Chizindikiro chonse cha mndandanda: Ma Network Networks a ma SME: Mau Oyamba
Author: Federico Antonio Valdes Toujague
Moni abwenzi ndi abwenzi!
Ndi nkhaniyi ndikunenani za Gulu la FromLinux. Kutsanzikana kwapadera ndi Gulu Lapadera. Kuyambira tsopano ndidzakhala mu ntchito yanga yomwe mungadziwe http://www.gigainside.com.
Cholinga chachikulu cha positi ndikupereka «Chithunzi chachikulu»Zokhudza Ntchito Zotsimikizika ndi Mapulogalamu Aulere omwe tili nawo. Izi ndiye cholinga chathu. Chifukwa chake padzakhala nthawi yayitali, ngakhale tikudziwa kuti ndizotsutsana ndi malamulo wamba olemba nkhani. Tikukhulupirira Oyang'anira Dongosolo amayamikira.
Tikufuna kunena kuti njira yodziwikiratu yamachitidwe amakono ambiri ndi LDAP, ndikuti sikuchedwa kuphunzira bwino, kutengera zomwe taphunzira patsamba lino http://www.openldap.org/.
Sitingapereke matanthauzidwe mwatsatanetsatane - kapena maulalo- pazinthu zomwe zatchulidwa m'nkhani zam'mbuyomu, kapena kwa iwo omwe mafotokozedwe awo akhoza kupezeka mosavuta pa Wikipedia kapena masamba ena kapena zolemba pa intaneti, kuti tisataye cholinga cha uthenga womwe tikufuna kupereka. Tigwiritsanso ntchito mayina osakanikirana mu Chingerezi ndi Chisipanishi, popeza timawona kuti machitidwe ambiri adabadwa ndi mayina mchingerezi ndipo ndizothandiza kwambiri kuti a Sysadmin awatenge nawo mchilankhulo chawo choyambirira.
- PAM: Module Yotsimikizika Yosungika.
- NIS: Network_Information_Service.
- LDAP: Pulogalamu Yowonjezera Yowonjezera Yowonjezera.
- Kerberos: Protocol yachitetezo yotsimikizira ogwiritsa ntchito, makompyuta ndi ntchito zapakati pa netiweki, kutsimikizira zikalata zawo motsutsana ndi zomwe zidalembedwa kale ku database ya Kerberos.
- DS: Directory Server kapena Directory Service
- AD-DC: Directory Yogwira Ntchito - Domain Controler
Zotsatira
- 1 PAM
- 2 NIS
- 3 Dzina la makompyuta ndi mayina, mawonekedwe amtaneti ndi othetsa
- 4 Kuyika kwa bind9, isc-dhcp-server ndi ntp
- 5 Kukhazikitsa kwa NIS Server
- 6 Kukhazikitsa Kwa NIS
- 7 LDAP
- 8 Ntchito Yoyang'anira ndi OpenLDAP
- 9 Makasitomala a LDAP
- 10 Kerberos
- 11 Zoyipa za Kerberos
- 12 Samba 4 Active Directory - Domain Controller
- 13 Zofunika:
- 14 Samba 4 AD-DC ndi DNS Yake Yamkati
- 14.1 Macheke koyamba
- 14.2 Postfix ndi Exim ndi zofunikira
- 14.3 Timatsuka
- 14.4 Timayika zofunikira kuti tipeze Samba 4 ndi ma phukusi ena ofunikira
- 14.5 Tsopano tikusintha fayilo ya / etc / ldap / ldap / conf
- 14.6 Fayiloyi iyenera kuthandizira ACL - Access Control List
- 14.7 Timapeza gwero la Samba 4, timalilemba, ndikuliyika
- 14.8 Zosintha
- 14.9 Timasintha, Kuphatikiza ndikuyika samba-4.5.1
- 14.10 Kupereka Samba
- 14.11 Timakhazikitsa NTP
- 14.12 Timakonza Samba kuyamba kugwiritsa ntchito systemd
- 14.13 Samba 4 AD-DC malo amalo
- 14.14 /Usr/local/samba/etc/smb.conf fayilo
- 14.15 Macheke ochepa
- 14.16 Timayang'anira Samba 4 AD-DC yatsopano
- 14.17 Timalowa nawo mayina a kasitomala wa Windows 7 wotchedwa "seveni"
- 15 Chidule
PAM
Timapereka zochepa pamitundu yotsimikizika yakomweko, yomwe mudzawona tsiku lililonse kuti imagwiritsidwa ntchito kwambiri, mwachitsanzo, tikalumikizana ndi malo ogwira ntchito ku Domain Controller kapena Active Directory; kuyika mapu ogwiritsa ntchito osungidwa mumakalata akunja a LDAP ngati kuti ndi ogwiritsa ntchito akumaloko; kuyika mapu ogwiritsa omwe asungidwa mu Domain Controller ya Active Directory ngati kuti ndiomwe akugwiritsa ntchito kwanuko, ndi zina zotero.
- Kutsimikizika kwa squid + PAM pa CentOS 7.
- Wogwiritsa ntchito kwanuko ndi kasamalidwe ka gulu
- Wovomerezeka DNS Server NSD + Shorewall
- Prosody IM ndi ogwiritsa ntchito akumaloko
- Postfix + Dovecot + Squirrelmail ndi ogwiritsa ntchito akumaloko
NIS
De Wikipedia:
- Network Information System (yodziwika ndi dzina lake lachidule la NIS, lomwe m'Chisipanishi limatanthauza Network Information System), ndi dzina la kasitomala-server directory services protocol yopangidwa ndi Sun Microsystems potumiza kasinthidwe kachitidwe kogawidwa monga mayina a ogwiritsa ntchito ndi omwe amakhala nawo pakati pamakompyuta pa netiweki.NIS idakhazikitsidwa ndi ONC RPC, ndipo imakhala ndi seva, laibulale yamakasitomala, ndi zida zingapo zoyang'anira.
Poyambirira NIS inali kutchedwa Yellow Pages, kapena YP, yomwe imagwiritsidwabe ntchito kutchulira. Tsoka ilo, dzinali ndi chizindikiritso cha Briteni Telecom, chomwe chimafuna kuti Sun ataye dzinalo. Komabe, YP imakhalabe choyambirira m'mazina amalamulo ambiri okhudzana ndi NIS, monga ypserv ndi ypbind.
DNS imapereka chidziwitso chochepa, chofunikira kwambiri ndikulumikizana pakati pa dzina la node ndi adilesi ya IP. Kwa mitundu ina yazidziwitso, palibe ntchito yapadera yotereyi. Kumbali inayi, ngati mukungoyang'anira LAN yaying'ono yopanda kulumikizana ndi intaneti, sikuwoneka ngati koyenera kukhazikitsa DNS. Ichi ndichifukwa chake Sun adapanga Network Information System (NIS). NIS imapereka mwayi wopezeka pamtundu wa database womwe ungagwiritsidwe ntchito kugawira, mwachitsanzo, zambiri zomwe zili mu passwd ndikugawa mafayilo kuma node onse pa netiweki yanu. Izi zimapangitsa kuti netiweki iwoneke ngati kachitidwe kamodzi, kokhala ndi maakaunti omwewo pama mfundo onse. Mofananamo, NIS itha kugwiritsidwa ntchito kugawa zidziwitso zamtundu wa node zomwe zili mu / etc / makamu pamakina onse pa netiweki.
Lero NIS ikupezeka pafupifupi mgawidwe wonse wa Unix, ndipo pali magwiridwe antchito aulere. BSD Net-2 idasindikiza imodzi yomwe yachokera pakukhazikitsa komwe anthu amapereka ndi Sun. Nambala yapa library ya kasitomala yamtunduwu yakhala ikupezeka mu GNU / Linux libc kwanthawi yayitali, ndipo mapulogalamu oyang'anira adatumizidwa ku GNU / Linux ndi Swen Thümmler. Komabe, seva ya NIS ikusowa pakuyambitsa kwake.
A Peter Eriksson akhazikitsa njira yatsopano yotchedwa NYS. Imathandizira NIS yoyambira komanso mtundu wa Sun NIS +. [1] NYS sikuti imangopereka zida zingapo za NIS ndi seva, komanso imawonjezeranso magawo atsopano azantchito zomwe muyenera kuphatikiza mu libc yanu ngati mukufuna kuzigwiritsa ntchito. Izi zikuphatikiza njira yatsopano yosinthira mayina amawu omwe amalowa m'malo mwa chiwembu cha "host.conf".
GNU libc, yotchedwa libc6 mdera la GNU / Linux, imaphatikizanso mtundu wosinthidwa wothandizidwa ndi NIS wachikhalidwe wopangidwa ndi Thorsten Kukuk. Imathandizira ntchito zonse zamalaibulale zoperekedwa ndi NYS, komanso imagwiritsa ntchito njira yoyeserera ya NYS. Zida ndi seva zikufunikirabe, koma kugwiritsa ntchito GNU libc kumateteza ntchito yolumikizana ndikukonzanso laibulale
.
Dzina la makompyuta ndi mayina, mawonekedwe amtaneti ndi othetsa
- Timayambira pakukhazikitsa koyera - popanda mawonekedwe owonekera- a Debian 8 "Jessie". Domain swl.fan amatanthauza "Fans of Free Software." Ndi dzina labwinopo kuposa ili?.
root @ master: ~ # dzina la alendo
mbuye
root @ master: ~ # dzina la alendo -f
alireza
root @ master: ~ # ip addr 1: taonani: munthu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1 inet 8/6 scope host lo valid_lft forever preferred_lft forever inet1 :: 128/2 kuchuluka kovomerezeka valid_lft kwamuyaya amakonda_lft kwamuyaya 0: eth1500: munthu 1000 qdisc pfifo_fast state UP group default qlen 00 link / ether 0: 29c: 4: 76c: 9: d192.168.10.5 brd ff: ff: ff: ff: ff: ff inet 24/192.168.10.255 brd 0 scope global eth6 valid_lft osakondedwa kwamuyaya_lft kwamuyaya inet80 fe20 :: 29c: 4ff: fe76c: 9d64 / XNUMX yolumikizira yolumikizira
muzu @ master: ~ # paka /etc/resolv.conf
fufuzani swl.fan nameserver 127.0.0.1
Kuyika kwa bind9, isc-dhcp-server ndi ntp
bindi9
root @ master: ~ # aptitude kukhazikitsa bind9 bind9-doc nmap
root @ master: ~ # systemctl udindo bind9
mizu @ master: ~ # nano /etc/bind/named.conf
onjezani "/etc/bind/named.conf.options"; onjezani "/etc/bind/named.conf.local"; onjezani "/etc/bind/named.conf.default-zones";
root @ master: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original
root @ master: ~ # nano /etc/bind/named.conf.options
zosankha {directory "/ var / cache / bind"; // Ngati pali chowotcha moto pakati panu ndi ma nameservers omwe mukufuna // kuti mulankhule nawo, mungafunikire kukonza zotchingira moto kuti mulole angapo / madoko kuti ayankhule. Mwawona http://www.kb.cert.org/vuls/id/800113
// Ngati ISP yanu idapereka adilesi imodzi kapena zingapo za IP za // nameservers okhazikika, mwina mukufuna kuwagwiritsa ntchito ngati opititsa patsogolo. // Tulutsani gawo lotsatirali, ndipo ikani ma adilesi omwe alowetsa // cholozera cha onse-0. // otsogola {// 0.0.0.0; //}; // =========================================== ===================== $ // Ngati BIND ikulemba zolakwika zokhudzana ndi muzu kutha, // muyenera kusintha mafungulo anu. Mwawona https://www.isc.org/bind-keys
// =========================================== ====================== $ // Sitikufuna DNSSEC
dnssec-athe ayi;
// dnssec-kutsimikizira auto; auth-nxdomain ayi; # kutsatira RFC1035 mverani-pa-v6 {iliyonse; }; // Zowunika kuchokera ku localhost ndi sysadmin // kudzera dig swl.fan axfr // Tilibe akapolo a DNS ... mpaka pano
lolani-kusamutsa {localhost; 192.168.10.1; };
}; root @ master: ~ # yotchedwa-checkconf
muzu @ master: ~ # nano /etc/bind/zones.rfcFreeBSD
// Adilesi Yamagawo (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
// Link-local / APIPA (RFCs 3927, 5735 ndi 6303)
zone "254.169.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// Ntchito za IETF protocol (RFCs 5735 ndi 5736)
zone "0.0.192.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// TEST-NET- [1-3] ya Zolemba (RFCs 5735, 5737 ndi 6303)
zone "2.0.192.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "100.51.198.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "113.0.203.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// IPv6 Model Range for Documentation (RFCs 3849 ndi 6303)
zone "8.bd0.1.0.0.2.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// Mayina Amtundu Wolemba ndi Kuyesa (BCP 32)
zone "test" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "example" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "invalid" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "example.com" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "example.net" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "example.org" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// Kuyesa kwa Benchmark (RFCs 2544 ndi 5735)
zone "18.198.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "19.198.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// IANA Otetezedwa - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "241.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "242.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "243.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "244.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "245.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "246.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "247.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "248.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "249.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "250.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "251.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "252.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "253.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "254.in-addr.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// Maadiresi Osatumizidwa a IPv6 (RFC 4291)
zone "1.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "3.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "4.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; gawo "5.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "6.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "7.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera "8.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera "9.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "a.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "b.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "c.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "d.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "e.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "0.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "1.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "2.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "3.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "4.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "5.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "6.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "7.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "8.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "9.f.ip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera "afip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "bfip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "0.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "1.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "2.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "3.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "4.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "5.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "6.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "7.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// IPv6 ULA (RFCs 4193 ndi 6303)
zone "cfip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "dfip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// IPv6 Link Local (RFCs 4291 ndi 6303)
zone "8.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera "9.efip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "aefip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; zone "befip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// Maadiresi Osiyanasiyana Omasulira Malo a IPv6 (RFCs 3879 ndi 6303)
malo "cefip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "defip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "eefip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; }; woyendera zone "fefip6.arpa" {mtundu mbuye; fayilo "/etc/bind/db.empty"; };
// IP6.INT yachotsedwa (RFC 4159)
woyendera zone "ip6.int" {type master; fayilo "/etc/bind/db.empty"; };
muzu @ master: ~ # nano /etc/bind/named.conf.local
// // Chitani zosintha zilizonse pano // // Ganizirani kuwonjezera zigawo za 1918 pano, ngati sizigwiritsidwe ntchito mu bungwe lanu // zikuphatikiza "/etc/bind/zones.rfc1918";
onjezani "/etc/bind/zones.rfcFreeBSD";
// Chidziwitso cha dzina, mtundu, malo, ndikusintha chilolezo // cha DNS Record Zones // Zones Zonse ndi MASTER zone "swl.fan" {type master; fayilo "/var/lib/bind/db.swl.fan"; }; zone "10.168.192.in-addr.arpa" {mtundu mbuye; fayilo "/var/lib/bind/db.10.168.192.in-addr.arpa"; };
root @ master: ~ # yotchedwa-checkconf
muzu @ master: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ MU SOA master.swl.fan. muzu.master.swl.fan. (1; serial 1D; limbikitsani 1H; yesani 1W; mutha 3H); osachepera kapena; Nthawi yolanda nthawi yoti mukhale ndi moyo; @ Alireza. @ MU MX 10 malembo.swl.fan. @ IN A 192.168.10.5 @ IN TXT "Kwa Otsatira Mapulogalamu Aulere"; sysadmin MU 192.168.10.1.
