. │ │ │ │ E taunaki ana kia whakamahi i tetahi wahitau IP hei karo i te ngoikoretanga ina kaore i te waatea nga ratonga ingoa rohe │ │. │ │ │ │ Tūmau LDAP URI: │ │ │ │ ldap: //master.swl.fan________________________________________________________ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────────── Tuhinga o mua libnss-ldap ├──────────────────────┐ │ Whakauruhia te ingoa whakahirahira (DN) o te papa rapu LDAP. He maha nga waahi kei te whakamahi i nga waahanga o te ingoa rohe mo tenei kaupapa │ │. Hei tauira, ko te rohe "example.net" ka whakamahi i te │ │ "dc = hei tauira, dc = net" hei ingoa rongonui mo te papa rapu. │ │ │ │ Te ingoa rongonui (DN) o te papa rapunga: │ │ │ │ dc = swl, dc = fan ________________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libnss-ldap ├──────────────────────┐ │ Whakauruhia te putanga o te kawa LDAP me whakamahi e nga ldapns. E taunaki ana kia whakamahia te tau putanga teitei e waatea ana. │ │ │ │ Putanga LDAP hei whakamahi: │ │ │ │                                     3                                     │ 2 │ │ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libnss-ldap ├──────────────────────┐ │ Tiwhiria ko tehea kaute ka whakamahia mo nga paatai ​​nss me nga mana │ │ o nga pakiaka. │ │ │ │ Tuhipoka: Kia pai ai te mahi, me whakaae nga kaute ki te │ │ kia uru ki nga huanga LDAP e hono ana ki nga urunga "atarangi" a te kaiwhakamahi me nga kupuhipa a nga roopu me nga roopu. │ │ │ │ Kaute LDAP mo te pakiaka: │ │ │ │ cn = admin, dc = swl, dc = fan ___________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libnss-ldap ├─────────────────────┐ │ Whakauruhia te kupuhipa hei whakamahi ina ngana ana te libnss-ldap ki te │ │ whakamana ki te whaiaronga LDAP me te kaute LDAP o te pakiaka. │ │ │ │ Ka penapena te kupuhipa ki tetahi konae motuhake │ │ ("/etc/libnss-ldap.secret") ma te pakiaka anake e uru. │ │ │ │ Mena ka whakauruhia e koe he kupuhipa kore, ka whakamahia ano te kupuhipa tawhito. │ │ │ │ Kupuhipa mo te kaute LDAP pakiaka: │ │ │ │ ***** ________________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌──────────────────── Tuhinga o mua libnss-ldap ├──────────────────────┐ │ │ │ nsswitch.conf kaore i te whakahaere wawe │ │ │ │ Me whakarereke e koe to konae "/etc/nsswitch.conf" ki te whakamahi i tetahi punaha raraunga LDAP mena e hiahia ana koe kia mahi te kohinga libnss-ldap. │ │ Ka taea e koe te whakamahi i te konae tauira │ │ i roto i te "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" hei tauira mo te whirihoranga nsswitch ranei │ │ ka taea e koe te kape i runga i to whirihoranga onaianei. │ │ │ │ Kia maumahara i mua i te tangohanga o tenei kete akene he waatea ki te │ │ tango i nga urunga "ldap" mai i te konae nsswitch.conf kia mahi tonu nga ratonga matua │ │. │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libpam-ldap ├──────────────────────┐ │ │ │ Ma tenei waahanga ka taea e nga taputapu kupuhipa ma te whakamahi i te PAM hei huri i nga kupuhipa o te rohe. │ │ │ │ Ka penapenahia te kupuhipa mo te kaute kaiwhakahaere LDAP ki tetahi konae │ │ wehe ka taea noa e nga kaiwhakahaere te paanui. │ │ │ │ Ko tenei waahanga me whakakore, mena ka eke ana te "/ etc" ma te NFS. │ │ │ │ Kei te hiahia koe ki te tuku i te kaute a te kaiwhakahaere LDAP kia rite ki te kaiwhakahaere o te rohe? │ │ │                                            │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libpam-ldap ├──────────────────────┐ │ │ │ A kowhiria mena ka akiaki te kaitoha LDAP i mua i te urunga mai o nga entrada │ │ │ │ He iti rawa te waahi o tenei waahi. │ │ │ │ Me whiwhi te kaiwhakamahi ki te whakauru ki te papaarangi korero LDAP? │ │ │                                               │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libpam-ldap ├──────────────────────┐ │ Whakauruhia te ingoa o te kaute kaiwhakahaere LDAP. │ │ │ │ Ka whakamahia aunoa tenei kaute mo te whakahaere paataka raraunga, no reira me tika nga mana whakahaere. │ │ │ │ Pūkete kaiwhakahaere LDAP: │ │ │ │ cn = kaiwhakahaere, dc = swl, dc = kaiwhakarato___________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── Tuhinga o mua libpam-ldap ├──────────────────────┐ │ Whakauruhia te kupuhipa mo te kaute kaiwhakahaere. │ │ │ │ Ka tiakina te kupuhipa ki te konae "/etc/pam_ldap.secret". Ko te kaiwhakahaere │ │ ko ia anake ka mohio ki te paanui i tenei konae, ka tuku i a p │ libpam-ldap ki te whakahaere aunoa i te whakahaerenga o nga hononga i roto i te putunga korero │ │. │ │ │ │ Mena ka waihohia e koe tenei mara, ka whakamahia ano te kupuhipa i tiakina i mua │ │. │ │ │ │ LDAP kupuhipa kaiwhakahaere: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

pakiaka @ mēra: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Tauira whirihoranga mo te GNU Ingoa Whakawhiti Ratonga mahi. # Mena kei a koe nga kohinga `glibc-doc-tohutoro 'me` info' kua whakauruhia, ngana: #` info libc "Whakawhiti Ratonga Ingoa" 'mo nga korero mo tenei konae. passwd: compat whakakahore
roopu: compat whakakahore
atarangi: compat whakakahore
gshadow: he konae a nga konae: he konae ki te whatunga: he kawa o te konae: he konae ki nga konae: he konae: he

Me whakatika e tatou te konae /etc/pam.d/common-password, ka haere matou ki te raarangi 26 ka whakakore i te uara «whakamahi_authtok":

pakiaka @ mēra: ~ # nano /etc/pam.d/common-password
# # /etc/pam.d/common-password - ko nga waahanga hono-kupuhipa noa ki nga ratonga katoa # # I whakauruhia tenei konae mai i etahi atu konae PAM config-service, # ana me whai raarangi o nga waahanga e tautuhi ana i nga ratonga hei # whakamahia hei huri i nga kupuhipa a nga kaiwhakamahi. Ko te hapanga he pam_unix. # He whakamarama i nga whiringa pam_unix: # # Ko te whiringa "sha512" ka taea te kupuhipa SHA512 tote. Ki te kore tenei waahanga, # te taunoa ko te Unix crypt. Tuhinga o mua i whakamahia te whiringa "md5". # # Ko te whiringa "kerekere" ka whakakapi i te whiringa tawhito "OBSCURE_CHECKS_ENAB 'i roto i te # login.defs # # Tirohia te pam_unix manpage mo etahi atu waahanga. # Mo te pam 1.0.1-6, ka whakahaeretia e tenei-na te pam-auth-whakahou ma te taunoa. # Hei painga ki a koe, e taunaki ana kia whirihorahia e koe tetahi waahanga # a-rohe i mua atu i muri ranei i te poraka taunoa, me te whakamahi i te # pam-auth-whakahou hei whakahaere i te waahanga o etahi atu waahanga. Tirohia te # pam-auth-whakahou (8) mo nga korero taipitopito. # anei nga waeapara mo ia-putunga (te poraka "Paraimere") kupuhipa [angitu = 2 taunoa = wareware] pam_unix.so kerekere sha512
kupuhipa [angitu = 1 kaiwhakamahi_unknown = wareware taunoa = mate] pam_ldap.so ngana_first_pass
# anei te hokinga mai mena kaore he waahanga e angitu i te kupuhipa e hiahiatia ana pam_deny.so # tuatahi te puranga me te uara whakahoki pai mena kaore ano kia kotahi; # ka karo tenei i a tatou ki te whakahoki he he na te mea kaore he tohu tohu angitu # na te mea ko nga waahanga i runga ake nei ka peke atu ki te taha o te kupuhipa e hiahiatia ana pam_permit.so # ana anei etahi atu waahanga-a-kohinga (te "Taapiri" poraka) # mutunga o te pam- auth-whakahou config

