PAM, NIS, LDAP, Kerberos, DS ma Samba 4 AD-DC - SMB Networks

Faʻasino lautele o le faʻasologa: Fesootaiga komepiuta mo SMEs: Faatomuaga

Talofa uo ma uo!

Faatasi ai ma lenei tusitusiga ou te fai atu Tofa i le MaiLinux Community. O se faʻamavaega faʻapitoa mo se afioʻaga faʻapitoa. Mai le taimi nei o le a ou i ai i laʻu oe lava poloketi e mafai ona e iloa i ai http://www.gigainside.com.

O le autu autu o le pou o le ofaina o se «Ata lapoa»E uiga i le Authentication Services ma Free Software o loʻo ia matou nei. Ma le mea sili o lo matou faamoemoe lena. O le mea lea o le a umi, e ui lava i le mea moni tatou te iloa e feteʻenaʻi ma tulafono lautele o le tusiaina o tala. Matou te faʻamoemoe e faʻatauaina e le Administrators System.

Matou te manaʻo e faʻailoa atu o le masani masani i le tele o aso nei vaʻaiga faʻamaumauga o le LDAP, ma e le faʻatamala e suʻesuʻeina ma le faʻaeteete, mai mea suʻesuʻe o le a tatou mauaina i luga o le tulaga aloaia http://www.openldap.org/.

Matou te le tuʻuina atu faʻamatalaga auiliili - poʻo fesoʻotaʻiga - i itu na feagai ma tusitusiga muamua, poʻo luga o latou e mafai ona faigofie ona maua faʻamatalaga i luga o Wikipedia poʻo isi 'upega tafaʻilagi poʻo tala i luga ole Initaneti, ina neʻi leiloa le autu o le feʻau tatou te manaʻo ai e foaʻi atu. O le a matou faʻaaogaina foʻi le fetaui lelei o igoa i le Igilisi ma le Sipaniolo, a o matou manatu o le tele o polokalama na fananau mai ma igoa i le Igilisi ma e aoga tele mo se Sysadmin e faʻafesoʻotaʻi i latou i la latou uluaʻi gagana.

  • PAM: Pluggable Faʻamaoniga Module.
  • NIS: Network_Information_Service.
  • LDAP: Malamalama mama Faʻamatalaga Maua Faʻavae.
  • Kerberos: Puipuiga saogalemu e faʻamaonia ai tagata faʻaoga, komupiuta ma tautua tutotonu i luga o se upega tafailagi, faʻamaoniaina o latou faʻamaoniga faʻasaga i loʻo i ai i totonu o le Kerberos database.
  • DS: Faʻasino Upu poʻo le Tautua Faʻatonu
  • AD-DC: Faagaioiga Active - Domain Pule

Le

PAM

Matou te tuʻuina atu se laʻititi faʻasologa i lenei ituaiga o faʻamaoniga i le lotoifale, lea o le a e vaʻaia ai i aso taʻitasi faʻataʻitaʻiga e lautele faʻaaogaina pe a fai, mo se faʻataʻitaʻiga, matou te ofi i se nofoaga faigaluega i le Domain Controller poʻo le Active Directory; e faʻafanua ai tagata faʻaoga o loʻo teu i totonu o faʻamaumauga i fafo atu o le LDAP e pei lava o ni tagata e faʻaoga i le lotoifale; e faʻafanua ai tagata faʻaaoga i le Domain Controller o se Active Directory e pei o latou o ni tagata e faʻaoga i le lotoifale, ma isi mea.

NIS

De Wikipedia:

  • Fesoʻotaʻiga Faʻamatalaga System (lauiloa i lona faʻapuʻupuʻu NIS, o lona uiga Sipaniolo Faʻamatalaga Network System), o le igoa o le tagata faʻatau-server tusi faʻamaumauga tautua maliegaina fausia e Sun Microsystems mo le lafoina faʻamaumauga faʻavasega i tufatufaina sisitema pei o igoa o tagata faʻaaoga ma 'au i le va o komupiuta luga o se upega tafailagi.O le NIS e faʻavae i luga o le ONC RPC, ma e aofia ai le server, o le client-itu faletusi ma isi mea faigaluega eseese.

    O le NIS na taʻua muamua ole Yellow Page, poʻo le YP, o loʻo faʻaaoga pea e faʻasino iai. Ae paga lea, o lena igoa o se faʻailoga o le British Telecom, lea e manaʻomia ai le La e faʻapaʻu lena igoa. Peitaʻi o le YP o loʻo tumau pea o se nauna i igoa o le tele o faʻatonuga e faʻatatau i le NIS, pei o le ypserv ma le ypbind.