mizu @ master: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ MU SOA master.swl.fan. muzu.master.swl.fan. (1; serial 1D; limbikitsani 1H; yesani 1W; mutha 3H); osachepera kapena; Nthawi yolanda nthawi yoti mukhale ndi moyo; @ Alireza. ; 1 MU PTR sysadmin.swl.fan. 4 MU PTR fileserver.swl.fan. 5 MU PTR master.swl.fan. 6 MU PTR prowebweb.swl.fan. 7 MU PTR blog.swl.fan. 8 MU PTR ftpserver.swl.fan. 9 MWA PTR mail.swl.fan.
root @ master: ~ # otchedwa-checkzone swl.fan /var/lib/bind/db.swl.fan
zone swl.fan/IN: yodzaza serial 1 OK
root @ master: ~ # dzina-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
zone 10.168.192.in-addr.arpa/IN: yodzaza serial 1 OK
root @ master: ~ # yotchedwa-checkconf -zp
root @ master: ~ # systemctl kuyambiranso bind9.service
root @ master: ~ # systemctl udindo bind9.service
Bind9 macheke
root @ master: ~ # dig swl.fan axfr root @ master: ~ # cheka 10.168.192.in-addr.arpa axfr root @ master: ~ # dig MU SOA swl.fan root @ master: ~ # dig IN NS swl.fan root @ master: ~ # dig MU MX swl.fan mizu @ master: ~ # proxyweb host root @ master: ~ # nping --tcp -p 53 -c 3 localhost root @ master: ~ # nping --udp -p 53 -c 3 localhost mizu @ master: ~ # nping --tcp -p 53 -c 3 master.swl.fan muzu @ master: ~ # nping --udp -p 53 -c 3 master.swl.fan Kuyambira Nping 0.6.47 ( http://nmap.org/nping ) pa 2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / A mapaketi akuda omwe adatumizidwa: 84 (0B) | Rcvd: 0 (3B) | Otayika: 100.00 (1%) Kutha: 3.01 adilesi ya IP yakanikizidwa m'masekondi XNUMX
isc-dhcp-seva
root @ master: ~ # aptitude kukhazikitsa isc-dhcp-server muzu @ master: ~ # nano / etc / default / isc-dhcp-server # Kodi seva ya DHCP (dhcpd) iyenera kutumizira zopempha za DHCP pazolumikizira ziti? # Patulani malo olumikizirana angapo okhala ndi malo, mwachitsanzo "eth0 eth1". ZOTHANDIZA = "eth0" root @ master: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-fungulo root @ master: ~ # cat Kdhcp-key. + 157 + 51777.chinsinsi Makina achinsinsi: v1.3 Algorithm: 157 (HMAC_MD5) Chinsinsi: Ba9GVadq4vOCixjPN94dCQ == Bits: AAA = Yapangidwa: 20170527133656 Sindikizani: 20170527133656 Yambitsani: 20170527133656 muzu @ master: ~ # nano dhcp.key kiyi wa dhcp-key { machitidwe a hmac-md5; chinsinsi "Opanga: Ba9GVadq4vOCixjPN94dCQ == "; }; root @ master: ~ # kukhazikitsa -o mizu -g kumanga -m 0640 dhcp.key /etc/bind/dhcp.key root @ master: ~ # install -o root -g root -m 0640 dhcp.key / etc / dhcp /dhcp.key root @ master: ~ # nano /etc/bind/named.conf.local onjezani "/etc/bind/dhcp.key"; woyendera zone "swl.fan" {type master; fayilo "/var/lib/bind/db.swl.fan"; lolani-kusintha {key key dhcp; }; }; zone "10.168.192.in-addr.arpa" {mtundu mbuye; fayilo "/var/lib/bind/db.10.168.192.in-addr.arpa"; lolani-kusintha {key key dhcp; }; }; root @ master: ~ # yotchedwa-checkconf mizu @ master: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original muzu @ master: ~ # nano /etc/dhcp/dhcpd.conf ddns-update-kalembedwe kanthawi; zosintha za ddns pa; ddns -namename "swl.fan."; ddns-rev-domainname "mu-addr.arpa."; samanyalanyaza zosintha zamakasitomala; kukonza-kukhathamiritsa kwabodza; # Zitha kufunidwa paulamuliro wa Debian; kusankha ip-kutumiza kutali; dzina losankha "swl.fan"; onjezani "/etc/dhcp/dhcp.key"; zone swl.fan. {yoyamba 127.0.0.1; fungulo la dhcp; } gawo 10.168.192.in-addr.arpa. {yoyamba 127.0.0.1; fungulo la dhcp; } gawo logawidwa limodzi {subnet 192.168.10.0 netmask 255.255.255.0 {option routers 192.168.10.1; subnet-mask kusankha 255.255.255.0; adilesi yakusankhira 192.168.10.255; dzina -ma seva-dzina 192.168.10.5; njira netbios-name-server 192.168.10.5; zosankha ntp-server 192.168.10.5; makina osankha nthawi 192.168.10.5; osiyanasiyana 192.168.10.30 192.168.10.250; }} muzu @ master: ~ # dhcpd -t Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. Maumwini onse ndi otetezedwa. Zambiri, chonde pitani https://www.isc.org/software/dhcp/ Sinthani fayilo: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid root @ master: ~ # systemctl kuyambiranso bind9.service root @ master: ~ # systemctl udindo bind9.service root @ master: ~ # systemctl kuyamba isc-dhcp-server.service root @ master: ~ # systemctl udindo isc-dhcp-server.service
ntp
root @ master: ~ # aptitude kukhazikitsa ntp ntpdate mizu @ master: ~ # cp /etc/ntp.conf /etc/ntp.conf.original mizu @ master: ~ # nano /etc/ntp.conf driftfile /var/lib/ntp/ntp. -192.168.10.1 kusakhulupirika kod notrap asankhe nopeer noquery choletsa 4 choletsa :: 6 Broadcast 127.0.0.1 root @ master: ~ # systemctl kuyambiranso ntp.service root @ master: ~ # systemctl udindo ntp.service mizu @ master: ~ # ntpdate -u sysadmin.swl.fan 27 Meyi 10:04:01 ntpdate [18769]: sinthani seva yakanthawi 192.168.10.1 kuchepetsa 0.369354 sec
Kufufuza kwapadziko lonse kwa ntp, bind9, ndi isc-dhcp-server
Kuchokera pa Linux, BSD, Mac OS, kapena Windows kasitomala kasitomala awone ngati nthawi imagwirizanitsidwa bwino. Kuti imapeza adilesi ya IP yamphamvu ndikuti dzina laomwe akukhalamo latsimikizika kudzera pamafunso achindunji a DNS. Sinthani dzina la kasitomala ndikubwezeretsanso macheke onse. Osapitilira mpaka mutsimikizire kuti ntchito zomwe zaikidwa pano zikugwira ntchito moyenera. Pa china chake tidalemba zolemba zonse za DNS ndi DHCP mu Ma Network Networks a ma SME.
Kukhazikitsa kwa NIS Server
root @ master: ~ # aptitude show nis Imasemphana ndi: netstd (<= 1.26) Kufotokozera: makasitomala ndi ma daemoni a Network Information Service (NIS) Phukusili limapereka zida zokhazikitsira ndikusamalira dera la NIS. NIS, yomwe poyamba imadziwika kuti Yellow Pages (YP), imagwiritsidwa ntchito kwambiri kulola makina angapo mu netiweki kugawana zomwezo, monga fayilo yachinsinsi. root @ master: ~ # aptitude kukhazikitsa nis Kukhazikitsa Phukusi ┌─────────────────────────┤ Kusintha kwa Nis ├──────────────── ── │ │ Sankhani dzina la "NIS" la NIS pamakina awa. Ngati mukufuna makina to │ kuti akhale kasitomala chabe, muyenera kulemba dzina la domain ya │ │ NIS yomwe mukufuna kulowa. Atively │ │ │ Kapenanso, ngati makinawa adzakhala seva ya NIS, mutha │ kulowa "NIS" dzina latsopano kapena dzina la domain yomwe ilipo ya NIS IS. IS │ │ │ NIS Mzinda: │ │ │ │ swl.fan __________________________________________________________________ │ │ └──────────────────────────────────────────────. Chimango ─────────────────────────────┘
Iachedwetsa yanu chifukwa kasinthidwe kantchito sikamakhalapo. Chonde dikirani kuti ntchitoyi ithe.
root @ master: ~ # nano / etc / default / nis
# Kodi ndife seva ya NIS ndipo ngati zili choncho (zabwino: zabodza, kapolo, mbuye)?
NISSERVER = mbuye
root @ master: ~ # nano /etc/ypserv.securenets # safenets Fayiloyi imafotokoza ufulu wopezeka pa seva yanu ya NIS # kwa makasitomala a NIS (ndi ma seva akapolo - ypxfrd imagwiritsanso ntchito fayilo # iyi). Fayiloyi ili ndi ma netmask / ma network awiriawiri. # Adilesi ya IP yamakasitomala iyenera kufanana ndi imodzi #. # # Munthu atha kugwiritsa ntchito mawu oti "khamu" m'malo mwa ukonde wa # 255.255.255.255. Ma adilesi a IP okha ndi omwe amaloledwa mu fayilo iyi #, osati mayina amtundu. # # Nthawi zonse lolani kufikira kwa localhost 255.0.0.0 127.0.0.0 # Mzerewu umapereka mwayi kwa aliyense. Chonde sinthani! # 0.0.0.0 0.0.0.0
255.255.255.0 192.168.10.0
root @ master: ~ # nano / var / yp / Makefile # Kodi tiyenera kuphatikiza fayilo ya passwd ndi fayilo ya mthunzi? # MERGE_PASSWD = zoona | zabodza
MERGE_PASSWD = zowona
# Tiyenera kuphatikiza fayilo yamagulu ndi fayilo ya gshadow? # MERGE_GROUP = zowona | zabodza
MERGE_GROUP = zowona
Timamanga nkhokwe ya NIS
muzu @ master: ~ # / usr / lib / yp / ypinit -m Pakadali pano, tikuyenera kupanga mndandanda wa omwe azigwiritsa ntchito ma NIS. master.swl.fan ili m'ndandanda wamasewera a NIS. Chonde pitilizani kuwonjezera mayina a omwe akukhala nawo, mzere umodzi. Mukamaliza ndi mndandanda, lembani a . wolandila wotsatira kuti awonjezere: master.swl.fan wolandila wina kuti awonjezere: Mndandanda wapano wamaseva a NIS ukuwoneka motere: master.swl.fan Kodi izi ndi zolondola? [y / n: y] Tikufuna mphindi zochepa kuti tipeze zosungira ... pangani [1]: Kusiya chikwatu '/var/yp/swl.fan' master.swl.fan yakhazikitsidwa ngati seva yayikulu ya NIS . Tsopano mutha kuyendetsa ypinit -s master.swl.fan pa seva yonse ya akapolo. root @ master: ~ # systemctl kuyambiranso nis root @ master: ~ # systemctl udindo nis
Timawonjezera ogwiritsa ntchito akumaloko
muzu @ master: ~ # adduser bilbo Kuphatikiza wosuta `bilbo '... Powonjezera gulu latsopano` bilbo' (1001) ... Kuphatikiza wosuta watsopano` bilbo '(1001) ndi gulu` bilbo' ... Kupanga chikwatu chakunyumba` / home / bilbo ' ... Kukopera mafayilo kuchokera ku `/ etc / skel '... kanikizani ENTER kuti mugwiritse ntchito dzina lathunthu []: Bilbo Bagins Number Number []: Phone Work []: Home Phone []: Other []: Kodi ndizolondola? [Y / n] root @ master: ~ # adduser akuyenda root @ master: ~ # adduser legolas
ndi zina zotero.
root @ master: ~ # zala legolas Kulowa: legolas Dzina: Legolas Archer Directory: / home / legolas Shell: / bin / bash Sanalowemo. Palibe makalata. Palibe Mapulani.