Mena ka hiahia maatau te Takiuru Rohe o nga kaiwhakamahi kua penapena ki te LDAP, me te hiahia kia hanga aunoa a raatau kōpaki home, me whakatika e matou te konae /etc/pam.d/common-session ka taapirihia te raina e whai ake nei ki te pito o te konae:

wātū kōwhiri pam_mkhomedir.so skel = / etc / skel umask = 077

I roto i te tauira Ratonga Whaiaronga OpenLDAP i whakawhanakehia i mua, ko te kaiwhakamahi anake o te rohe i waihangahia ko te kaiwhakamahi buzz, i te wa i te LDAP ka hangaia e maatau nga kaiwhakamahi hikoi, Legolas, Tuhingaa putea. Mena he tika nga whirihoranga i puta mai i tenei wa, ka taea e taatau te whakararangi i nga kaiwhakamahi o te rohe me nga maapepa hei takiwa engari ka penapena ki te kaitoha mamao LDAP:

pakiaka @ mēra: ~ # passent passwd 
buzz: x: 1001: 1001: Buzz Debian OS Tuatahi ,,,: / home / buzz: / bin / bash
Nga nekehanga: x: 10000: 10000: Strides El Rey: / home / strides: / bin / bash
legolas: x: 10001: 10000: Legolas Archer: / home / legolas: / bin / bash
gandalf: x: 10002: 10000: Gandalf Te Ruānuku: / kainga / gandalf: / ipu / bash
bilbo: x: 10003: 10000: bilbo: / home / bilbo: / bin / bash

Whai muri i nga whakarereketanga o te whakamotuhēhēnga o te punaha, he tika ki te whakaara i te kaituku mena kei te anga atu taatau ki tetahi ratonga tino nui:

pakiaka @ mēra: ~ # whakaara ano

A muri ake ka tiimata taatau huihuinga a rohe i runga i te kaituku mail.swl.fan me nga taipitopito tuakiri a te kaiwhakamahi kei te rongoa i te papaarangi korero LDAP o rangatira.swl.fan. Ka taea hoki e taatau te ngana ki te whakauru ki roto ma te SSH.

 

buzz @ sysadmin: ~ $ ssh gandalf @ mēra
gandalf @ meera kupuhipa: Te hanga whaiaronga '/ kaainga / gandalf'. Ko nga kaupapa whakauru me te punaha Debian GNU / Linux he raupaparorohiko koreutu; ko nga kupu tohatoha tika mo ia hotaka e whakaahuahia ana ki nga konae takitahi i te / usr / share / doc / * / mana pupuri. Ko te Debian GNU / Linux me te TUPONO KORE HE WHAKAMAHI, ki te whānuitanga e whakaaehia ana e te ture e pa ana.
gandalf @ mēra: ~ $ su
Kupuhipa:

pakiaka @ mēra: / kaainga / gandalf # roopu whakauru
buzz: x: 1001: kaiwhakamahi: *: 10000:

pakiaka @ mēra: / kaainga / gandalf # putanga
putanga

gandalf @ mēra: ~ $ ls -l / kainga /
8 katoa drwxr-xr-x 2 buzz buzz     4096 Jun 17 12:25 buzz drwx ------ 2 kaiwhakamahi gandalf 4096 Jun 17 13:05 gandalf

Ko te Ratonga Whaiaronga kua whakatinanahia i te taumata kaitoha me te kaihoko, he tika te mahi.

Kerberos

Mai i Wikipedia:

  • Ko Kerberos he kawa motuhēhono whatunga rorohiko i hangaia e te MIT e taea ai e nga rorohiko e rua i runga i te whatunga raupaparorohiko te whakaatu i ta raatau tuakiri tetahi ki tetahi. Ko nga kaihoahoa i arotahi tuatahi ki te tauira kaihoko-kaitoha, me te whakarato i te motuhēhēnga: ko nga kaihoko me nga kaiwhakarato e whakaatu ana ko wai te tuakiri o tetahi. Ka tiakina nga karere whakatutukitanga hei aukati whakarewa y whakaeke whakaeke.

    Ko te Kerberos e hangai ana ki te hangarite kreta matua me te hiahia kia tuatoru nga tira. Hei taapiri, kei kona nga whakaroanga ki te kawa e taea ai te whakamahi krero krero kore hangarite.

    Kerberos e hangai ana ki te Tikanga a Needham-Schroeder. Ka whakamahia e ia te roopu tuatoru e whirinaki ana, e kiia ana ko te "Pokapu Tohatoha Matua" (KDC), e rua nga waahanga arorau motuhake: he "Tūmau Motuhēhēnga" (AS he Tūmau Motuhēhēnga) me te «kaiwhakarato tiikiti tuku» ). Kei te mahi a Kerberos i runga i te "tiikiti", hei tohu ko wai nga kaiwhakamahi.

    Kei a Kerberos te pupuri i tetahi papaanga korero mo nga ki muna; Ko ia hinonga kei te whatunga - ko te kaihoko, ko te kaitoha ranei - ka tohaina i tetahi ki muna muna mo ia ko Kerberos anake. Ko te maaramatanga ki tenei kaupapa matua hei tohu ko wai te tangata hinonga. Mo te korerorero i waenga i nga hinonga e rua, ka whakaputa a Kerberos i tetahi matua huihuinga, ka taea e raatau ki te whakatau i o raatau raru.

Tuhinga o mua

De Hoahoatia:

Ahakoa Kerberos ka tango i tetahi tuma haumarutanga noa, he uaua pea te whakatinana mo nga tini take:

  • Te heke i nga kupuhipa mai i te paerewa paerewa paerewa paerewa UNIX, penei i te / etc / passwd / / etc / shadow ranei, ki te papaanga kupuhipa Kerberos, ka raru, kaore hoki he mahinga tere hei whakatutuki i tenei mahi.
  • Kei te whakaaro a Kerberos e whirinaki ana ia kaiwhakamahi, engari kei te whakamahia e ia he miihini kore whakawhirinaki ki runga i te whatunga kore whirinaki. Ko tana whainga matua ko te aukati i nga kupuhipa kaore i whakamunahia kia tukuna mai i runga i te whatunga. Heoi, mena ko tetahi atu kaiwhakamahi, haunga te kaiwhakamahi tika, ka uru ki te miihini tohu (KDC) hei whakamana, ka raru a Kerberos.
  • Hei whakamahi i te tono ki a Kerberos, me whakarereke te waehere kia pai ai nga waea ki nga wharepukapuka o Kerberos. Ko nga tono ka whakarerekehia penei ka kiia he kerberized. Mo etahi tono, he mahi nui pea tenei mo te hotaka, na te rahi o te tono, tana Hoahoa ranei. Mo etahi atu tono hotokore, me whakarereke te ahua o te korero a te kaituku whatunga me ona kaihoko; ano, ka taea e tenei te tango i te iti o te hōtaka. I te nuinga o nga wa, ko nga tono katia kati kaore he tautoko a Kerberos te nuinga o nga raru.
  • Ka mutu, mena ka whakatau koe ki te whakamahi i a Kerberos i runga i to whatunga, me maarama koe he whiringa katoa kaore he aha. Mena kua whakatau koe ki te whakamahi i a Kerberos i runga i to whatunga, me maumahara koe ki te tukuna he kupuhipa ki tetahi ratonga kaore e whakamahi i a Kerberos ki te whakamana, ka raru pea koe kei kapea te putea. Na, kaore he painga o to whatunga ki te whakamahi i a Kerberos. Kia mau ai to hononga ki a Kerberos, me whakamahi noa i nga waahanga kerekere o nga kaitono katoa / kaitono kaitono ka tuku i nga kupuhipa kore kua whakakorehia, kaore ranei e whakamahi i tetahi o enei tono ki te whatunga..