    DNS tautuaina se faʻatapulaʻaina o faʻamatalaga, o le mea sili ona taua o le fetusiaʻiga i le va o le node igoa ma le IP tuatusi. Mo isi ituaiga faʻamatalaga, e leai se tautua faʻapitoa. I leisi itu, afai e naʻo se laʻititi LAN e puleaina e aunoa ma le Initaneti fesoʻotaʻiga, e foliga mai e le aoga le setiina o DNS. Ole mafuaʻaga lea na atiaʻe ai e le Sun le Network Information System (NIS). NIS faʻaavanoaina lautele faʻamatalaga avanoa gafatia e mafai ona faʻaaogaina e tufatufaina ai, mo se faʻataʻitaʻiga, o faʻamatalaga o loʻo i ai i le passwd ma faʻavasega faila i uma i luga o lau upega tafailagi. Lenei faia le fesootaiga foliga o se tasi faiga, ma le tutusa tala i uma node. E faʻapena foi, NIS mafai ona faʻaaogaina e tufatufaina ai le igoa igoa node o loʻo iai i totonu / ma isi / 'au i masini uma i luga o le upega.

    O aso nei NIS e avanoa i toetoe lava uma tufatufaina Unix, ma e i ai foi faʻaaogaina fua. BSD Net-2 lolomiina se tasi na maua mai i le lautele faʻasino igoa faʻatinoina faʻatulafonoina foaʻi e Sun. O le faletusi numera mo le tagata o tausia vaega o lenei lomiga na i ai i le GNU / Linux libc mo se taimi umi, ma o le pulega polokalame na aveina atu i le GNU / Linux e Swen Thümmler. Peitai, o se NIS auauna o loʻo misi e pei o le faʻasino faʻatinoga.

    Peter Eriksson ua atiaʻe se faʻatinoga fou faʻaigoaina NYS. E lagolagoina uma NIS faʻavae ma le faʻaleleia atili o le Sun NIS +. [1] NYS e le gata na maua ai le tele o NIS mea faigaluega ma se 'auʻaunaga, ae faʻaopopoina foi se atoa fou seti o potu tusi galuega e te manaʻomia e tuʻufaʻatasia i lau libc pe a e manaʻo e faʻaaoga ia. E aofia ai ma se polokalame fou mo le fofoina o igoa ua suia ai le polokalame o loʻo faʻaaoga e le "host.conf" file.

    O le GNU libc, ua faʻaigoaina o le libc6 i le GNU / Linux, o loʻo aofia ai ma le faʻafouga o le lagolago masani a le NIS na atiaʻe e Thorsten Kukuk. E lagolagoina uma faʻagaioiga a le potu tusi na saunia e NYS, ma faʻaaogaina ai foi le polokalame NYS faʻalelei. O mea faigaluega ma tautua e manaʻomia lava, ae o le faʻaaogaina o le GNU libc e sefe ai le faʻafitauli o le toe faʻapipiʻiina ma le toe faʻafouina o le potu tusi.

    .

Igoa o le komepiuta ma le igoa, fesoʻotaʻiga faʻatasi ma le resolver

  • Tatou amata mai se mama faʻapipiʻi-aunoa fesoʻotaʻiga faʻafanua- o le Debian 8 "Jessie". O le domain swl.fan o lona uiga "Fans of Free Software." O le a le igoa sili atu nai lo lenei?.
aʻa @ matai: ~ # igoa faʻaigoa
aliʻi
aʻa @ matai: ~ # igoa ole igoa -f
master.swl.fan

aʻa @ matai: ~ # ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 lautele host host valid_lft faavavau prefer_lft faavavau inet6 :: 1/128 lautele 'au talimalo valid_lft faʻavavau fiafia_lft faavavau 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 4c: 76: d9 brd ff: ff: ff: ff: ff: ff inet 192.168.10.5/24 brd 192.168.10.255 lautele lalolagi eth0 valid_lft faavavau faʻaaogaina_lft faʻavavau inet6 fe80 :: 20c: 29ff: fe4c: 76d9 / 64 lautele avanoa valid_lft faʻavavau fiafia_lft faʻavavau

aʻa @ matai: ~ # pusi /etc/resolv.conf 
saili swl.fan nameserver 127.0.0.1

Faʻapipiʻiina o bind9, isc-dhcp-server ma ntp

fusi9

aʻa @ matai: ~ # aptitude faʻapipiʻi bind9 fusia9-doc nmap
aʻa @ matai: ~ # systemctl tulaga bind9

aʻa @ matai: ~ # nano /etc/bind/named.conf
aofia ai le "/etc/bind/named.conf.options"; aofia ai le "/etc/bind/named.conf.local"; aofia ai le "/etc/bind/named.conf.default-zones";

aʻa @ matai: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original

aʻa @ matai: ~ # nano /etc/bind/named.conf.options
filifiliga {Directory "/ var / cache / bind"; // Afai e i ai se firewall i le va o oe ma nameservers e te manaʻo ai // e talanoa i ai, oe ono manaʻomia e lipea le firewall e faʻatagaina ai le tele // port e talanoa. Vaai http://www.kb.cert.org/vuls/id/800113