Timasintha nkhokwe ya NIS
root @ master: / var / yp # kupanga pangani [1]: Kulowa chikwatu '/var/yp/swl.fan' Kusintha passwd.byname ... Kusintha passwd.byuid ... Kusintha gulu.byname ... Kusintha gulu.bygid ... Kusintha netid.byname. .. Kusintha shadow.byname ... Zanyalanyazidwa -> zolumikizidwa ndi passwd pangani [1]: Kusiya chikwatu '/var/yp/swl.fan'
Timawonjezera zosankha za NIS ku isc-dhcp-server
muzu @ master: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-kalembedwe kanthawi; zosintha za ddns pa; ddns -namename "swl.fan."; ddns-rev-domainname "mu-addr.arpa."; samanyalanyaza zosintha zamakasitomala; kukonza-kukhathamiritsa kwabodza; odalirika; kusankha ip-kutumiza kutali; dzina losankha "swl.fan"; onjezani "/etc/dhcp/dhcp.key"; zone swl.fan. {yoyamba 127.0.0.1; fungulo la dhcp; } gawo 10.168.192.in-addr.arpa. {yoyamba 127.0.0.1; fungulo la dhcp; } gawo logawidwa limodzi {subnet 192.168.10.0 netmask 255.255.255.0 {option routers 192.168.10.1; subnet-mask kusankha 255.255.255.0; adilesi yakusankhira 192.168.10.255; dzina -ma seva-dzina 192.168.10.5; njira netbios-name-server 192.168.10.5; zosankha ntp-server 192.168.10.5; makina osankha nthawi 192.168.10.5;
chisankho nis-domain "swl.fan";
njira nis-server 192.168.10.5;
osiyanasiyana 192.168.10.30 192.168.10.250; }}
muzu @ master: ~ # dhcpd -t
root @ master: ~ # systemctl kuyambiranso isc-dhcp-server.service
Kukhazikitsa Kwa NIS
- Timayambira pakukhazikitsa koyera - popanda mawonekedwe owonekera- a Debian 8 "Jessie".
root @ mail: ~ # dzina la alendo -f
makalata.swl.fan
mizu @ makalata: ~ # ip addr
2: eth0: munthu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
inet 192.168.10.9/24 brd 192.168.10.255 kuchuluka kwa eth0
mizu @ makalata: ~ # kuyika bwino nis
mizu @ makalata: ~ # nano /etc/yp.conf # # yp.conf Fayilo yosinthira njira ya ypbind. Mutha kutanthauzira ma seva a # NIS pamanja pano ngati sangapezeke ndi #wailesi yakanema yakomweko (yomwe ndiyosasintha). # # Onani tsamba lamasamba la ypbind pama syntax a fayilo iyi. # # ZOFUNIKIRA: Kwa "ypserver", gwiritsani ntchito ma adilesi a IP, kapena onetsetsani kuti # wolandirayo ali mu / etc / hosts. Fayiloyi imangotanthauziridwa # kamodzi, ndipo ngati DNS siyotheka koma ypserver singathe # kuthetsedwa ndipo ypbind sichimangiriza seva. # ypserver ypserver.network.com ypserver master.swl.fan dzina la swl.fan
mizu @ makalata: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Chitsanzo chosinthira magwiridwe antchito a GNU Name Service switch. # Ngati muli ndi phukusi la `glibc-doc-reference 'and` info', yesani: #` info info libc "Name Service switch" "kuti mumve zambiri za fayiloyi. passwd: gulu la nis nis: compat nis mthunzi: compat nis gshadow: mafayilo okhala: mafayilo dns nis network: mafayilo amachitidwe: db mafayilo services: db mafayilo ethers: db mafayilo rpc: db mafayilo netgroup: nis
mizu @ makalata: ~ # nano /etc/pam.d/common-session
# pam-auth-update (8) kuti mumve zambiri.
gawo lomwe mungasankhe pam_mkhomedir.so skel = / etc / skel umask = 077
# nayi ma phukusi amtundu (phukusi la "Pulayimale")
root @ mail: ~ # systemctl udindo nis
root @ mail: ~ # systemctl kuyambiranso nis
Timatseka gawoli ndikuyambiranso koma ndi wogwiritsa ntchito mu NIS database ku alireza.
root @ mail: ~ # kuchoka cholowa cholumikizira ku makalata chatsekedwa. buzz @ sysadmin: ~ $ ssh legolas @ makalata mawu achinsinsi a legolas @ mail: Kupanga chikwatu '/ home / legolas'. Mapulogalamuwa ophatikizidwa ndi dongosolo la Debian GNU / Linux ndi mapulogalamu aulere; magawidwe enieni a pulogalamu iliyonse amafotokozedwa mu fayilo iliyonse mu / usr / share / doc / * / copyright. Debian GNU / Linux imabwera ndi ABSOLUTELY NO WARRANTY, mpaka pamlingo wovomerezeka ndi lamulo logwira ntchito. malembedwe @ makalata: ~ $ pwd / kunyumba / legolas malembedwe @ makalata: ~ $
Timasintha mawu achinsinsi a ogwiritsa ntchito a legolas ndikuwona
legolas @ makalata: ~ $ yppasswd Kusintha zambiri za akaunti ya NIS ya legolas pa master.swl.fan. Chonde lowetsani mawu achinsinsi akale: legolas Kusintha chinsinsi cha NIS cha legolas pa master.swl.fan. Chonde lowetsani mawu achinsinsi: woponya mivi Chinsinsi chachinsinsi chiyenera kukhala ndi zilembo zazikulu komanso zazing'ono, kapena zosakhala zilembo. Chonde lowetsani mawu achinsinsi: Arquero2017 Chonde lembaninso mawu achinsinsi: Arquero2017 Mawu achinsinsi a NIS asinthidwa pa master.swl.fan. legolas @ makalata: ~ $ kuchoka cholowa cholumikizira ku makalata chatsekedwa. buzz @ sysadmin: ~ $ ssh legolas @ makalata Mawu achinsinsi a legolas @ mail: Arquero2017 Mapulogalamuwa ophatikizidwa ndi dongosolo la Debian GNU / Linux ndi mapulogalamu aulere; magawidwe enieni a pulogalamu iliyonse amafotokozedwa mu fayilo iliyonse mu / usr / share / doc / * / copyright. Debian GNU / Linux imabwera ndi ABSOLUTELY NO WARRANTY, mpaka pamlingo wovomerezeka ndi lamulo logwira ntchito. Kulowa komaliza: Sat May 27 12: 51: 50 2017 kuchokera ku sysadmin.swl.fan malembedwe @ makalata: ~ $
Ntchito ya NIS yakwaniritsidwa pa seva ndi kasitomala pamlingo wogwira ntchito molondola.
LDAP
Kuchokera ku Wikipedia:
- LDAP ndichidule cha Lightweight Directory Access Protocol (mu Spanish Lightweight Directory Access Protocol) chomwe chimatanthawuza pulogalamu yantchito yomwe imalola mwayi wopezeka ndikulamula kuti mufufuze zambiri m'malo netiweki. LDAP imawonedwanso ngati nkhokwe (ngakhale makina ake osungira atha kukhala osiyana) omwe atha kufunsidwa.Kalozera ndi seti ya zinthu zokhala ndi zikhumbo zomwe zidakonzedwa m'njira yolongosoka komanso mosasintha. Chitsanzo chofala kwambiri ndi chikwatu cha matelefoni, chomwe chimakhala ndi mayina angapo (anthu kapena mabungwe) omwe amakonzedwa motsatira zilembo, dzina lililonse limakhala ndi adilesi komanso nambala yafoni yolumikizidwa. Kuti mumvetse bwino, ndi buku kapena chikwatu, momwe mayina a anthu, manambala a foni ndi ma adilesi amalembedwa, ndipo amakonzedwa motsatira zilembo.
Mtengo wa chikwatu cha LDAP nthawi zina umawonetsera malire andale, madera, kapena mabungwe, kutengera mtundu womwe wasankhidwa. Kutumiza kwaposachedwa kwa LDAP kumakonda kugwiritsa ntchito mayina a Domain Name System (DNS) kuti apange magulu apamwamba. Mukamayang'ana pamndandanda, zolembedwera zitha kuwoneka zikuyimira anthu, magulu abungwe, osindikiza, zikalata, magulu a anthu, kapena chilichonse chomwe chikuyimira cholowa mumtengo (kapena zingapo).
Nthawi zambiri, imasunga zidziwitso (dzina lolowera ndi mawu achinsinsi) ndipo imagwiritsidwa ntchito kutsimikizira, ngakhale ndizotheka kusunga zina (zosankha za ogwiritsa ntchito, komwe kuli ma netiweki angapo, zilolezo, satifiketi, ndi zina zambiri). Mwachidule, LDAP ndi njira yolumikizirana yolumikizana ndi zidziwitso pa netiweki.
Mtundu wapano ndi LDAPv3, ndipo umatanthauzidwa mu RFCs RFC 2251 ndi RFC 2256 (chikalata choyambira cha LDAP), RFC 2829 (njira yotsimikizika ya LDAP), RFC 2830 (yowonjezera ya TLS), ndi RFC 3377 (luso)
.
Kwa nthawi yayitali, LDAP protocol - ndi nkhokwe zake zogwirizana kapena ayi ndi OpenLDAP - ndizomwe zimagwiritsidwa ntchito kwambiri pamawonekedwe ambiri masiku ano. Monga chitsanzo cha mawu am'mbuyomu, timapereka pansipa mayina ena amachitidwe -Free kapena Private - omwe amagwiritsa ntchito nkhokwe za LDAP ngati backend kuti asunge zinthu zawo zonse:
- OpenLDAP
- Seva ya Directory ya Apache
- Red Hat Directory Server - 389 DS
- Ntchito za Directory za Novell - eDirectory
- SUN Microsystems Open DS
- Red Hat Chidziwitso Chachikulu
- UfuluIPA
- Samba NT4 Classic Domain Controller.
Tikufuna kufotokozera kuti dongosololi linali chitukuko cha Team Samba ndi Samba 3.xxx + OpenLDAP monga kumbuyo. Microsoft sinachitepo chilichonse chonga icho. Adalumphira kuchokera ku NT 4 Domain Controllers kupita ku Ma Directory Awo Ogwira - Samba 4 Active Directory - Domain Controler
- ClearOS
- Zamgululi
- UCS Uninvention Corporate Server
- Microsoft Yogwira Directory
Kukhazikitsa kulikonse kuli ndi mawonekedwe ake, ndipo chofunikira kwambiri komanso chovomerezeka ndi OpenLDAP.
Active Directory, zikhale zoyambirira kuchokera ku Microsoft kapena kuchokera ku Samba 4, ndikupanga mgwirizano wazinthu zingapo zazikulu zomwe ndi:
- LDAP Mwambo ndi onse Microsoft ndi Samba.
- Microsoft Windows Domain o Windows domain. Ndi Microsoft Network.
- Mtsogoleri wa Microsoft Domain o Wolamulira Wamtundu.
- Kerberos yosinthidwa ndi Microsoft komanso Samba.
Sitiyenera kusokoneza a Service Directory o Directory Service yokhala ndi Active Directory o Directory Yogwira Ntchito. Omwe atha kulandira kapena kutsimikizira kutsimikizira kwa Kerberos, koma samapereka ntchito ya Microsoft Network yoperekedwa ndi Windows Domain, komanso alibe Windows Domain Controller chotere.
A Directory Service kapena Directory Service itha kugwiritsidwa ntchito kutsimikizira ogwiritsa ntchito pamaneti osakanikirana ndi makasitomala a UNIX / Linux ndi Windows. Kwa omalizirawa, pulogalamu iyenera kukhazikitsidwa kwa kasitomala aliyense yemwe amakhala mkhalapakati pakati pa Directory Service ndi Windows kasitomala yomwe, monga Free Software. tsamba.