Ko te whakamahi me te whirihora i te OpenLDAP hei Kerberos Hoki-Whakamutunga ehara i te mahi ngawari. Heoi, i muri ake nei ka kite taatau i te Whaiaronga Mahi Samba 4 - Kaitoha Rohe whakauru ki tetahi ara maamaa mo te Sysadmin, he kaiwhakarato DNS, te Whatunga Microsoft me tana Kaiwhakahaere Roopu, kaiwhakarato LDAP hei Whakamutunga-mutunga o ana taonga katoa, me te ratonga motuhēhēnga e ahu mai ana i Kerberos hei waahanga nui o te Whaiaronga Hohe-a Microsoft.

I tenei wa kaore ano i hiahiatia te whakatinana i tetahi "Whatunga Kerberized". Koinei te take kaore matou i tuhi mo te whakamahi i a Kerberos.

Samba 4 Whaiaronga Hohe - Kaiwhakahaere Rohe

Mea nui:

Kaore he tuhinga pai ake i te papanga wiki.samba.org. Me toro atu a Sysadmin ki a ia ano i te waahi Ingarihi- me te tirotiro i te maha o nga whaarangi kua whakatapua katoa ki a Samba 4, na Team Samba ake i tuhi. Ki taku whakapono kaore he tuhinga e waatea ana i runga i te Ipurangi hei whakakapi. Me hoki, tirohia te maha o nga haerenga e whakaatuhia ana i raro o ia whaarangi. Ko tetahi tauira o tenei ko to whaarangi matua «Wharangi Matua» i tirohia 276,183 nga wa o tenei ra Pipiri 20, 2017 i te 10:10 Te Wae Paerewa Rawhiti. Hei taapiri, kei te mau tonu nga tuhinga ki tenei ra, na te mea i whakarerekehia taua whaarangi i te Hune 6.

Mai i Wikipedia:

He whakamahi koreutu a Samba i te Kawa Tiritiri Kōnae Microsoft Windows (i huaina i mua ko SMB, kua tapaina ko CIFS) mo nga punaha UNIX. Ma tenei, ka taea pea ko nga rorohiko me te GNU / Linux, te Mac OS X, te Unix ranei i te nuinga o te waa ka rite ki nga kaiwhakarato, hei kaihoko ranei i nga whatunga Matapihi. Ka tukuna e Samba nga kaiwhakamahi ki te whakamana hei Kaiwhakahaere Roopu Tuatahi (PDC), hei mema mo te rohe tae atu ki te rohe Whaiaronga Hohe mo nga whatunga-a-Matapihi; haunga i te taea ki te mahi i nga rarangi taarua, i nga raarangi whai waahi me te whakamana me tana ake koputu kaiwhakamahi.

I roto i nga punaha Unix-rite e taea ai te whakahaere a Samba ko nga tohatoha GNU / Linux, Solaris me nga rereketanga BSD rereke i waenga i nga ka kitea e maatau te Mac OS X Server a Apple.

Samba 4 AD-DC me tana DNS a-roto

  • Ka tiimata mai i tetahi waahanga maamaa-kaore he atanga whakairoiro- o te Debian 8 "Jessie".

Arowhai tuatahi

pakiaka @ rangatira: ~ # ingoa rangatira
ariki
pakiaka @ rangatira: ~ # ingoa rangatira --fqdn
rangatira.swl.fan
pakiaka @ rangatira: ~ # ip addr
1: he aha: mtu 65536 qdisc noqueue state UNKNOWN roopu taunoa hono hono / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 host range range lo valid_lft forever prefer_lft forever inet6 :: 1/128 kaitautoko kaiwhakauru whai mana_lft ake ake manakohia_lft ake ake 2: eth0: mtu 1500 qdisc pfifo_fast state KORE i mohiotia te roopu roopu qlen 1000 hono / ether 00: 0c: 29: 80: 3b: 3f brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.5/24 brd 192.168.10.255 whanui ao eth0
       valid_lft ake ake manakohia_lft ake tonu inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 hononga whanui valid_lft ake ake manakohia_lft ake ake
pakiaka @ rangatira: ~ # ngeru /etc/resolv.conf
rapu swl.fan nameserver 127.0.0.1
  • Ka whakaatuhia e matou te peka matua anake, he nui ake mo a maatau kaupapa.
pakiaka @ rangatira: ~ # ngeru /etc/apt/source.list
nama http://192.168.10.1/repos/jessie-8.6/debian/ jessie matua
nama http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / whakahou matua

Postfix na Exim me nga taputapu

pakiaka @ rangatira: ~ # aptitude tāuta postfix htop mc deborphan

  ┌────────────────────────┤ Whirihoranga Panui ┌────────────────────────┤ ────┐ │ Tiwhiria te momo whirihoranga kaituku mēra e pai ana ki o hiahia │ │. │ │ │ │ Kaore he whirihoranga: │ │ Kei te mau tonu te whirihoranga o naianei. │ │ Paetukutuku: │ │ Ka tukuna te Mēra ka whiwhi tika ma te whakamahi i te SMTP. │ │ Ipurangi me te «smarthost»: │ │ Ka tae tika mai a Mail ma te whakamahi i te SMTP, ma te whakahaere ranei i tetahi taputapu como │ penei i te «fetchmail». Ka tukuna he miera putaatu ma te whakamahi i te "smarthost". │ │ Mema-rohe noa iho: │ │ Ko nga miihini anake e tukuna ana ma nga kaiwhakamahi o te rohe anake. Kao │ │ he whatunga. │ │ │ │ Te momo whirihoranga mēra: │ │ │ │ Kaore he whirihoranga │ │ Paetukutuku │ │ Ipurangi me te "smarthost" │ │ punaha Satellite │ │                         Meera noa iho                                │ │ │ │ │                                     │ │ └────────────────────────────────────────────── ┌──────────────────── ─────┤ Whirihoranga Postfix ├─────────────────────────┐ │ Ko te "ingoa punaha mēra" te ingoa o te rohe Ka whakamahia te │ │ hei "tohu" _ALL_ waeitau imeera me te kore ingoa ingoa. Kei roto i tenei ko nga meera mai i te "pakiaka": kaua koa e hanga máquina │ ka tukuna mai e to miihini i-meera mai i root@example.org ki te │ │ iti iho i te root@example.org pātai. │ │ │ │ Ka whakamahia e etahi atu papatono tenei ingoa. Me waiho he ingoa rohe tohu │ │ motuhake (FQDN) motuhake. │ │ │ │ No reira, mena he imeera kei runga i te miihini kaainga ko te is │ tetahi mea@ tauira Tauira.org, ko te uara tika mo tenei waahanga ko te tauira.org. │ │ │ │ Ingoa punaha: │ │ │ │ rangatira.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Ka horoi tatou

pakiaka @ rangatira: ~ # purenga maarama ~ c
pakiaka @ rangatira: ~ # aptitude tāuta -f
pakiaka @ rangatira: ~ # maamaa te maarama
pakiaka @ rangatira: ~ # matatau autoclean