Ntchito Yoyang'anira ndi OpenLDAP
- Timayambira pakukhazikitsa koyera - popanda mawonekedwe owonekera- a Debian 8 "Jessie", yokhala ndi dzina lofananira lamakina "master" lomwe limagwiritsidwa ntchito kukhazikitsa NIS, komanso kasinthidwe kogwiritsa ntchito netiweki ndi fayilo ya /etc/resolv.conf. Tidakhazikitsa ntp, bind9 ndi isc-dhcp-seva ya seva yatsopanoyi, osayiwala kuwunika kwapadziko lonse koyenda koyenera kwa mautumiki atatu apitawa.
root @ master: ~ # aptitude kukhazikitsa slapd ldap-utils Kukonzekera phukusi ┌───────────────────┤ Kusintha kwa Slapd │├─────────────────────┐Lowetsani mawu achinsinsi kuti woyang'anira alowe mu chikwatu chanu cha LDAP │ │. Password │ │ │ Mawu achinsinsi a woyang'anira: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ─────────────────────┘
Timayang'ana kasinthidwe koyambirira
muzu @ master: ~ # slapcat dn: dc = swl, dc = wokonda objectClass: top objectClass: dcObject objectClass: bungwe o: swl.fan dc: swl structuralObjectClass: kulowa kwa bungweUUID: c8510708-da8e-1036-8fe1-71d022a16904 creatorsName: cn = admin, dc = swl, dc = fan entry createTimestamp20170531205219: 20170531205219.833955 createTimestamp000000: 000 Z # 000000 # 20170531205219 # XNUMX zosinthaName: cn = admin, dc = swl, dc = fan modformTimestamp: XNUMXZ dn: cn = woyang'anira, dc = swl, dc = fan objectClass: simpleSecurityObject objectClass: organizationalRole CN: boma kufotokoza: LDAP woyang'anira userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e-da8fe1036e-entrySw8d-2-dm71c-022-entrySw16904e-da20170531205219fe 20170531205219.834422-kulowa-000000-fancimes-c000emp000000a20170531205219-entrySwXNUMX-cXNUMXempXNUMXeXNUMXpmTmlYOVhKSUXNUMX-kulowa-XNUMXc-XNUMX-f-XNUMX-kulowa-XNUMXc-XNUMX-f-c-f-XNUMX-kulowa-XNUMX-cXNUMX-daXNUMXfe XNUMX-kulowa-XNUMX-fancimes-kulowa-XNUMX-kulowa-u-f-r Mukhoza-mahule-kulowa: XNUMXZ # XNUMX # XNUMX # XNUMX zosinthaName: cn = admin, dc = swl, dc = fan modform
Timasintha fayilo /etc/ldap/ldap.conf
mizu @ master: ~ # nano /etc/ldap/ldap.conf BASE dc = swl, dc = wokonda URI Ldap: // localhost
Zamagulu Amabungwe ndi gulu lonse «ogwiritsa ntchito»
Timawonjezera mayunitsi osachepera oyenera a Gulu, komanso gulu la Posix «ogwiritsa ntchito» momwe tithandizira ogwiritsa ntchito onse kukhala mamembala awo, kutsatira chitsanzo cha machitidwe ambiri omwe ali ndi gulu «owerenga«. Timalitcha dzina la «ogwiritsa ntchito» kuti tisalowe m'mikangano yomwe ingachitike ndi gulu «wosuta"za dongosololi.
muzu @ master: ~ # nano base.ldif dn: ou = anthu, dc = swl, dc = fan objectClass: bungweUnit ou: anthu dn: ou = magulu, dc = swl, dc = fan objectClass: organizationUnit ou: magulu dn: cn = ogwiritsa, ou = magulu, dc = swl, dc = fan fanClass: posixGroup cn: ogwiritsa gidNumber: 10000 muzu @ master: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f base.ldif Lowetsani Chinsinsi cha LDAP: kuwonjezera kulowa kwatsopano "ou = people, dc = swl, dc = fan" kuwonjezera kulowa kwatsopano "ou = magulu, dc = swl, dc = fan"
Timayang'ana zolembedwera
root @ master: ~ # ldapsearch -x ou = anthu # anthu, swl.fan dn: ou = anthu, dc = swl, dc = fan objectClass: organizationUnit ou: people root @ master: ~ # ldapsearch -x ou = magulu # magulu, swl.fan dn: ou = magulu, dc = swl, dc = fan fanClass: bungweUnit ou: magulu root @ master: ~ # ldapsearch -x cn = ogwiritsa Ogwiritsa ntchito #, magulu, swl.fan dn: cn = ogwiritsa, ou = magulu, dc = swl, dc = fan fan Class: posixGroup cn: ogwiritsa gidNambala: 10000
Timawonjezera ogwiritsa ntchito angapo
Mawu achinsinsi omwe tiyenera kulengeza mu LDAP akuyenera kupezeka kudzera mwa lamulo alireza, yomwe imabweza mawu achinsinsi a SSHA.
Chinsinsi cha wogwiritsa ntchito chikuyenda:
muzu @ master: ~ # slappasswd
Chinsinsi chatsopano: Lowaninso mawu achinsinsi:
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
Chinsinsi cha ogwiritsa ntchito legolas
muzu @ master: ~ # slappasswd
Chinsinsi chatsopano: Lowaninso mawu achinsinsi:
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
Chinsinsi cha wosuta gandalf
muzu @ master: ~ # slappasswd
Chinsinsi chatsopano: Lowaninso mawu achinsinsi:
{SSHA} OIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
root @ master: ~ # nano ogwiritsa ntchito.ldif
dn: uid = strides, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides givenName: Strides sn: El Rey wosutaPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
uidNamba: 10000 gidNambala: makalata 10000: striders@swl.fan
gecos: Strider El Rey loginShell: / bin / bash homeDirectory: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cn: legolas apatsidwaName : Legolas sn: Wogwiritsa ntchito Archer {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
uidNamba: 10001 gidNambala: makalata 10000: @alirezatalischioriginal
gecos: Legolas Archer loginShell: / bin / bash homeDirectory: / home / legolas dn: uid = gandalf, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: gandalf cn: gandalf yapatsidwaName: Gandalf sn: Wogwiritsa ntchito Wizard {SSHA} OIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
uidNamba: 10002 gidNambala: makalata 10000: gandalf@swl.fan
gecos: Gandalf The Wizard loginShell: / bin / bash homeDirectory: / home / gandalf
root @ master: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f ogwiritsa.ldif
Lowetsani Chinsinsi cha LDAP: kuwonjezera kulowa kwatsopano "uid = strides, ou = people, dc = swl, dc = fan" kuwonjezera kulowa kwatsopano "uid = legolas, ou = people, dc = swl, dc = fan" kuwonjezera kulowa kwatsopano "uid = gandalf, ou = anthu, dc = swl, dc = fan "
Timayang'ana zolembedwera
root @ master: ~ # ldapsearch -x cn = mayendedwe root @ master: ~ # ldapsearch -x uid = mayendedwe
Timayang'anira nkhokwe ya slpad ndi zida zothandiza
Timasankha phukusi zolemba pa ntchito yotereyi. Kuyika ndikukonzekera njira ndi izi:
root @ master: ~ # aptitude kukhazikitsa ldapscripts mizu @ master: ~ # mv /etc/ldapscript/ldapscript.conf \ /etc/ldapscript/ldapscript.conf. choyambirira root @ master: ~ # nano /etc/ldapscript/ldapscript.conf SERVER = localhost BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = magulu' USUFFIX = 'ou = people' # MSUFFIX = 'ou = Makompyuta' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # OpenLDAP kasitomala amalamula LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posiXPLATE "# /ldapadduser.template "PASSWORDGEN =" echo% u "
Onani kuti zolembazo zimagwiritsa ntchito phukusi ldap-zida. Thamangani dpkg -L ldap-zida | grep / bin kudziwa zomwe iwo ali.
root @ master: ~ # sh -c "echo -n 'admin-password'>> /etc/ldapscripts/ldapscript.passwd " mizu @ master: ~ # chmod 400 /etc/ldapscript/ldapscript.passwd root @ master: ~ # cp /usr/share/doc/ldapscript/examples/ldapadduser.template.sample \ /etc/ldapscripts/ldapadduser.template root @ master: ~ # nano /etc/ldapscripts/ldapadduser.template dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: cn: dzina loyamba: sn: dzina lowonetsa: Chiwerengero: gidNumber: kunyumba 10000 kulowaShell: makalata: @alirezatalischioriginal kufotokozera: Akaunti Yogwiritsa Ntchito root @ master: ~ # nano /etc/ldapscript/ldapscript.conf ## timachotsa ndemanga UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"
Onjezani wosuta "bilbo" ndikupanga kukhala membala wa "ogwiritsa" pagululi
root @ master: ~ # ldapadduser bilbo ogwiritsa ntchito [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Lowetsani mtengo wa "givenName": Bilbo [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Lowetsani mtengo wa " sn ": Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Lowetsani mtengo wa" displayName ": Bilbo Bagins Anapanganso kuwonjezera wosuta bilbo ku LDAP Khazikitsani mawu achinsinsi a bilbo mizu @ master: ~ # ldapsearch -x uid = bilbo # bilbo, people, swl.fan dn: uid = bilbo, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins showName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / home / bilbo loginShell: / bin / bash mail: bilbo@swl.fan gecos: kufotokozera bilbo: Akaunti Yogwiritsa Ntchito
Kuti muwone mawu achinsinsi a wosuta bilbo, ndikofunikira kuyankha funsoli motsimikiza:
mizu @ master: ~ # ldapsearch -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo
Kuchotsa wogwiritsa ntchito bilbo yemwe timachita:
root @ master: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo, ou = anthu, dc = swl, dc = fan Lowetsani Chinsinsi cha LDAP: mizu @ master: ~ # ldapsearch -x uid = bilbo
Timayang'anira nkhokwe ya slapd kudzera pa intaneti
Tili ndi Directory Service, ndipo tikufuna kuyang'anira mosavuta. Pali mapulogalamu ambiri opangira ntchitoyi, monga phpldapadmin, ldap-account-woyang'anira, etc., zomwe zimapezeka mwachindunji kuchokera kumalo osungira zinthu. Tikhozanso kuyang'anira Directory Service kudzera pa Apache Directory Studio, yomwe tifunika kutsitsa pa intaneti.
Kuti mudziwe zambiri, chonde pitani https://blog.desdelinux.net/ldap-introduccion/, ndi nkhani 6 zotsatirazi.
Makasitomala a LDAP
Gawo:
Nenani kuti tili ndi timu makalata.swl.fan monga seva yamakalata yakwaniritsidwa monga tawonera m'nkhaniyi Postfix + Dovecot + Squirrelmail ndi ogwiritsa ntchito akumaloko, yomwe ngakhale idapangidwa pa CentOS, itha kukhala chitsogozo cha Debian ndi ma distros ena ambiri a Linux. Tikufuna kuti, kuwonjezera pa ogwiritsa ntchito omwe tanena kale, ogwiritsa ntchito omwe akusungidwa mu database ya OpenLDAP yomwe ilipo alireza. Kuti tikwaniritse pamwambapa tiyenera «mapu kunja»Kwa ogwiritsa LDAP monga ogwiritsa ntchito pa seva makalata.swl.fan. Yankho ili ndilovomerezeka pantchito iliyonse kutengera kutsimikizika kwa PAM. Njira zonse za Debian, ndi izi:
root @ mail: ~ # aptitude kukhazikitsa libnss-ldap libpam-ldap ldap-utils
┌────────────────────┤ Kusintha kwa libnss-ldap │ Lowani URI ("Uniform Resource Identifier", kapena │ │ Uniform Resource Identifier) ya seva ya LDAP. Chingwechi ndi chofanana │ │ «ddap: //: / ». Muthanso │ │ gwiritsani ntchito «malembo: // » kapena "ldapi: //". Nambala ya doko ndiyotheka. │ │ │ │ Tikulimbikitsidwa kuti mugwiritse ntchito adilesi ya IP kuti mupewe kulephera pomwe mayina azidziwitso domain │ sakupezeka. Server │ │ server seva ya LDAP URI: │ │ │ │ Ldap: //master.swl.fan__________________________________________________ │ │ │. Chimango │ │ └──────────────────────────────────────────────. Chimango ┌───────────────────── ┌───────────────────── ┤ Kusintha kwa libnss-ldap │ │ Lowetsani dzina lotchuka (DN) pazosaka za LDAP. Masamba ambiri amagwiritsa ntchito zigawo zikuluzikulu za dzina la for │ cholinga. Mwachitsanzo, dambwe "example.net" lingagwiritse ntchito │ │ "dc = Mwachitsanzo, dc = net" ngati dzina lodziwika bwino lazosaka. Distingu │ │ │ Dzinalo lodziwika (DN) lazosaka: │ │ │ │ dc = swl, dc = wokonda ____________________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa libnss-ldap │ │ Lowetsani mtundu wa LDAP protocol womwe ldapns ayenera kugwiritsa ntchito. Ndi │ │ analimbikitsa kugwiritsa ntchito nambala yamtundu wapamwamba kwambiri yomwe ilipo. Version │ │ │ Mtundu wa LDAP woti mugwiritse ntchito: │ │ │ │ 3 │ │ 2 │ │ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa libnss-ldap │ │ Sankhani akaunti iti yomwe ingagwiritsidwe ntchito pamafunso a nss ndi mwayi wa mizu. │ │ │ │ Dziwani kuti: Kuti njirayi igwire ntchito, akauntiyi imafunikira zilolezo kuti │ │ zitheke kupeza zikhumbo za LDAP zomwe zimalumikizidwa ndi zolemba za "mthunzi" wogwiritsa ntchito komanso mapasiwedi a ogwiritsa ntchito ndi magulu a │ │ . Account │ │ │ Akaunti ya LDAP ya muzu: │ │ │ │ cn = admin, dc = swl, dc = fan __________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa libnss-ldap │ │ Lowani mawu achinsinsi oti mugwiritse ntchito libnss-ldap itayesa │ │ kutsimikizira ku chikwatu cha LDAP ndi muzu wa LDAP. │ │ │ │ Mawu achinsinsi adzasungidwa mu fayilo yapadera │ │ ("/etc/libnss-ldap.secret") yomwe mizu yokha imatha kufikira. │ │ │ │ Ngati mutayika mawu achinsinsi, achinsinsi anu akale adzagwiritsidwanso ntchito. │ │ │ │ Chinsinsi cha akaunti ya LDAP: │ │ │ │ ******** ____________________________________________________________ ____ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌──────────────────── ┌──────────────────── ─┤ Kusintha kwa libnss-ldap S │ │ │ nsswitch.conf siyimayendetsedwa mosavuta │ │ │ │ Muyenera kusintha fayilo yanu "/etc/nsswitch.conf "kugwiritsa ntchito nkhokwe ya LDAP ngati mukufuna kuti pulogalamu ya libnss-ldap igwire ntchito. │ │ Mutha kugwiritsa ntchito fayilo ya "us │" mu "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" monga chitsanzo cha nsswitch kasinthidwe kapena │ │ mutha kukopera pamasinthidwe anu apano. │ │ │ │ Dziwani kuti musanatulutse phukusili kungakhale koyenera │ kuchotsa zolemba za "ldap" kuchokera mu fayilo ya nsswitch.conf kuti ntchito zoyambira │ │ zipitilize kugwira ntchito. │ │ │. Chimango │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa choyimira │ │ │ │ Njirayi imalola zida zachinsinsi zogwiritsa ntchito PAM kusintha mapasiwedi am'deralo. │ │ │ │ Mawu achinsinsi a akaunti ya woyang'anira LDAP adzasungidwa mu fayilo yapadera ya │ that yomwe imangowerengedwa ndi woyang'anira. │ │ │ │ Njirayi iyenera kulephereka, ngati ikukula "/ etc" kudzera pa NFS. You │ │ │ Kodi mukufuna kulola akaunti ya woyang'anira LDAP kuti ikhale ngati as │ woyang'anira mdera lanu? │ │ │. Chimango │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa choyimira │ │ │ │ Sankhani ngati seva ya LDAP ikukakamiza chizindikiritso musanalandire zolemba. Zokonzera izi sizofunikira kwenikweni. A │ │ │ Kodi ogwiritsa ntchito amafunika kuti azitha kupeza nawo nkhokwe ya LDAP? │ │ │. Chimango │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa choyimira │ Lowani dzina laakaunti ya LDAP. Akauntiyi idzagwiritsidwa ntchito posungira kasungidwe ka database kotero iyenera kukhala ndi mwayi woyang'anira. │ │ │ │ Akaunti ya woyang'anira LDAP: │ │ │ │ cn = admin, dc = swl, dc = fan _______________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌─────────────────── ┌─────────────────── ──┤ Kusintha kwa choyimira │ Lowani mawu achinsinsi pa akaunti yoyang'anira. Mawu achinsinsi adzasungidwa mu fayilo "/etc/pam_ldap.secret". Mtsogoleri wa │ │ ndi yekhayo amene angawerenge fayiloyi, ndipo alola pampam libpam-ldap kuti izitha kuyendetsa kayendetsedwe kazilumikizidwe mu database ya │ │. │ │ │ │ Ngati mutasiya gawo ili mulibe kanthu, mawu achinsinsi omwe asungidwa kale adzagwiritsidwanso ntchito. Password │ │ │ Mawu achinsinsi a woyang'anira LDAP: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ─────────────────────────────┘
mizu @ makalata: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Chitsanzo chosinthira magwiridwe antchito a GNU Name Service switch. # Ngati muli ndi phukusi la `glibc-doc-reference 'and` info', yesani: #` info info libc "Name Service switch" "kuti mumve zambiri za fayiloyi. passwd: mnzake ldap
gulu: compat ldap
mthunzi: compat ldap
gshadow: mafayilo osungira: mafayilo dns ma network: mafayilo amachitidwe: ma db mafayilo ntchito: db mafayilo ethers: db mafayilo rpc: db mafayilo netgroup: nis
Tiyeni tisinthe fayilo /etc/pam.d/common-password, tikupita mzere 26 ndikuchotsa mtengo wake «ntchito_authtok":
muzu @ makalata: ~ # nano /etc/pam.d/common-password # # / etc # ankakonda kusintha mapasiwedi wosuta. Zosasintha ndi pam_unix. # Kufotokozera kwa pam_unix zosankha: # # Njira ya "sha512" imathandizira mapasiwedi amchere a SHA512. Popanda njirayi, # chosasintha ndi Unix crypt. Kutulutsidwa kusanachitike kunagwiritsa ntchito njira "md5". # # Njira "yosadziwika" imalowetsa njira yakale ya `OBSCURE_CHECKS_ENAB 'mu # login.defs. # # Onani pam_unix manpage posankha zina. # Monga pam 1.0.1-6, fayiloyi imayendetsedwa ndi pam-auth-update mwachinsinsi. # Kuti mugwiritse ntchito izi, ndikulimbikitsidwa kuti musinthe ma module aliwonse # asanafike kapena pambuyo pake, ndikugwiritsa ntchito # pam-auth-update kuti muthane ndi ma module ena. Onani # pam-auth-update (8) kuti mumve zambiri. # nayi ma module amtundu (phukusi la "Primary" block [success = 2 default = amanyalanyaza] pam_unix.so osamveka sha512 mawu achinsinsi [success = 1 user_unknown = amanyalanyaza kusakhulupirika = kufa] pam_ldap.so yesani_first_pass # nayi njira yobwerera m'mbuyo ngati palibe gawo limodzi lomwe lingakwaniritse mawu achinsinsi pam_deny.so # yambitsani bungweli ndi phindu lobwezera ngati kulibe kale; # izi zimatipangitsa kuti tisabwezeretse cholakwika chifukwa palibe chomwe chimakhazikitsa nambala yovomerezeka # popeza ma module omwe ali pamwambapa amangodumpha pazenera zofunika pam_permit.so # ndipo nazi ma module apaketi (zowonjezera "block" # kumapeto kwa pam- auth-pomwe config
Ngati tifuna Malowedwe Akale a ogwiritsa ntchito omwe asungidwa mu LDAP, ndipo tikufuna kuti mafoda awo azipangidwa okha kunyumba, tiyenera kusintha fayilo /etc/pam.d/common-session ndi kuwonjezera mzere wotsatira kumapeto kwa fayilo:
gawo lomwe mungasankhe pam_mkhomedir.so skel = / etc / skel umask = 077
Mu chitsanzo cha OpenLDAP Directory Service chomwe chidapangidwa kale, wogwiritsa ntchito yekhayo yemwe adapangidwa anali wogwiritsa ntchito Buzz, tili ku LDAP timapanga ogwiritsa ntchito kuyenda, ziphuphu, gandalfndi bulo. Ngati masanjidwe omwe apangidwa pakadali pano ndi olondola, ndiye kuti titha kulembetsa ogwiritsa ntchito akumaloko ndi omwe adasungidwa ngati akomweko koma osungidwa mu seva yakutali ya LDAP:
mizu @ makalata: ~ # getent passwd buzz: x: 1001: 1001: Buzz Debian Woyamba OS ,,,: / home / buzz: / bin / bash Mapazi: x: 10000: 10000: Akumenya El Rey: / home / strides: / bin / bash malembedwe: x: 10001: 10000: Legolas Archer: / home / legolas: / bin / bash gandalf: x: 10002: 10000: Gandalf Wamatsenga: / kunyumba / gandalf: / bin / bash bilbo: x: 10003: 10000: bilbo: / home / bilbo: / bin / bash
Pambuyo pa kusintha kwa kutsimikizika kwa dongosololi, ndikofunikira kuyambiranso seva ngati sitikuyang'anizana ndi ntchito yovuta:
root @ mail: ~ # kuyambiransoko
Pambuyo pake timayamba gawo lapa seva makalata.swl.fan ndi mbiri ya wogwiritsa ntchito yosungidwa mu nkhokwe ya LDAP ya alireza. Titha kuyesa kuyesa kulowa kudzera pa SSH.
buzz @ sysadmin: ~ $ ssh gandalf @ makalata chinsinsi cha gandalf @ mail: Kupanga chikwatu '/ home / gandalf'. Mapulogalamuwa ophatikizidwa ndi dongosolo la Debian GNU / Linux ndi mapulogalamu aulere; magawidwe enieni a pulogalamu iliyonse amafotokozedwa mu fayilo iliyonse mu / usr / share / doc / * / copyright. Debian GNU / Linux imabwera ndi ABSOLUTELY NO WARRANTY, mpaka pamlingo wovomerezeka ndi lamulo logwira ntchito. gandalf @ makalata: ~ $ su Contraseña: root @ mail: / home / gandalf # gulu lolowera buzz: x: 1001: ogwiritsa: *: 10000: root @ mail: / home / gandalf # kutuluka Potulukira gandalf @ makalata: ~ $ ls -l / nyumba / Chiwerengero cha 8 drwxr-xr-x 2 mphekesera 4096 Jun 17 12:25 buzz drwx ------ 2 ogwiritsa gandalf 4096 Jun 17 13:05 kuwonongeka
Directory Service ikugwiritsidwa ntchito pa seva ndi kasitomala, imagwira ntchito molondola.
Kerberos
Kuchokera ku Wikipedia:
- Kerberos ndi pulogalamu yotsimikizira makompyuta yomwe idapangidwa ndi MIT zomwe zimalola makompyuta awiri pa netiweki yosavomerezeka kuti atsimikizire kuti ndi otani. Okonza ake adangoyang'ana pa kasitomala-seva, ndipo imatsimikizirana: onse kasitomala ndi seva amatsimikizira kuti ndi ndani. Mauthenga ovomerezeka amatetezedwa kuti ateteze kutchera khutu y kubwereza ziwonetsero.
Kerberos imakhazikitsidwa ndi makina ofotokozera ofunikira ndipo amafunikira wina wodalirika. Kuphatikiza apo, pali zowonjezera ku protocol kuti athe kugwiritsa ntchito asymmetric key cryptography.
Kerberos idakhazikitsidwa ndi Pulogalamu ya Needham-Schroeder. Imagwiritsa ntchito munthu wina wodalirika, wotchedwa "Key Distribution Center" (KDC), yomwe ili ndi magawo awiri osiyana: "Authentication Server" (AS kapena Authentication Server) ndi «tikiti yotulutsa seva» (TGS kapena Tikiti Yothandizira Tiketi). Kerberos imagwira ntchito potengera "matikiti", omwe amatsimikizira kuti ogwiritsa ntchito ndi ndani.
Kerberos ali ndi nkhokwe yachinsinsi yamakiyi achinsinsi; Gulu lirilonse pa netiweki - kaya ndi kasitomala kapena seva - imagawana chinsinsi chachinsinsi chomwe chimadziwika ndi iye yekha ndi Kerberos. Kudziwa kiyi iyi kumatsimikizira kuti bungwe ndi ndani. Poyankhulana pakati pa mabungwe awiriwa, Kerberos amapanga chinsinsi cha gawo, chomwe angagwiritse ntchito kuthana ndi mavuto awo.
Zoyipa za Kerberos
De Zapulumutsidwa:
Ngakhale Kerberos imachotsa chiwopsezo chachitetezo, chimakhala chovuta kuyika pazifukwa zosiyanasiyana:
- Kusuntha mapasipoti achinsinsi kuchokera pazosungidwa zachinsinsi Ubix, monga / etc / passwd kapena / etc / shadow, ku nkhokwe yachinsinsi ya Kerberos, imatha kukhala yotopetsa ndipo palibe njira yofulumira yochitira ntchitoyi.
- Kerberos amaganiza kuti wogwiritsa ntchito aliyense ndi wodalirika, koma akugwiritsa ntchito makina osadalirika pamaneti osadalirika. Cholinga chake chachikulu ndikuletsa mapasiwedi osasungidwa kuti asatumizidwe pa netiweki. Komabe, ngati wogwiritsa ntchito wina aliyense, kupatula wogwiritsa ntchito woyenera, atha kugwiritsa ntchito makina okhathamira (KDC) kuti atsimikizidwe, Kerberos akhoza kukhala pachiwopsezo.
- Kuti mugwiritse ntchito Kerberos, nambala yake iyenera kusinthidwa kuti izitha kuyimba foni ku malaibulale a Kerberos. Mapulogalamu omwe amasinthidwa mwanjira iyi amawerengedwa kuti ndi ochepa. Kwa mapulogalamu ena, iyi ikhoza kukhala kuyeserera kopitilira muyeso, chifukwa cha kukula kwa pulogalamuyo kapena kapangidwe kake. Pazinthu zina zomwe sizigwirizana, kusintha kuyenera kuchitidwa momwe makina olumikizirana ndi netiweki amalumikizirana; Apanso, izi zitha kutenga mapulogalamu ochepa. Mwambiri, mapulogalamu otsekedwa omwe alibe thandizo la Kerberos nthawi zambiri amakhala ovuta kwambiri.
- Pomaliza, ngati mungaganize zogwiritsa ntchito Kerberos pa netiweki yanu, muyenera kuzindikira kuti ndizosankha zonse. Ngati mungaganize zogwiritsa ntchito Kerberos pa netiweki yanu, muyenera kukumbukira kuti ngati mapasipoti aliwonse atumizidwa ku ntchito yomwe sikugwiritsa ntchito Kerberos kutsimikizira, mumakhala pachiwopsezo kuti paketiyo itha kulandidwa. Chifukwa chake, netiweki yanu sipindula chilichonse pogwiritsa ntchito Kerberos. Kuti muteteze netiweki yanu ndi Kerberos, muyenera kungogwiritsa ntchito mitundu yofananira yamakasitomala / seva yomwe imatumiza mapasiwedi osalemba kapena osagwiritsa ntchito pulogalamuyi pa netiweki.