Ka whakauruhia e maatau nga whakaritenga hei whakahiato Samba 4 me etahi atu putea e tika ana

pakiaka @ rangatira: ~ # aptitude tāuta acl attr autoconf bison \
hanga-tino whawhakaora dnsutils tuhinga-xml pukapuka-pukapuka-xsl flex gdb \
krb5-kaiwhakamahi libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev perl perl-modules pkg-config \
python-all-dev python-dev python-dnspython python-crypto \
xsltproc zlib1g -dev libgpgme11 -dev python -gpgme python -m2crypto \
libgnutls28-dbg gnutls-dev ldap-utils krb5-config

 ┌───────────────┤ Whirihora ana i te motuhēhēnga Kerberos ├───────────────┐ │ Ka ngana te kaiwhakamahi ki te whakamahi i a Kerberos me te tohu ingoa │ │ tumuaki, kaiwhakamahi ranei, me te kore e whakamarama ki te rohe whakahaere o Kerberos te tumuaki │ │, ka riro i te punaha te rohe taunoa │ │.  Ko te rohe taunoa ka taea te whakamahi hei the │ kingitanga o te ratonga Kerberos e rere ana i runga i te miihini a-rohe.  │ │ Ko te tikanga, ko te kingitanga taunoa te ingoa nui o te rohe DNS │ │ rohe.  │ │ │ │ Kerberos putanga 5 rohe taunoa: │ │ │ │ SWL.FAN ________________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌───────────────┤ Whirihora i nga Kererero motuhēhēnga ├───────────────┐ │ Whakauruhia nga ingoa o nga kaituku Kerberos ki te ao SWL.FAN o │ │ Kerberos, wehea e nga waahi.  │ │ │ │ Kerberos server mo to rohe: │ │ │ │ rangatira.swl.fan ___________________________________________________________ ________ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌───────────────┤ Whirihora i nga Kererero motuhēhēnga ├───────────────┐ │ Whakauruhia te ingoa kaitoha whakahaere (huri i te kupuhipa) │ │ mo te ao Kerberos SWL.FAN.   

He iti nei te wa o te mahinga i runga ake nei no te mea kaore ano a maatau ratonga DNS kia whakauruhia. Heoi, i kowhiria e koe te rohe ma nga tautuhinga konae / Etc / mano. Kia mahara kei roto i te konae /etc/resolv.conf kua kii taatau hei kaiwhakarato ingoa rohe ki te IP 127.0.0.1.

I tenei wa ka whirihora e matou te konae / etc / ldap / ldap / conf

pakiaka @ rangatira: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = fan URI ldap: //master.swl.fan

Mo nga paatai ​​e whakamahi ana i te whakahau Tuhinga o mua hanga mai i te kaiwhakamahi pakiaka o te momo ldapsearch -x -W cn = xxxx, me hanga e tatou te konae / pakiaka / .ldarc me nga korero e whai ake nei:

pakiaka @ rangatira: ~ # nano .ldaprc
BINDDN CN = Kaiwhakahaere, CN = Kaiwhakamahi, DC = swl, DC = powhiriwhiri

Me tautoko te punaha o te konae i te ACL - Raarangi Mana Whakauru

pakiaka @ rangatira: ~ # nano / etc / fstab
# / etc / fstab: korero korero mo te punaha konae. # # Whakamahia te 'blkid' ki te taarua i te tautuhi ahurei o te ao mo te # taputapu; ka whakamahia pea ma UUID = hei huarahi pakari ki te whakaingoa i nga taputapu # e mahi ana ahakoa ka taapirihia nga disk me te tango. Tirohia te fstab (5). # # # / i runga / dev / sda1 i te wa e whakauru ana UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 user_xattr, acl, arai = 1, noatime, hapa = remount-ro 0 1
# huri i runga / dev / sda5 i te wa e whakauru ana UUID = cb73228a-615d-4804-9877-3ec225e3ae32 kaore he swap sw 0 0 / dev / sr0 / media / cdrom0 udf, iso9660 kaiwhakamahi, noauto 0 0

pakiaka @ rangatira: ~ # Maunga -a

pakiaka @ rangatira: ~ # pa whakamatautau_acl.txt
pakiaka @ rangatira: ~ # setfattr -n kaiwhakamahi.test -v whakamātautau whakamātautau_acl.txt
pakiaka @ rangatira: ~ # setfattr -n haumaru.test -v whakamātautau2 whakamātautau_acl.txt
pakiaka @ rangatira: ~ # getfattr -d whakamātautau_acl.txt
# file: testing_acl.txt user.test = "whakamātautau"

pakiaka @ rangatira: ~ # getfattr -n haumaru.test -d whakamātautau_acl.txt
# file: testing_acl.txt security.test = "test2"

pakiaka @ rangatira: ~ # setfacl -mg: adm: rwx whakamātautau_acl.txt

pakiaka @ rangatira: ~ # getfacl whakamātautau_acl.txt
# file: testing_acl.txt # rangatira: root # group: root user :: rw- group :: r-- group: adm: rwx mask :: rwx other :: r--

Ka whiwhi maatau i te puna Samba 4, ka whakahiato, ka whakauru

Ka tino taunakihia kia tangohia te konae puna korero Tuhinga mai i te papaanga https://www.samba.org/. I roto i ta maatau tauira ka tangohia e matou te waahanga samba-4.5.1.tar.gz ki te kōpaki / whakaputa.

pakiaka @ rangatira: ~ # cd / whakaputa
pakiaka @ rangatira: / whakaputa # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
pakiaka @ rangatira: / kowhiria # tar xvfz samba-4.5.1.tar.gz
pakiaka @ rangatira: / kowhiria te # cd samba-4.5.1 /

Kōwhiringa whirihoranga

Mena e hiahia ana matou ki te whakarite i nga waahanga whirihora, ka mahia e matou:

pakiaka @ rangatira: /opt/samba-4.5.1# ./configure --help

ka ata kowhiri i nga mea e hiahiatia ana. He mea tika kia tirohia mena ka taea te whakauru i te kohinga kua tangohia i runga i te tohatoha Linux e whakamahia ana e taatau, ana ko Debian 8.6 Jessie ta maatau:

pakiaka @ rangatira: /opt/samba-4.5.1# ./configure takahuri

Ka whirihorahia, ka whakahiatohia ka whakauruhia te samba-4.5.1

  • Mai i nga whakaritenga kua whakauruhia i mua me nga konae 8604 (e hono ana i te samba-4.5.1.tar.gz) te taumaha 101.7 megabytes - tae atu ki nga putake3 me nga kopiona4 e rite ana te 61.1 megabytes- ka whiwhi maatau i tetahi Microsoft-style Active Directory, o te kounga me te pumau kaore e manakohia mo nga waahi hanga. Me matua whakanui e maatau nga mahi a Team Samba ki te kawe i te Raupaparorohiko Koreutu Samba 4.