Kukhazikitsa ndi kukonza OpenLDAP ngati Kerberos Back-End sichinthu chophweka. Komabe, mtsogolomo tiwona kuti Samba 4 Active Directory - Domain Controller iphatikizika m'njira yoonekera kwa Sysadmin, seva ya DNS, Microsoft Network ndi Domain Controller, seva ya LDAP ngati Kubwerera Kwazinthu zake zonse, ndi ntchito yotsimikizika yochokera ku Kerberos ndizofunikira kwambiri pa Microsoft Directory ya Active Directory.
Mpaka pano sitinafunikire kukhazikitsa "Kerberized Network". Ichi ndichifukwa chake sitinalembe za momwe tingagwiritsire ntchito Kerberos.
Samba 4 Active Directory - Domain Controller
Zofunika:
Palibe zolembedwa zabwino kuposa tsambalo wiki.samba.org. A Sysadmin omwe amadzilemekeza akuyenera kuyendera tsambalo - mu Chingerezi- ndikuwunika masamba ambiri operekedwa kwathunthu ku Samba 4, lolembedwa ndi Team Samba iyemwini. Sindikukhulupirira kuti pali zolembedwa zomwe zimapezeka pa intaneti kuti zibwezere. Mwa njira, onaninso kuchuluka kwa maulendo omwe amapezeka kumapeto kwa tsamba lililonse. Chitsanzo cha izi ndikuti tsamba lanu lalikulu kapena «Tsamba Lalikulu» adayendera 276,183 nthawi mpaka lero Juni 20, 2017 nthawi ya 10:10 am Nthawi Yakum'mawa. Kuphatikiza apo, zolembedwazo zimasungidwa kwambiri, popeza tsambalo lidasinthidwa pa Juni 6.
Kuchokera ku Wikipedia:
Samba ndikukhazikitsa kwaulere kwa Microsoft Windows File Sharing Protocol (yomwe kale inkatchedwa SMB, yotchedwa CIFS posachedwa) yamachitidwe ngati UNIX. Mwanjira imeneyi, ndizotheka kuti makompyuta omwe ali ndi GNU / Linux, Mac OS X kapena Unix ambiri amawoneka ngati ma seva kapena amakhala makasitomala pamakompyuta a Windows. Samba imaperekanso mwayi kwa ogwiritsa ntchito kutsimikizira ngati Primary Domain Controller (PDC), ngati membala wa domain komanso ngati Active Directory domain ya Windows-based network; Kupatula kutha kukhala ndi mizere yosindikiza, mayendedwe omwe agawidwa ndikuwatsimikizira ndi zosunga zanu.
Mwa machitidwe ngati Unix omwe Samba angayendetsedwe ndi magawo a GNU / Linux, Solaris ndi mitundu ina ya BSD pakati pa kuti titha kupeza Mac OS X Server ya Apple.
Samba 4 AD-DC ndi DNS Yake Yamkati
- Timayambira pakukhazikitsa koyera - popanda mawonekedwe owonekera- a Debian 8 "Jessie".
Macheke koyamba
root @ master: ~ # dzina la alendo
mbuye
muzu @ master: ~ # dzina la alendo --fqdn
alireza
muzu @ master: ~ # ip addr
1: chiyani: munthu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1 inet 8/6 scope host lo valid_lft forever preferred_lft forever inet1 :: 128/2 kuchuluka kovomerezeka valid_lft kwamuyaya amakonda_lft kwamuyaya 0: eth1500: munthu 1000 qdisc pfifo_fast state UNKNOWN group default qlen 00 link / ether 0: 29c: 80: 3: 3b: XNUMXf brd ff: ff: ff: ff: ff: ff
inet 192.168.10.5/24 brd 192.168.10.255 kuchuluka kwa eth0
valid_lft kosakondedwa kosatha_lft kwamuyaya inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 chiyanjano cholumikizira valid_lft kwamuyaya amakonda_lft kwanthawizonse
muzu @ master: ~ # paka /etc/resolv.conf
fufuzani swl.fan nameserver 127.0.0.1
- Umene timalengeza nthambi waukulu kokha, ndizokwanira zokwanira pazolinga zathu.
root @ master: ~ # paka /etc/apt/source.list deb http://192.168.10.1/repos/jessie-8.6/debian/ jessie waukulu deb http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / zosintha waukulu
Postfix ndi Exim ndi zofunikira
root @ master: ~ # aptitude kukhazikitsa postfix htop mc deborphan ┌────────────────────────┤ Kusintha kwa Postfix ├───────────────────── │ │ Sankhani mtundu wa kasinthidwe ka seva yamakalata yomwe ikugwirizana ndi zosowa zanu za │ │. │ │ │ │ Palibe kasinthidwe: │ │ Amasunga kasinthidwe kamakono kosasintha. Site site Tsamba laintaneti: │ │ Imelo imatumizidwa ndikulandilidwa mwachindunji pogwiritsa ntchito SMTP. │ │ Intaneti yokhala ndi "smarthost": │ │ Imelo imalandiridwa mwachindunji pogwiritsa ntchito SMTP kapena pogwiritsa ntchito chida cha │ like monga "fetchmail". Makalata omwe akutumizidwa amatumizidwa pogwiritsa ntchito │ │ a "smarthost". Mail mail Makalata am'deralo okha: │ │ Makalata omwe amatumizidwa ndi aomwe akugwiritsa ntchito komweko. Ayi │ │ pali netiweki. │ │ │ │ Mtundu wosinthira makalata: │ │ │ │ Palibe kasinthidwe │ │ Intaneti │ │ Intaneti yokhala ndi "smarthost" │ │ Satellite system system │ Makalata am'deralo okha │ │ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌──────────────────── ┌──────────────────── ─────┤ Postfix Configuration ├─────────────────────────┐ │ "Dzinalo lamakina" ndi dzina la domain yomwe │ │ amagwiritsidwa ntchito kuti "ayenerere" _ALL_ maimelo opanda dzina. Izi zikuphatikiza makalata opita ndi "mizu" ndikuchokera: chonde osapanga │ │ makina anu azitumiza maimelo kuchokera muzu@example.org mpaka │ │ zosakwana muzu@example.org anafunsa. Mapulogalamu ena adzagwiritsa ntchito dzinali. Iyenera kukhala dzina lodziwika bwino la │ │ domain (FQDN). │ │ │ │ Chifukwa chake, ngati imelo pa makina akomweko ndi │ │ china@example.org, kufunika kolondola pa njirayi kudzakhala example.org. │ │ │ │ Dzinalo lamakalata: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ─────────────────────────────┘
Timatsuka
muzu @ master: ~ # aptitude purge ~ c root @ master: ~ # aptitude kukhazikitsa -f root @ master: ~ # aptitude yoyera root @ master: ~ # aptitude autoclean
Timayika zofunikira kuti tipeze Samba 4 ndi phukusi zina zofunika
root @ master: ~ # aptitude kukhazikitsa acl attr autoconf bison \
zomangamanga zofunikira dnsutils docbook-xml docbook-xsl flex gdb \
krb5-wosuta libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
zojambulidwa-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl\
libpopt-dev libreadline-dev perl perl-module pkg-config \
Momwe mungakhalire python-dev python-dev python-dnspython python-crypto
xsltproc zlib1g-dev libgpgme11-dev python-gpgme python-m2crypto
ziphuphu28-dbg gnutls-dev ldap-zida krb5-config
Ig Kukhazikitsa kutsimikizika kwa Kerberos │ users Ogwiritsa ntchito akafuna kugwiritsa ntchito Kerberos ndikutchula dzina │ │ wamkulu kapena wogwiritsa ntchito osafotokozera komwe oyang'anira Kerberos amayang'anira │ │, dongosololi limayamba kusankhidwa. Malo osasinthika atha kugwiritsidwanso ntchito ngati gawo la ntchito ya Kerberos yomwe ikugwiritsidwa ntchito pamakina am'deralo. Ically, Nthawi zambiri, malo osasinthika ndi dzina lalikulu la domain ya DNS │ │. │ │ │ │ Malo osasinthika a Kerberos mtundu 5: │ │ │ │ SWL.FAN ______________________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌───────────────┤ ┌───────────────┤ Kukhazikitsa kutsimikizira Kerberos │ │ Lowani mayina amaseva a Kerberos mu SWL.FAN gawo la │ │ Kerberos, olekanitsidwa ndi malo. │ │ │ │ Mapulogalamu amtundu wa Kerberos kudera lanu: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └──────────────────────────────────────────────. Chimango ┌───────────────┤ Kusintha kutsimikizika Kerberos │ │ Lowetsani dzina loyang'anira seva (kusintha mawu achinsinsi) │ │ kwa gawo la Kerberos SWL.FAN.
Njira yomwe tatchulayi idatenga kanthawi chifukwa tiribe ntchito ya DNS yomwe idayikidwabe. Komabe, mudasankha malowa molondola ndi mafayilo osintha / etc / makamu. Kumbukirani kuti mu fayilo /etc/resolv.conf tanena ngati dzina lapa seva ku IP 127.0.0.1.
Tsopano tikusintha fayilo ya / etc / ldap / ldap / conf
mizu @ master: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = wokonda URI ldap: //master.swl.fan
Pamafunso ogwiritsa ntchito lamulo chiwo zopangidwa kuchokera kwa ogwiritsa ntchito muzu ndizo mtunduwo kusoweka -x -W cn = xxxx, tiyenera kupanga fayilo / mizu / .ldapsearc ndi izi:
muzu @ master: ~ # nano .ldaprc BINDDN CN = Woyang'anira, CN = Ogwiritsa, DC = swl, DC = fan
Fayiloyi iyenera kuthandizira ACL - Access Control List
muzu @ master: ~ # nano / etc / fstab # / etc / fstab: zidziwitso zamtundu wa mafayilo. # # Gwiritsani ntchito 'blkid' kuti musindikize chizindikiritso chapadera cha # chipangizo; izi zitha kugwiritsidwa ntchito ndi UUID = ngati njira yolimba yotchulira zida # zomwe zimagwira ngakhale ma disks awonjezeredwa ndikuchotsedwa. Onani fstab (5). # # # / anali pa / dev / sda1 panthawi yoyika UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 user_xattr, acl, chotchinga = 1, nthawi yachisanu, zolakwika = remount-ro 0 1 # kusinthana kunali / dev / sda5 panthawi yoyika UUID = cb73228a-615d-4804-9877-3ec225e3ae32 palibe chosinthana ndi 0 0 / dev / sr0 / media / cdrom0 udf, wosuta wa iso9660, noauto 0 0 root @ master: ~ # phiri -a root @ master: ~ # kukhudza kuyesa_acl.txt root @ master: ~ # setfattr -n user.test -v test test_acl.txt root @ master: ~ # setfattr -n security.test -v test2 kuyesa_acl.txt root @ master: ~ # getfattr -d kuyesa_acl.txt # fayilo: test_acl.txt user.test = "test" root @ master: ~ # getfattr -n security.test -d kuyesa_acl.txt # fayilo: test_acl.txt security.test = "test2" root @ master: ~ # setfacl -mg: adm: rwx kuyesa_acl.txt root @ master: ~ # getfacl kuyesa_acl.txt # fayilo: kuyesa_acl.txt # eni: mizu # gulu: ogwiritsa ntchito :: rw- gulu :: r-- gulu: adm: rwx mask :: rwx other :: r--
Timapeza gwero la Samba 4, timalilemba, ndikuliyika
Tikulimbikitsidwa kutsitsa fayilo yoyambira mtunduwo Khola kuchokera kutsambali https://www.samba.org/. Mu chitsanzo chathu timatsitsa mtunduwo samba-4.5.1.tar.gz kulowera chikwatu / opt.
muzu @ master: ~ # cd / opt
root @ master: / opt # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
root @ master: / opt # tar xvfz samba-4.5.1.tar.gz
root @ master: / opt # cd samba-4.5.1 /
Zosintha
Ngati tikufuna kusintha momwe mungasinthire, timachita:
mizu @ master: /opt/samba-4.5.1# ./configure --help
ndipo sankhani mosamala zomwe tikufuna. Ndibwino kuti muwone ngati phukusi lomwe mwatsitsa likhoza kukhazikitsidwa pamagawidwe a Linux omwe tikugwiritsa ntchito, omwe ndi Debian 8.6 Jessie:
mizu @ master: /opt/samba-4.5.1# ./configure kusokoneza
Timasintha, Kuphatikiza ndikuyika samba-4.5.1
- Kuyambira pazomwe zidakhazikitsidwa kale ndi mafayilo 8604 (omwe amapanga compact samba-4.5.1.tar.gz) omwe amalemera pafupifupi ma megabyte 101.7 kuphatikiza mafoda a source3 ndi source4 omwe amalemera pafupifupi ma megabytes 61.1 - tidzapeza cholowa m'malo kalembedwe ka Microsoft ka Active Directory, kakhalidwe kabwino ndi kukhazikika kovomerezeka kuposa malo aliwonse opanga. Tiyenera kuwunikira ntchito ya Team Samba popereka Free Software Samba 4.
Malamulo m'munsimu ndi achikale polemba ndikukhazikitsa phukusi kuchokera kuzinthu zawo. Tiyenera kukhala oleza mtima pamene ntchito yonseyi ikutenga. Ndi njira yokhayo yopezera zotsatira zolondola.
mizu @ master: /opt/samba-4.5.1# ./configure -with-systemd Makapu olimba mizu @ master: /opt/samba-4.5.1# kupanga mizu @ master: /opt/samba-4.5.1# pangani kukhazikitsa
Pakulamula kupanga, Titha kuwona kuti magwero a Samba 3 ndi Samba 4. Ndicho chifukwa chake Team Samba ikutsimikizira kuti mtundu wake wachinayi ndiwosintha mtundu wa 4, onse a Domain Controllers kutengera Samba 3 + OpenLDAP, ndi ma seva opangira mafayilo, kapena achikulire mitundu ya Samba 3.
Kupereka Samba
Tidzagwiritsa ntchito ngati DNS the SAMBA_INTERNAL. En https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End tidzapeza zambiri. Akatifunsa mawu achinsinsi a wogwiritsa ntchito Administrator, tiyenera kulemba chimodzi mwazitali za zilembo zisanu ndi zitatu komanso, ndi zilembo - zazikulu ndi zazing'ono - ndi manambala.
Tisanapitilize ndikuperekako ndikupangitsa kuti moyo ukhale wosavuta, timawonjezera njira a zomwe Samba amachita mu fayilo yathu .bashrcKenako timatseka ndikulowanso.
muzu @ master: ~ # nano .bashrc
# ~ / .bashrc: yophedwa ndi bash (1) yama zipolopolo zosalowa. # Dziwani: PS1 ndi umask zakhazikitsidwa kale mu / etc / profile. Simuyenera # kufuna izi pokhapokha ngati mukufuna zolakwika zosiyanasiyana pazu. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # Mutha kuyimitsa mizere yotsatirayi ngati mukufuna kuti `ls 'ipangidwe utoto: # kutumiza LS_OPTIONS =' - mtundu = auto '# eval "" dircolors "" # alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # Zowonjezera zina kuti tipewe kulakwitsa : # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
lembani -x PATH = "/ usr / loc / sbin: / usr / loc / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / local / samba / bin "
root @ master: ~ # kuchoka logout Kulumikizana kwa master kutsekedwa. xeon @ sysadmin: ~ $ ssh muzu @ master
root @ master: ~ # samba-tool domain domain --use-rfc2307 --intchito
Dera [SWL.FAN]: ZOKHUDZA
Mzinda [SWL]: SWL
Udindo wa Seva (dc, membala, woyimilira) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, PALIBE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
DNS adilesi yakutumiza IP (lembani 'palibe' kuti mulepheretse kutumiza) [192.168.10.5]: 8.8.8.8
Chinsinsi cha woyang'anira: Mawu Achinsinsi2017
Lembaninso mawu achinsinsi: Mawu Achinsinsi2017
Kuyang'ana ma adilesi a IPv4 Kuyang'ana ma adilesi a IPv6 Palibe adilesi ya IPv6 yomwe ipatsidwe Kukhazikitsa share.ldb Kukhazikitsa zinsinsi.ldb Kukhazikitsa kaundula Kukhazikitsa nkhokwe zachidziwitso Kukhazikitsa idmap db Kukhazikitsa SAM db Kukhazikitsa magawo a sam.ldb Kukhazikitsa up sam.ldb rootDSE Kuyambitsanso Shema 4 ndi AD schema Powonjezera DomainDN: DC = swl, DC = fan Kuwonjezera chidebe chokhazikitsira Kukhazikitsa sam.ldb schema Kukhazikitsa sam.ldb kasinthidwe data Kukhazikitsa zowonetsa Kusintha Kusintha kwa ziwonetsero Zowonjezera ogwiritsa ntchito chidebe Kusintha chidebe cha ogwiritsa Powonjezera chidebe cha makompyuta Kusintha chidebe cha makompyuta Kukhazikitsa data ya sam.ldb Kukhazikitsa atsogoleri odziwika bwino achitetezo Kukhazikitsa ogwiritsa ntchito sam.ldb ndi magulu Kukhazikitsa magulu awoawo Kuphatikiza maakaunti a DNS Kupanga CN = MicrosoftDNS, CN = System, DC = swl, DC = fan yokonza magawo a DomainDnsZones ndi ForestDnsZones Populating DomainDnsZones ndi ForestDnsZones Kukhazikitsa sam.ldb rootDSE chodetsa ngati cholumikizira Kukonzekera ma GUIDKukhazikitsa kwa Kerberos koyenera Samba 4 kwapangidwa pa /usr/local/samba/private/krb5.conf Kukhazikitsa zosintha zabodza yp seva Mukangoyika mafayilo pamwambapa, seva yanu ya Samba4 idzakhala yokonzeka kugwiritsa ntchito Server Role: active directory domain wolamulira Hostname: master NetBIOS Domain: SWL DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556
Tisaiwale kutengera fayilo yosintha ya Kerberos monga akuwonetsera ndi zotsatira za Kupereka:
mizu @ master: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Kuti musayimbe lamulolo samba-chida ndi dzina lanu lonse, timapanga ulalo wophiphiritsa ndi dzina lalifupi chida:
root @ master: ~ # ln -s / usr / loc / samba / bin / samba-chida / usr / loc / samba / bin / chida
Timakhazikitsa NTP
Gawo lofunikira mu Directory Yogwira Ntchito ndi Network Time Service.Pomwe kutsimikizika kumachitika kudzera ku Kerberos ndi Matikiti ake, kulumikizana kwa nthawiyo ndi Samba 4 AD-DC ndikofunikira.
root @ master: ~ # aptitude kukhazikitsa ntp muzu @ master: ~ # mv /etc/ntp.conf /etc/ntp.conf.original mizu @ master: ~ # nano /etc/ntp.conf driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd statistics ziwombankhanga zozungulira mawotchi a filegen loopstats file loopstats mtundu tsiku lolani filegen peerstats file peerstats mtundu tsiku lololeza ma filegenstats file mawotchi mawotchi tsiku lotha kulola seva 192.168.10.1. root @ master: ~ # service ntp kuyambiranso root @ master: ~ # service ntp udindo root @ master: ~ # mchira -f / var / log / syslog
Ngati mukufufuza syslog pogwiritsa ntchito lamulo pamwambapa kapena kugwiritsa ntchito nyuzipepala -f timalandira uthengawu:
Jun 19 12:13:21 master ntpd_intres [1498]: kholo lidamwalira tisanamalize, kutuluka
tiyenera kuyambitsanso ntchitoyo ndikuyesanso. Tsopano timapanga chikwatu ntp_signd:
mizu @ master: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
ls: / usr / local / samba / var / lib / ntp_signd sangapezeke: Fayilo kapena chikwatu palibe
mizu @ master: ~ # mkdir / usr / local / samba / var / lib / ntp_signd
root @ master: ~ # mizu yoyikidwa: ntp / usr / local / samba / var / lib / ntp_signd /
mizu @ master: ~ # chmod 750 / usr / local / samba / var / lib / ntp_signd / root @ master: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /
# Monga tafunsira samba.wiki.org
mizu @ master: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
drwxr-x --- 2 mizu ntp 4096 Jun 19 12: 21 / usr / loc / samba / var / lib / ntp_signd
Timakonza Samba kuyamba kugwiritsa ntchito systemd
root @ master: ~ # nano /lib/systemd/system/samba-ad-dc.service [Service] Type = forking PIDFile = / usr / local / samba / var / run / samba.pid LimitNOFILE = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / kupha -HUP $ MAINPID [Sakani] WantedBy = multi-user.target root @ master: ~ # systemctl amuthandize samba-ad-dc root @ master: ~ # kuyambiransoko root @ master: ~ # systemctl udindo samba-ad-dc root @ master: ~ # systemctl udindo ntp
Samba 4 AD-DC malo amalo
ZONSE -kuchotsa samba-ad-dc.service- mafayilo ali mu:
mizu @ master: ~ # ls -l / usr / loc / samba / okwanira 32 drwxr-sr-x 2 mizu antchito 4096 Jun 19 11:55 ndine drwxr-sr-x 2 mizu antchito 4096 Jun 19 11: 50 etc drwxr-sr-x 7 mizu antchito 4096 Jun 19 11: 30 onjezerani drwxr-sr-x 15 mizu antchito 4096 Jun 19 11:33 lib drwxr-sr-x 7 mizu antchito 4096 Jun 19 12: 40 paokha drwxr-sr-x 2 mizu antchito 4096 Jun 19 11: 33 sbin drwxr-sr-x 5 mizu antchito 4096 Jun 19 11: 33 gawo drwxr-sr-x 8 mizu antchito 4096 Jun 19 12: 28 var
m'njira yabwino kwambiri ya UNIX. Ndikofunika nthawi zonse kusakatula mumafoda osiyanasiyana ndikuwunika zomwe zili.
/Usr/local/samba/etc/smb.conf fayilo
mizu @ master: ~ # nano /usr/local/samba/etc/smb.conf # Global parameter [padziko lonse] netbios name = MASTER realm = SWL.FAN workgroup = SWL dns forwarder = ntchito za seva 8.8.8.8 = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns server role = yogwira ntchito yolamulira mayendedwe olola dns zosintha = zotetezeka zokha idmap_ldb: gwiritsani ntchito rfc2307 = inde idmap config *: backend = tdb idmap config *: range = 1000000-1999999 ldap server imafuna auth strong = palibe dzina la printcap = / dev / null [netlogon] path = / usr/local/samba/var/locks/sysvol/swl.fan/script kuwerenga kokha = Ayi [sysvol] path = / usr / local / samba / var / maloko / sysvol werengani okha = Ayi root @ master: ~ # testparm Tengerani mafayilo a smb config kuchokera /usr/local/samba/etc/smb.conf Gawo loyeserera "[netlogon]" Gawo losinthira "[sysvol]" Fayilo yothandizidwa ili bwino. Udindo wa seva: ROLE_ACTIVE_DIRECTORY_DC Dinani kulowa kuti muwone dambo la matanthauzidwe antchito anu # Global parameter [global] realm = SWL.FAN gulu logwirira ntchito = SWL dns forwarder = 192.168.10.1 ldap server imafuna auth yamphamvu = Palibe passdb backend = samba_dsdb server role = chikwatu chogwira ntchito woyang'anira ankalamulira rpc_server: tcpip = palibe rpc_daemon: ophatikizidwa rpc_server: spoolss = ophatikizidwa rpc_server: winreg = ophatikizidwa rpc_server: ntsvcs = ophatikizidwa rpc_server: eventlog = ophatikizidwa rpc_server = srvtvrrrrvtrrrr : mapaipi akunja = zowona idmap config *: range = 1000000-1999999 idmap_ldb: gwiritsani ntchito rfc2307 = inde idmap config *: backend = tdb map archive = Palibe mapu readonly = palibe malo ogulitsa sitolo = Inde vfs objects = dfs_samba4 acl_xattr [netlogon] path = / usr / local / samba / var / maloko / sysvol / swl.fan / zolembedwa zowerengeka zokha = Palibe [sysvol] path = / usr / local / samba / var / maloko / sysvol kuwerenga kokha = Ayi
Macheke ochepa
root @ master: ~ # chida chazomwe akuwonetsera Dera ndi nkhalango zogwirira ntchito pamizinda 'DC = swl, DC = fan' Mulingo wa nkhalango: (Windows) 2008 R2 Mulingo wa ntchito: (Windows) 2008 R2 Mulingo wotsika kwambiri wa DC: (Windows) 2008 R2 mizu @ master: ~ # ldapsearch -x -W root @ master: ~ # chida dbcheck Kuyang'ana zinthu 262 Kufufuza zinthu 262 (zolakwika 0) root @ master: ~ # kinit Woyang'anira Chinsinsi cha Woyang'anira@SWL.FAN: mizu @ master: ~ # klist -f Zosungira tikiti: FILE: / tmp / krb5cc_0 Kusintha koyambirira: Woyang'anira@SWL.FAN Kuyamba Kutsiriza Kutha Ntchito yayikulu pa 19/06/17 12:53:24 19/06/17 22:53:24 krbtgt/SWL.FAN@SWL.FAN pangani mpaka 20/06/17 12:53:18 PM, Mbendera: RIA muzu @ master: ~ # kdestroy mizu @ master: ~ # klist -f klist: Fayilo yosungira posungira '/ tmp / krb5cc_0' sinapezeke mizu @ master: ~ # smbclient -L localhost -U% Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Utumiki (Samba 4.5.1) Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Ndemanga ya Seva --------- ------- Master Master Group ---- ----- ------- muzu @ master: ~ # smbclient // localhost / netlogon -UAdministrator -c 'ls' Lowetsani mawu achinsinsi a Woyang'anira: Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 mabuloko a kukula 1024. 16198044 mabulogu omwe akupezeka root @ master: ~ # chida dns serverinfo master -U woyang'anira root @ master: ~ # wolandila -t SRV _ldap._tcp.swl.fan _ldap._tcp.swl.fan ili ndi mbiri ya SRV 0 100 389 master.swl.fan. root @ master: ~ # wolandila -t SRV _kerberos._udp.swl.fan _kerberos._udp.swl.fan ili ndi mbiri ya SRV 0 100 88 master.swl.fan. root @ master: ~ # wolandila -t A master.swl.fan master.swl.fan ili ndi adilesi 192.168.10.5 root @ master: ~ # wolandila -t SOA swl.fan swl.fan ili ndi mbiri ya SOA master.swl.fan. alirezatalischi.swl.fan. 1 900 600 86400 3600 root @ master: ~ # wolandila -t NS swl.fan swl.fan dzina seva master.swl.fan. root @ master: ~ # wolandila -t MX swl.fan swl.fan ilibe mbiri ya MX muzu @ master: ~ # samba_dnsupdate --verbose root @ master: ~ # chida chogwiritsa ntchito Woyang'anira krbtgt Mlendo root @ master: ~ # mndandanda wazida zamagulu # Zotsatira zake ndi gulu lamagulu. ;-)