Ko nga whakahau i raro ake nei ko nga mea tawhito hei kohi me te whakauru i nga kohinga mai i o raatau punawai. Me manawanui tatou i te wa e mau ana te katoa o nga mahi. Koinei noa te huarahi e whai hua ai nga hua tika.

pakiaka @ rangatira: /opt/samba-4.5.1# ./whakarite --ma te-systemd -e whakakore-kapu
pakiaka @ rangatira: /opt/samba-4.5.1# hanga
pakiaka @ rangatira: /opt/samba-4.5.1# me whakarite

I te wa o te whakahau whakahau hanga, ka kite taatau kei te whakahiatohia nga punawai Samba 3 me Samba 4. Koina te take i whakaū ai te Team Samba ko tana putanga 4 ko te whakahou i te waahanga 3, mo nga Kaiwhakahaere Rohe i runga i te Samba 3 + OpenLDAP, me nga kaiwhakarato konae, neke atu ranei putanga o Samba 4.

Tuhinga o mua

Ka whakamahia e matou hei DNS te SAMBA_INSAURI. en https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End ka kitea e matou etahi atu korero. Ka paatai ​​mai ana raatau ki a maatau mo te kupuhipa a te Kaiwhakahaere Kaiwhakamahi, me tuhi e maatau tetahi o te roa iti rawa o te 8 nga kiripuaki me nga reta - runga me te koina iti - me nga nama.

I mua i te anga whakamua me te whakarite kia maama ake te ora, ka taapirihia e maatau nga ara Tuhinga o mua .bashrc, Na ka kati ka whakauru ano.

pakiaka @ rangatira: ~ # nano .bashrc
# ~ / .bashrc: mahia e bash (1) mo nga angauru takiuru-kore. # Panui: Ko te PS1 me te umask kua oti te whakarite i roto i te / etc / tohu. Kaua e # hiahia i tenei mena ka hiahia koe kia rereke nga tikanga mo te putake. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # Ka raru pea koe i nga raina e whai ake nei mena ka hiahia koe kia tae nga "ls": # kaweake LS_OPTIONS = '- tae = auto '# eval "` dircolors` "# alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # He maha atu o nga ingoakore hei karo i nga mahi he: # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
whakapuaki -x PATH = "/ usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / local / samba / ipu para "

pakiaka @ rangatira: ~ # putanga takiuru Hononga ki te rangatira kua katia. xeon @ sysadmin: ~ $ ssh pakiaka @ rangatira

pakiaka @ rangatira: ~ # samba-taputapu rohe whakarato --use-rfc2307 --interactive
Ao [SWL.FAN]: SWL.FAN
 Rohe [SWL]: SWL
 Mahi Tūmau (dc, mema, takitahi) [dc]: dc
 Backend DNS (SAMBA_INTERNAL, BIND9_FLATFIL, BIND9_DLZ, KORE) [SAMBA_INTERNAL]: SAMBA_INSAURI
 DNS wāhitau IP whakamua (tuhia 'kore' ki te mono i te tuku whakamua) [192.168.10.5]: 8.8.8.8
Kupuhipa Kaiwhakahaere: TuKupuhipa2017
Patohia te kupuhipa: TuKupuhipa2017
Te tiro i nga wahitau IPv4 Te tiro i nga wahitau IPv6 Kaore he waahi IPv6 ka tohaina Te whakatu i te share.ldb Te whakatu i nga muna.ldb Te whakatu i te rehita Te whakatuu i te papaanga raraunga honohono Te whakatu i te idmap db Te whakatuu SAM db Te whakatu i nga waahanga sam.ldb me nga tautuhinga Tautuhi ki runga sam.ldb rootDSE I mua i te utaina o te kaupapa Samba 4 me te AD Te Taapiri i te DomainDN: DC = swl, DC = fan Te taapiri i te ipu whirihoranga Te whakatuu i te kaupapa sam.ldb Te whakatuu i nga raraunga whirihora sam.ldb Te whakatu i nga whakaaturanga whakaatu Whakakite tohu whakaatu Ka taapiri i nga ipu kaiwhakamahi Te whakarereke i te ipu kaiwhakamahi Te taapiri i te ipu rorohiko Te whakarereke i te ipu rorohiko Te whakarite i nga raraunga sam.ldb Te whakatu i nga tumuaki haumarutanga e mohiotia ana Te whakatuu i nga kaiwhakamahi sam.ldb me nga roopu Te whakatuu i a raatau ki te whakauru i nga Kaute DNS Hangaia CN = MicrosoftDNS, CN = Pūnaha, DC = swl, DC = fan Te hanga i nga waahanga DomainDnsZones me nga ForestDnsZones Kei te wehe i nga waahanga DomainDnsZones me nga ForestDnsZones Te whakatu i te sam.ldb rootDSE tohu hei Tukutahi Whakatika Whakatakotoranga kaiarahiKo te whirihoranga Kerberos e tika ana mo Samba 4 kua hangaia i /usr/local/samba/private/krb5.conf Te whakatu i nga tautuhinga kaiwhakahau yp raupapaku Ka whakauruhia nga konae o runga ake nei, ka rite to kaitoha Samba4 ki te whakamahi i te Tūmau Tūmau: rohe whaiaronga hohe kaiwhakahaere Ingoa Kaihautū: rangatira NetBIOS Domain: SWL DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556

Kaua e wareware ki te kape i te konae whirihora Kerberos kua tohua na te putanga o te Te whakarato:

pakiaka @ rangatira: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

Hei kore e patohia te whakahau samba-taputapu me to ingoa katoa, ka hangaia e maatau he hononga hono me te ingoa poto taputapu:

pakiaka @ rangatira: ~ # ln -s / usr / local / samba / bin / samba-taputapu / usr / local / samba / bin / taputapu

Ka whakauruhia e matou te NTP

Ko tetahi waahanga nui kei roto i te Whaiaronga Hohe ko te Ratonga Wha Whatunga. Ka rite ki te whakatuturutanga i a Kerberos me ona Tiikiti, ko te taatai ​​wa me te Samba 4 AD-DC te mea nui.

pakiaka @ rangatira: ~ # aptitude tāuta ntp
pakiaka @ rangatira: ~ # mv /etc/ntp.conf /etc/ntp.conf.original

pakiaka @ rangatira: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd tatauranga loopstats peertats clockstats filegen loopstats file loopstats type day whakahohea filegen peertats file peertats momo day whakahohea filegenstats file karaka karaka momo momo day whakahohea te kaituku 192.168.10.1 aukatinga -4 taunoa kod notrap whakaingoa nopeer noquery rāhui -6 taunoa kod notrap nomodify nopeer noquery rāhui taunoa mssntp rāhui 127.0.0.1 rāhui :: 1 paho 192.168.10.255

pakiaka @ rangatira: ~ # ratonga ntp whakaoho ano
pakiaka @ rangatira: ~ # ratonga ntp mana

pakiaka @ rangatira: ~ # hiku -f / var / log / syslog

Mena ka tirotirohia te syslog te whakamahi i te whakahau o runga ake ra, te whakamahi ranei hautakaata -f ka whiwhi maatau i te korero:

Jun 19 12:13:21 rangatira ntpd_intres [1498]: i mate te matua i mua o ta maatau whakaoti, te whakaputa

me timata ano te ratonga ka ngana ano. Na ka hangaia e maatau te kōpaki ntp_signd:

pakiaka @ rangatira: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
ls: Kaore e taea te uru / usr / takiwa / samba / var / lib / ntp_signd: Kaore he konae, he raarangi ranei

pakiaka @ rangatira: ~ # mkdir / usr / local / samba / var / lib / ntp_signd
pakiaka @ rangatira: ~ # pakiaka chown: ntp / usr / local / samba / var / lib / ntp_signd /
pakiaka @ rangatira: ~ # chmod 750 / usr / local / samba / var / lib / ntp_signd / root @ rangatira: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /

# Ka rite ki te tono i runga i te samba.wiki.org
pakiaka @ rangatira: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
drwxr-x --- 2 pakiaka ntp 4096 Jun 19 12:21 / usr / local / samba / var / lib / ntp_signd