Timayang'anira Samba 4 AD-DC yatsopano
Ngati tikufuna kusintha kutha masiku a password ya Administrator; kuvuta kwa mapasiwedi; kutalika kwachinsinsi kwachinsinsi; osachepera komanso kutalika kwake - m'masiku- achinsinsi; ndikusintha mawu achinsinsi a Administrator omwe adalengezedwa pa Kupereka, tiyenera kutsatira malamulo awa ndi miyezo yosinthidwa mogwirizana ndi zosowa zanu:
root @ master: ~ # chida
Ntchito: samba-tool Chida chachikulu choyang'anira samba. Zosankha: -h, --help onetsani uthengawu ndikutuluka Zosintha Zamtundu: -V, --version Sonyezani nambala yamtundu womwe ungapezeke ma subcommands: dbcheck - Fufuzani nkhokwe ya AD yakomweko ngati muli ndi zolakwika. nthumwi - kasamalidwe ka nthumwi. dns - Domain Name Service Service (DNS) kasamalidwe. ankalamulira - Domain kasamalidwe. drs - kasamalidwe ka Directory Replication Services (DRS). dsacl - DS ACLs kusokoneza. fsmo - Flexible Single Master Operations (FSMO) kasamalidwe kaudindo. gpo - Gulu la Policy Policy Object (GPO). gulu - Gulu lotsogolera. ldapcmp - Yerekezerani ndi magawo awiri a ldap. Ntacl - NT ACLs kusokoneza. njira - Lembani njira (zothandizira kukonza zolakwika pamakina opanda setproctitle). rodc - Read-Only Domain Controller (RODC) kasamalidwe. masamba - Kuwongolera masamba. spn - Kuwongolera kwa Principal Name (SPN). testparm - Syntax yang'anani fayilo yosinthira. nthawi - Pezani nthawi pa seva. wosuta - Wogwiritsa ntchito. Kuti mumve zambiri pa subcommand, chonde lembani: samba-tool (-h | --help)
root @ master: ~ # chida chogwiritsa ntchito setexpiry Administrator --noexpiry
root @ master: ~ # chida chogwiritsa ntchito passwordsetset --min-pwd-kutalika = 7
root @ master: ~ # chida chogwiritsa ntchito passwordsetset --min-pwd-age = 0
root @ master: ~ # chida chogwiritsa ntchito passwordsetset -max-pwd-age = 60
root @ master: ~ # chida chogwiritsa ntchito mawu osasinthika --filter = samaccountname = Woyang'anira --newpassword = Passw0rD
Timaphatikizapo zolemba zingapo za DNS
root @ master: ~ # chida dns
Ntchito: samba-chida dns Domain Name Service (DNS) kasamalidwe. Zosankha: -h, --help onetsani uthengawu ndikutuluka ma subcommands omwe akupezeka: onjezani - Onjezani mbiri ya DNS chotsani - Chotsani funso la DNS - Funsani dzina. roothints - Malangizo a mizu ya funso. serverinfo - Kufunsa zambiri za Seva. pomwe - Sinthani rekodi ya DNScreate - Pangani zone. zonedelete - Chotsani zones. zoneinfo - Kufunsa zambiri zamdera. wokonda madera - Kufunsa magawo. Kuti mumve zambiri pa subcommand, chonde lembani: samba-tool dns (-h | --help)
Seva yamakalata
root @ master: ~ # chida dns kuwonjezera master swl.fan makalata A 192.168.10.9 -U woyang'anira root @ master: ~ # chida dns kuwonjezera master swl.fan swl.fan MX "mail.swl.fan 10" -U woyang'anira
Fixed IP yamaseva ena
root @ master: ~ # chida cha dns kuwonjezera master swl.fan sysadmin A 192.168.10.1 -U woyang'anira root @ master: ~ # tool dns onjezerani master swl.fan fileserver A 192.168.10.10 -U woyang'anira root @ master: ~ # tool dns onjezerani prox master swl.fan A 192.168.10.11 -U woyang'anira root @ master: ~ # tool dns onjezani chat swl.fan chat A 192.168.10.12 -U woyang'anira
Malo Obwerera
root @ master: ~ # chida dns zonecreate master 10.168.192.in-addr.arpa -U woyang'anira Chinsinsi cha [SWL \ administrator]: Zone 10.168.192.in-addr.arpa chidapangidwa bwino root @ master: ~ # chida dns kuwonjezera master 10.168.192.in-addr.arpa 5 PTR master.swl.fan. Woyang'anira root @ master: ~ # chida dns kuwonjezera master 10.168.192.in-addr.arpa 9 PTR mail.swl.fan. Woyang'anira root @ master: ~ # chida dns kuwonjezera master 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. Woyang'anira root @ master: ~ # chida cha dns kuwonjezera master 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. Woyang'anira root @ master: ~ # chida cha dns kuwonjezera master 10.168.192.in-addr.arpa 11 PTR proxy.swl.fan. Woyang'anira root @ master: ~ # chida dns kuwonjezera master 10.168.192.in-addr.arpa 12 PTR chat.swl.fan. Woyang'anira
Macheke
root @ master: ~ # chida dns funso master swl.fan imelo ZONSE -U woyang'anira Chinsinsi cha [SWL \ administrator]: Name =, Records = 1, Ana = 0 A: 192.168.10.9 (flags = f0, serial = 2, ttl = 900) root @ master: ~ # wokhala mbuye master.swl.fan ili ndi adilesi 192.168.10.5 root @ master: ~ # wolandila sysadmin sysadmin.swl.fan ili ndi adilesi 192.168.10.1 root @ master: ~ # makalata olandila mail.swl.fan ili ndi adilesi 192.168.10.9 root @ master: ~ # macheza ochezera chat.swl.fan ili ndi adilesi 192.168.10.12 root @ master: ~ # wothandizira proxy.swl.fan ili ndi adilesi 192.168.10.11 root @ master: ~ # wolandila fileserver fileserver.swl.fan ili ndi adilesi 192.168.10.10 root @ master: ~ # wolandila 192.168.10.1 1.10.168.192.in-addr.arpa dzina lapa pointer sysadmin.swl.fan. root @ master: ~ # wolandila 192.168.10.5 5.10.168.192.in-addr.arpa dzina lolozera pointer master.swl.fan. root @ master: ~ # wolandila 192.168.10.9 9.10.168.192.in-addr.arpa dzina lolozera pointer mail.swl.fan. root @ master: ~ # wolandila 192.168.10.10 10.10.168.192.in-addr.arpa dzina lolozera pointer fileserver.swl.fan. root @ master: ~ # wolandila 192.168.10.11 11.10.168.192.in-addr.arpa dzina lolozera proxy.swl.fan. root @ master: ~ # wolandila 192.168.10.12 12.10.168.192.in-addr.arpa dzina lapa pointer chat.swl.fan.
Kwa chidwi
mizu @ master: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/ DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | grep dn:
Timawonjezera ogwiritsa ntchito
root @ master: ~ # chida chogwiritsa ntchito
Kugwiritsa ntchito: samba-chida wosuta Kuwongolera ogwiritsa ntchito. Zosankha: -h, --help onetsani uthengawu ndikutuluka ma subcommands omwe alipo: onjezani - Pangani wosuta watsopano. pangani - Pangani watsopano. fufutani - Chotsani wosuta. Disable - Lemekezani wogwiritsa ntchito. yambitsani - Yambitsani wogwiritsa ntchito. getpassword - Pezani malo achinsinsi a akaunti ya wogwiritsa ntchito / kompyuta. mndandanda - Lembani ogwiritsa ntchito onse. mawu achinsinsi - Sinthani mawu achinsinsi pa akaunti yaogwiritsa (yomwe ili kutsimikizika). setexpiry - Khazikitsani kutha kwa akaunti yanu. setpassword - Khazikitsani kapena konzaninso mawu achinsinsi pa akaunti yaogwiritsa. syncpasswords - Gwirizanitsani mawu achinsinsi amaakaunti anu. Kuti mumve zambiri pa subcommand, chonde lembani: samba-chida wosuta (-h | --help)
root @ master: ~ # chida chogwiritsa ntchito trancos Trancos01
Wogwiritsa ntchito 'trancos' adapangidwa bwino
root @ master: ~ # chida wogwiritsa ntchito gandalf Gandalf01
Wogwiritsa ntchito 'gandalf' adapangidwa bwino
root @ master: ~ # chida chogwiritsa ntchito kupanga legolas Legolas01
Wogwiritsa ntchito 'legolas' adapangidwa bwino
root @ master: ~ # chida chogwiritsa ntchito
Woyang'anira gandalf legolas apita patsogolo mlendo wa krbtgt
Utsogoleri kudzera pazithunzi zojambula kapena kudzera pa kasitomala
Pitani pa wiki.samba.org kuti mumve zambiri za momwe mungayikitsire fayilo ya Microsoft RSAT o Zida Zoyang'anira Ma Seva Akutali. Ngati simukufuna mfundo zachikale zoperekedwa ndi Microsoft Active Directory, mutha kukhazikitsa phukusi ldap-account-woyang'anira yomwe imapereka mawonekedwe osavuta oyang'anira kudzera pa osatsegula.
Pulogalamu ya Microsoft Remote Server Administration Tools (RSAT) imaphatikizidwa pamakina ogwiritsa ntchito Windows Server.
Timalowa nawo mayina a kasitomala wa Windows 7 wotchedwa "seveni"
Popeza tilibe seva ya DHCP mu netiweki, chinthu choyamba chomwe tiyenera kuchita ndikukhazikitsa kirediti kadi kasitomala ndi IP yokhazikika, kulengeza kuti DNS yoyamba idzakhala IP ya samba-ad-dc, ndipo onetsetsani kuti njira "Lembetsani adilesi yolumikizidwa ku DNS" yatsegulidwa. Sizichita ulesi kuti dzina «Zisanu ndi ziwiri»Sanalembetsedwebe mu Samba Internal DNS.
Tikalumikizana ndi kompyutayo ndikuyamba kuyambiranso, tiyeni tiyese kulowa ndi wogwiritsa ntchito «kuyenda«. Tionetsetsa kuti zonse zikuyenda bwino. Ndikulimbikitsidwanso kuti muwone mitengo ya Windows Client ndikuwona momwe nthawi imagwirizanitsidwira bwino.
Oyang'anira omwe ali ndi mawonekedwe a Windows apeza kuti macheke aliwonse omwe amachita kwa kasitomala adzapereka zotsatira zabwino.
Chidule
Ndikukhulupirira kuti nkhaniyi ndi yothandiza kwa owerenga Gulu LakuLinux.
Bayi!
Ndemanga za 8, siyani anu
Nkhani yayitali koma yatsatanetsatane, sitepe ndi sitepe yabwino kwambiri yamomwe mungapangire chilichonse.
Ndikutsindika NIS, chowonadi ndichakuti ngakhale ndikudziwa za kukhalapo kwake, sindimadziwa momwe imagwirira ntchito, chifukwa kunena zowona nthawi zonse zimandipatsa lingaliro loti idamwalira pafupi ndi LDAP ndi Samba 4.
PS: Zikomo kwambiri pantchito yanu yatsopanoyi! Zachisoni kuti simupitiliza kulemba apa, koma pali malo oti mukutsatireni.
Maphunziro akulu nthawi zonse kwa omwe ndimawakonda, Moni Fico.
Tithokoze chifukwa cha ntchitoyi.
Gawo la NIS ndilabwino, ndikumvera chisoni Gonzalo Martinez, ndimadziwa mwachidule koma sindinadziwe momwe ndingagwiritsire ntchito komanso momwe amagwiritsidwira ntchito.
Zikomo kamodzi chifukwa cha "thunthu" lalikulu la nkhani zopeka komanso zothandiza.
Pomaliza kupambana kwatsopano mu projekiti yanu yatsopano «gigainside».
Zikomo kwambiri nonse chifukwa chofotokozera !!!.
zonse
smb.conf yomwe mumaphunzitsa ilibe ulalo ndi LDAP, zili ngati choncho mwadala kapena ndasiya china?
mussol: Iyi ndi Samba 4 Active Directory Domain Controler yomwe ili ndi seva yake ya LDAP yomangidwa kale.
Kodi mungayankhepo momwe mungagwirizanitsire mac (apulo) ku samba 4 AD-DC?
Zikomo inu.
Muli bwanji;
Zikomo chifukwa cha bukuli, ndizabwino. Ndili ndi funso lokhudza uthenga womwe ukuwoneka kwa ine.
muzu @ AD: ~ # nping -tcp -p 53 -c 3 ad.rjsolucionessac.com
Inalephera kuthetsa dzina la alendo / IP: ad.rjsolucionessac.com. Dziwani kuti simungagwiritse ntchito '/ mask' NDI '1-4,7,100-' mawonekedwe amtundu wa IP
Sindikupeza chandamale chovomerezeka. Chonde onetsetsani kuti makamu omwe atchulidwawa ndi ma adilesi a IP pamtundu woyenera kapena mayina am mayina omwe angathe kuthetsedwa ndi DNS
muzu @ AD: ~ #