Ka whakatauhia e maatau te Samba ka tiimata ki te whakamahi i te systemd

pakiaka @ rangatira: ~ # nano /lib/systemd/system/samba-ad-dc.service
[Ratonga] Momo = marau PIDFile = / usr / local / samba / var / run / samba.pid LimitNOemium = 16384 # Taaputanga Taiao = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / whakamate -HUP $ MAINPID [Whakauru] WantedBy = maha-user.target

pakiaka @ rangatira: ~ # systemctl whakahohea samba-ad-dc
pakiaka @ rangatira: ~ # whakaara ano

pakiaka @ rangatira: ~ # systemctl mana samba-ad-dc
pakiaka @ rangatira: ~ # systemctl status ntp

Samba 4 AD-DC tauwāhi o te konae

KATOA -tangohia te samba-ad-dc. ratonga hou i hangaia- kei roto nga konae:

pakiaka @ rangatira: ~ # ls -l / usr / local / samba /
katoa 32 drwxr-sr-x 2 pakiaka kaimahi 4096 Jun 19 11:55 ahau
drwxr-sr-x 2 kaimahi pakiaka 4096 Jun 19 11:50 etc
drwxr-sr-x 7 kaimahi pakiaka 4096 Jun 19 11:30 ngā
drwxr-sr-x 15 kaimahi pakiaka 4096 Jun 19 11:33 lib
drwxr-sr-x 7 kaimahi pakiaka 4096 Jun 19 12:40 tūmataiti
drwxr-sr-x 2 kaimahi pakiaka 4096 Jun 19 11:33 sbin
drwxr-sr-x 5 kaimahi pakiaka 4096 Jun 19 11:33 wahi
drwxr-sr-x 8 kaimahi pakiaka 4096 Jun 19 12:28 var

i roto i te kāhua UNIX pai rawa atu. He mea tika tonu kia tirotiro i nga waahanga rereke me te tirotiro i nga korero o roto.

/Usr/local/samba/etc/smb.conf konae

pakiaka @ rangatira: ~ # nano /usr/local/samba/etc/smb.conf 
# Parenga ao [ao] ingoa netbios = MASTER rohe = SWL.FAN roopu mahi = SWL dns whakamua = 8.8.8.8 ratonga kaiwhakarato = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns server role = active domain domain control allow dns updates = secure only idmap_ldb: use rfc2307 = yes idmap config *: backend = tdb idmap config *: awhe = 1000000-1999999 ldap server me kaha te auth = kaore he ingoa waituhi = / dev / null [netlogon] ara = /usr/local/samba/var/locks/sysvol/swl.fan/scripts panuihia noa = No [sysvol] ara = / usr / local / samba / var / raka / sysvol panui noa iho = Kao

pakiaka @ rangatira: ~ # whakamatautau
Utaina smb config konae mai i /usr/local/samba/etc/smb.conf Wahanga tukatuka "[netlogon]" Wahanga tukatuka "[sysvol]" He konae ratonga utaina OK. Te mahi a te kaituku: ROLE_ACTIVE_DIRECTORY_DC Paatohia te tomokanga kia kite i te waahanga o to tautuhi ratonga # Nga taapiri o te ao [ao] rohe = SWL.FAN awheawhe mahi = SWL dns whakamua = 192.168.10.1 ldap server server kaha kaha auth = No passdb backend = samba_dsdb server role = active Directory kaiwhakahaere rohe rpc_server: tcpip = kaore rpc_daemon: spoolssd = whakauru rpc_server: spoolss = whakauru rpc_server: winreg = whakauru rpc_server: ntsvcs = whakauru rpc_server: eventlog = whakauru rpc_server: srvsvcverboxer externaler : nga paipa o waho = config idmap pono *: awhe = 1000000-1999999 idmap_ldb: whakamahi rfc2307 = ae idmap config *: backend = tdb mapi puranga = Kaore he mapi e panuitia ana = kaore he taonga taonga toa = Ae nga taonga vfs = dfs_samba4 acl_xattr [netlogon] ara = / usr / local / samba / var / locks / sysvol / swl.fan / scripts read only = No [sysvol] ara = / usr / local / samba / var / raka / sysvol panui noa iho = Kao

Arowhai Iti

pakiaka @ rangatira: ~ # taputapu rohe whakaatu taumata
Te taumata mahi rohe me te ngahere mo te rohe 'DC = swl, DC = fan' Taumata mahi ngahere: (Matapihi) 2008 R2 Taumata mahi Domain: (Matapihi) 2008 R2 Taumata mahi iti rawa o te DC: (Matapihi) 2008 R2

pakiaka @ rangatira: ~ # ldapsearch -x -W

pakiaka @ rangatira: ~ # taputapu dbcheck
Te tirotiro i nga taonga 262 Kua tirohia nga taonga 262 (0 hapa)

pakiaka @ rangatira: ~ # kinit Kaiwhakahaere
Kupuhipa mo Kaiwhakahaere@SWL.FAN: 
pakiaka @ rangatira: ~ # klist -f
Keteroki tiikiti: FILE: / tmp / krb5cc_0
Taunoa tuatahi: Kaiwhakahaere@SWL.FAN

Ka tiimata te tiimata o te Ratonga matua 19/06/17 12:53:24 19/06/17 22:53:24  krbtgt/SWL.FAN@SWL.FAN
    whakahoutia kia 20/06/17 12:53:18 PM, Haki: RIA

pakiaka @ rangatira: ~ # kdestroy
pakiaka @ rangatira: ~ # klist -f
klist: Taipitopito Kapu Ketekete '/ tmp / krb5cc_0' kaore i kitea

pakiaka @ rangatira: ~ # smbclient -L localhost -U%
Rohe = [SWL] OS = [Matapihi 6.1] Tūmau = [Samba 4.5.1] Ingoa Ingoa Ingoa Ingoa ----- ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Ratonga (Samba 4.5.1) Rohe = [SWL] OS = [Matapihi 6.1] Tūmau = [Samba 4.5.1] Kaiwhakahaere Tuhi ----- ------- Kaiwhakaako Roopu ---- ----- -------

pakiaka @ rangatira: ~ # smbclient // localhost / netlogon -UAd Administrator -c 'ls'
Whakauruhia te kupuhipa a te Kaiwhakahaere: Domain = [SWL] OS = [Matapihi 6.1] Tūmau = [Samba 4.5.1]. D 0 Mane Jun 19 11:50:52 2017 .. D 0 Mane Jun 19 11:51:07 2017 19091584 poraka te rahi 1024. 16198044 poraka e waatea ana

pakiaka @ rangatira: ~ # taputapu dns serverinfo rangatira -U kaiwhakahaere

pakiaka @ rangatira: ~ # manaaki -t SRV _ldap._tcp.swl.fan
_ldap._tcp.swl.fan he rekoata SRV 0 100 389 ariki.swl.fan.

pakiaka @ rangatira: ~ # ope -t SRV _kerberos._udp.swl.fan
_kerberos._udp.swl.fan he rekoata SRV 0 100 88 rangatira.swl.fan.

pakiaka @ rangatira: ~ # manaaki -t He rangatira.swl.fan
master.swl.fan he wahitau 192.168.10.5

pakiaka @ rangatira: ~ # manaaki -t SOA swl.fan
swl.fan he SOA rekoata ariki.swl.fan. hostmaster.swl.fan. 1 900 600 86400 3600

pakiaka @ rangatira: ~ # ope -t NS swl.fan
swl.fan ingoa rangatira rangatira.swl.fan.

pakiaka @ rangatira: ~ # ope - MX swl.fan
swl.fan kaore he rekoata MX

pakiaka @ rangatira: ~ # samba_dnsupdate --verbose

pakiaka @ rangatira: ~ # raarangi kaiwhakamahi taputapu
Kaiwhakahaere krbtgt Manuhiri

pakiaka @ rangatira: ~ # raarangi roopu taputapu
# Ko te whakaputanga he roopu roopu. ;-)

Ka whakahaerehia e maatau te Samba 4 AD-DC hou kua whakauruhia

Mena ka hiahia maatau ki te whakarereke i te paunga o nga ra o te kupuhipa Kaiwhakahaere; te uaua o nga kupuhipa; te roa iti o te kupuhipa; te iti me te roa o te waa - i nga ra o te kupuhipa; ka huri i te kupuhipa Kaiwhakahaere i panuitia i te wa o te Te whakarato, me mahi e maatau nga whakahau e whai ake nei me nga nga uara kua whakaritea ki o hiahia:

pakiaka @ rangatira: ~ # taputapu
Whakamahinga: samba-taputapu Taputapu samba Main whakahaere. Kōwhiringa: -h, --help whakaatu i tenei awhina awhina me te putanga putanga Putanga: -V, --Huringa Whakaaturanga tau putanga Whiwhiwhiwhiwhinga: dbcheck - Tirohia te papa raraunga AD rohe mo nga he. delegation - Whakahaeretanga whakahaere. dns - Whakahaere Ratonga Ingoa Rohe (DNS) whakahaere. rohe - Whakahaeretanga rohe. drs - Whakahaere Ratonga Whakakapi Directory (DRS). dsacl - DS ACLs whawhe. fsmo - Nga Mahi Whakahaeretanga Takitahi Tere (FSMO) hei whakahaere i nga mahi. gpo - Whakahaere Kaupapa Kaupapa Awhina (GPO) whakahaere. roopu - Whakahaeretanga roopu. ldapcmp - Whakataurite kia rua nga paataka papaarangi. ntacl - NT ACLs whawhe. ngā tukanga - Whakarārangihia ngā hātepe (hei āwhina i te whakakore i ngā punaha kaore he hātepe) rodc - Whakahaerehia te Rohe Whakahaere Rohe (RODC) anake. pae - Whakahaerenga pae. spn - Te Ingoa Tumuaki Ratonga (SPN) whakahaere. testparm - Takawaenga tirohia te konae whirihoranga. wā - Tangohia te wa i runga i te kaituku. kaiwhakamahi - Whakahaere Kaiwhakamahi. Mo etahi atu awhina mo tetahi waahanga iti, tirohia te: samba-taputapu (-h | --whiwhi)

pakiaka @ rangatira: ~ # Kaiwhakamahi taputapu Kaiwhakahaere Hokomaha --noexpiry
pakiaka @ rangatira: ~ # taputapu tautuhi kupuhipa rohe --min-pwd-roa = 7
pakiaka @ rangatira: ~ # taputapu me te tautuhi i nga kupuhipa rohe --min-pwd-age = 0
pakiaka @ rangatira: ~ # taputapu tautuhi kupuhipa rohe --max-pwd-age = 60
pakiaka @ rangatira: ~ # taputapu kaiwhakamahi setpassword --filter = samaccountname = Kaiwhakahaere --newpassword = Passw0rD

Ka taapirihia e matou etahi rekoata DNS

pakiaka @ rangatira: ~ # taputapu dns
Whakamahinga: samba-taputapu dns Ratonga Ingoa Rohe (DNS) whakahaere. Kōwhiringa: -h, --help whakaatu i tenei awhina awhina me te puta i nga Waehere iti: taapiri - Taapirihia te rekoata DNS muku - Mukua he uiui rekoata DNS - Uiui he ingoa. roothints - He tohu tohu pakiaka. serverinfo - Uiui mo nga korero a te Tūmau. whakahou - Whakahoutia he rekoata rekoata DNS - Hangaia he rohe. zonedelete - Mukua te rohe. zoneinfo - Uiui mo nga korero rohe. zonelist - Uiui mo nga rohe. Mo etahi atu awhina mo tetahi waahanga iti, tirohia te: samba-tool dns (-h | --whiwhi)

Tūmau Mēra

pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira swl.fan mēra He 192.168.10.9 -U kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira swl.fan swl.fan MX "mail.swl.fan 10" -U kaiwhakahaere

IP Tuturu o etahi atu kaituku

pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira swl.fan sysadmin He 192.168.10.1 -U kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira swl.fan fileserver He 192.168.10.10 -U kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira swl.fan takawaenga He 192.168.10.11 -U kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira swl.fan korerorero He 192.168.10.12 -U kaiwhakahaere

Rohe Whakamuri

pakiaka @ rangatira: ~ # taputapu dns zonecreate rangatira 10.168.192.in-addr.arpa -U kaiwhakahaere
Kupuhipa mo [SWL \ kaiwhakahaere]: Rohe 10.168.192.in-addr.arpa i pai te hanga

pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira 10.168.192.in-addr.arpa 5 PTR rangatira.swl.fan. -Kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira 10.168.192.in-addr.arpa 9 PTR mēra.swl.fan. -Kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. -Kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. -Kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira 10.168.192.in-addr.arpa 11 PTR takawaenga.swl.fan. -Kaiwhakahaere
pakiaka @ rangatira: ~ # taputapu dns taapiri rangatira 10.168.192.in-addr.arpa 12 PTR korerorero.swl.fan. -Kaiwhakahaere

Arowhai

pakiaka @ rangatira: ~ # taputapu dns patai ariki swl.fan mēra KATOA -U kaiwhakahaere
Kupuhipa mo [SWL \ kaiwhakahaere]: Ingoa =, Pukaata = 1, Tamariki = 0 A: 192.168.10.9 (haki = f0, rangatū = 2, ttl = 900)

pakiaka @ rangatira: ~ # rangatira rangatira
master.swl.fan he wahitau 192.168.10.5
pakiaka @ rangatira: ~ # manaaki sysadmin
sysadmin.swl.fan he wahitau 192.168.10.1
pakiaka @ rangatira: ~ # mēra manaaki
mail.swl.fan he wahitau 192.168.10.9
pakiaka @ rangatira: ~ # korerorero manaaki
chat.swl.fan he wahitau 192.168.10.12
pakiaka @ rangatira: ~ # manaaki takawaenga
proxy.swl.fan he wahitau 192.168.10.11
pakiaka @ rangatira: ~ # manaaki i te kaiwhakamahara
fileserver.swl.fan he wahitau 192.168.10.10
pakiaka @ rangatira: ~ # manaaki 192.168.10.1
1.10.168.192.in-addr.arpa ingoa ingoa tohu atsadmin.swl.fan.
pakiaka @ rangatira: ~ # manaaki 192.168.10.5
5.10.168.192.in-addr.arpa ingoa ingoa pointer rangatira.swl.fan.
pakiaka @ rangatira: ~ # manaaki 192.168.10.9
9.10.168.192.in-addr.arpa ingoa ingoa tohu tohu tohu.swl.fan.
pakiaka @ rangatira: ~ # manaaki 192.168.10.10
10.10.168.192.in-addr.arpa ingoa ingoa tohu ahokore fileserver.swl.fan.
pakiaka @ rangatira: ~ # manaaki 192.168.10.11
11.10.168.192.in-addr.arpa ingoa ingoa tohu tohu.swl.fan.
pakiaka @ rangatira: ~ # manaaki 192.168.10.12
12.10.168.192.in-addr.arpa ingoa rohe tohu atanga.swl.fan.

Mo te pākiki

pakiaka @ rangatira: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/ \
DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | grep dn:

Ka taapirihia e maatau nga kaiwhakamahi

pakiaka @ rangatira: ~ # taputapu kaiwhakamahi
Whakamahinga: samba-taputapu kaiwhakamahi Whakahaeretanga Kaiwhakamahi. Kōwhiringa: -h, --help whakaatu i tenei awhina awhina ka puta i nga Whaahanga iti: taapiri - Waihangahia he kaiwhakamahi hou. hanga - Hangaia he kaiwhakamahi hou. muku - Mukua tetahi kaiwhakamahi. monokia - Monokia tetahi kaiwhakamahi. whakahohea - Whakahohea he kaiwhakamahi. getpassword - Tikina nga mara kupuhipa o te kaute kaiwhakamahi / rorohiko. rārangi - Whakararangihia nga kaiwhakamahi katoa. kupuhipa - Hurihia te kupuhipa mo te kaute kaiwhakamahi (ko te mea i tohua hei whakatuturutanga) setexpiry - Whakatakotoria te paunga o te kaute kaiwhakamahi. setpassword - Tautuhia te tautuhi ranei i te kupuhipa o te kaute kaiwhakamahi. syncpasswords - Tukutahia te kupuhipa o nga kaute kaiwhakamahi. Mo etahi atu awhina mo tetahi waahanga iti, tirohia te: kaiwhakamahi taputapu-samba (-h | --whiwhi)

pakiaka @ rangatira: ~ # taputapu kaiwhakamahi hanga hikoi Trancos01
I angitu te mahinga 'trancos' a te Kaiwhakamahi
pakiaka @ rangatira: ~ # taputapu kaiwhakamahi hanga gandalf Gandalf01
He pai te hanga a te Kaiwhakamahi 'gandalf'
pakiaka @ rangatira: ~ # taputapu kaiwhakamahi hanga legolas Legolas01
I angitu te mahinga a te 'legolas' kaiwhakamahi
pakiaka @ rangatira: ~ # raarangi kaiwhakamahi taputapu
Kaiwhakahaere gandalf legolas strides krbtgt Manuhiri

Te whakahaere ma te whakairoiro whakairoiro ma te kaihoko paetukutuku ranei

Tirohia wiki.samba.org mo nga korero taipitopito me pehea te whakauru i te Microsoft RSAT o Utauta Whakahaere Tūmau Mamao. Mena kaore koe e hiahia ki nga kaupapa here tawhito e hoatuhia ana e Microsoft Directory Directory, ka taea e koe te whakauru i te kohinga ldap-pūkete-kaiwhakahaere e tuku ana i tetahi atanga maamaa mo te whakahaere ma te tirotiro paetukutuku.

Ko te mahinga Utauta Whakahaerehia a Te Kaiwhakahaere Mamao a Microsoft (RSAT) kei roto i nga punaha whakahaere a te Kaiwhakahaere Matapihi.

Ka uru atu matou ki te rohe ki te kaitono o Windows 7 ko "whitu"

I te mea kaore o taatau DHCP kaiwhakarato i te whatunga, ko te mea tuatahi me whirihora i te kaari whatunga a te kaihoko me te IP kua whakaritea, me kii ko te DNS tuatahi ko te IP o te samba-ad-dc, ka tirohia kei te whakahohehia te whiringa "Rēhita i te wahitau o tenei hononga ki DNS". Ehara i te mea mangere ki te tirotiro ko te ingoa «e whitu»Kaore ano kia rehitatia ki te Samba DNS DNS.

I muri ka uru atu tatou ki te rorohiko ki te rohe ka timata ano, kia ngana ki te takiuru me te kaiwhakamahi «hikoi«. Ka tirohia ka pai nga mea katoa. E taunaki ana hoki kia tirohia nga rakau a nga Kaihoko Matapihi me te tirotiro me pehea te hangai tika o te waa.

Ka kitea e nga kaiwhakahaere me etahi wheako Matapihi, ko nga arowhai e mahia ana e raatau ki te kaihoko ka whai hua pai.

Whakarāpopoto

Ko te tumanako he pai te tuhinga nei ki nga kaipānui o te Hapori MaiLinux.

Kia ora!


Ko nga korero o te tuhinga e piri ana ki o maatau kaupapa o matatika whakatika. Ki te ripoata i tetahi paatene paato Here.

8 korero, waiho maau

Waiho to korero

Ka kore e whakaputaina tō wāhitau īmēra.

*

*

  1. He kawenga mo nga raraunga: Miguel Ángel Gatón
  2. Te kaupapa o te raraunga: Whakahaerehia te SPAM, te whakahaere korero.
  3. Ture: To whakaae
  4. Whakawhitinga korero: Kaore nga korero e tukuna ki nga taha tuatoru engari ma te ture herenga.
  5. Rokiroki raraunga: Paetukutuku e whakahaerehia ana e Occentus Networks (EU)
  6. Tika: I nga wa katoa ka taea e koe te whakaiti, te whakaora me te muku i o korero.

  1.   Gonzalo Martinez ka mea

    He roa te tuhinga roa engari he taipitopito, he tino taahiraa pai mo te mahi i nga mea katoa.

    Ka whakamarama ahau ki a NIS, ko te mea pono ahakoa e mohio ana ahau mo tana ahuatanga, kaore au i tino mohio he pehea te mahi, na te mea pono he whakaaro tonu ahau kua mate i te taha o te LDAP me te Samba 4.

    PS: Kia ora mo to kaupapa hou! He aroha kei te haere tonu koe ki te tuhi tuhinga ki konei, engari ko te mea ke he waahi hei whai i a koe.

  2.   HO2Gi ka mea

    He akoranga nui tonu mo aku mea pai, Tena koe Fico.
    Kia ora mo te kaupapa.

  3.   IWO ka mea

    He rawe te waahanga NIS, ka aroha ahau ki a Gonzalo Martinez, i mohio poto au engari kaore au i te mohio ki te whakamahi me nga ahuatanga e whakamahia ana.
    Ka mihi ano ki a koe mo tetahi "pou" nui o te tuhinga ariā me te tuhinga whaihua.
    Hei whakamutunga ka angitu hou i roto i to kaupapa hou «gigainside».

  4.   kaikaiwhenua ka mea

    Nga mihi nui ki a koutou katoa mo nga korero !!!.
    Mauruuru!

  5.   mussol ka mea

    ko te smb.conf e whakaatuhia ana e koe kaore he hononga ki a LDAP, he penei ke i runga i te kaupapa i waiho ranei e ahau tetahi mea?

  6.   piki ka mea

    mussol: Koinei te Samba 4 Kaiwhakahaere Rohe Whaiaronga Tiwhikete kei i a ia tana kaiwhakarato LDAP kua oti te hanga.

  7.   Vincent ka mea

    Ka taea e koe te korero me pehea te whakakotahi i te mac (aporo) ki te samba 4 AD-DC?
    Mauruuru.

  8.   jramirez ka mea

    Kei te pēhea koe;

    Mauruuru mo te pukapuka, he pai. He patai taku mo tetahi korero e puta mai ana ki ahau.

    pakiaka @ AD: ~ # nping –tcp -p 53 -c 3 ad.rjsolucionessac.com
    I rahua te whakatau i te ingoa ingoa rangatira / IP: ad.rjsolucionessac.com. Kia mahara kaore e taea e koe te whakamahi i te '/ kopare' ME '1-4,7,100-' momo IP awhe
    Kaore e kitea he whaainga whaihua. Me maarama ko nga kaitautoko kua tohua ko nga wahitau IP kei te tohu paerewa ingoa rangatira ranei ka taea te whakatau me te DNS
    pakiaka @ AD: ~ #

bool(pono)