        // Afai o lau ISP saunia se tasi pe sili atu tuatusi IP mo mautu // nameservers, oe ono manaʻo e faʻaaoga ia latou o forwarders. // Uncomment the following block, and insert the tuatusi sui le // the all-0's placeholder. // forwarders {// 0.0.0.0; //}; // =________________________________________________________ = ==================== $ // Afai BIND logs mea sese tala e uiga i le aʻa ki ua maeʻa, // oe o le a manaʻomia e faafou au ki. Vaai https://www.isc.org/bind-keys
        // =________________________________________________________ = ==== $ // Matou te le manaʻo i DNSSEC
        dnssec-mafai leai;
        // dnssec-validation auto; auth-nxdomain leai; # usitaʻi i le RFC1035 faʻalogo-i-v6 {soʻo; }; // Mo siaki mai localhost ma sysadmin // ala ile dig swl.fan axfr // E leai se matou Slave DNS ... e oʻo mai nei
        faataga-fesiitai {localhost; 192.168.10.1; };
}; aʻa @ matai: ~ # faʻaigoa-checkconf

aʻa @ matai: ~ # nano /etc/bind/zones.rfcFreeBSD
// Tulaga Fetufa'atasi Avanoa (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Link-local / APIPA (RFCs 3927, 5735 ma 6303)
sone "254.169.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IETF protocol tofiga (RFCs 5735 ma 5736)
sone "0.0.192.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// TEST-NET- [1-3] mo Faʻamaumauga (RFCs 5735, 5737 ma 6303)
sone "2.0.192.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "100.51.198.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "113.0.203.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IPv6 Faʻataʻitaʻiga Faʻavasega mo Faʻamaumauga (RFCs 3849 ma 6303)
sone "8.bd0.1.0.0.2.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// Nofoaga Igoa mo Faʻamaumauga ma Suʻega (BCP 32)
sone "suʻega" {type master; faila "/etc/bind/db.empty"; }; sone "faʻataʻitaʻiga" {type master; faila "/etc/bind/db.empty"; }; sone "le aoga" {type master; faila "/etc/bind/db.empty"; }; sone "example.com" {ituaiga pule; faila "/etc/bind/db.empty"; }; sone "example.net" {ituaiga pule; faila "/etc/bind/db.empty"; }; sone "example.org" {ituaiga matai; faila "/etc/bind/db.empty"; };

// Router Benchmark Testing (RFCs 2544 ma 5735)
sone "18.198.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "19.198.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IANA Reservation - Old Class E Space (RFC 5735)
sone "240.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "241.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "242.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "243.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "244.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "245.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "246.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "247.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "248.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "249.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "250.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "251.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "252.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "253.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "254.in-addr.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IPv6 Lauga Uiga (RFC 4291)
sone "1.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "3.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "4.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "5.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "6.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "7.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "8.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "9.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "a.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "b.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "c.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "d.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "e.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "0.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "1.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "2.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "3.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "4.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "5.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "6.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "7.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "8.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "9.f.ip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "afip6.arpa" {type master; faila "/etc/bind/db.empty"; }; sone "bfip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "0.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "1.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "2.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "3.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "4.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "5.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "6.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "7.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IPv6 ULA (RFCs 4193 ma 6303)
sone "CFip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "dfip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IPv6 Link Lotoifale (RFCs 4291 ma 6303)
sone "8.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "9.efip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "aefip6.arpa" {type master; faila "/etc/bind/db.empty"; }; sone "befip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IPv6 Faʻaletonu Nofoaga-Lotoifale tuatusi (RFCs 3879 ma 6303)
sone "cefip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "defip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "eefip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; }; sone "fefip6.arpa" {ituaiga matai; faila "/etc/bind/db.empty"; };

// IP6.INT ua Faʻaleaogaina (RFC 4159)
sone "ip6.int" {ituaiga matai; faila "/etc/bind/db.empty"; };

aʻa @ matai: ~ # nano /etc/bind/named.conf.local
// // Do any local setting here // // Mafaufau e faʻaopopo le 1918 sone ii, pe a le faʻaaogaina i lau // faʻalapotopotoga aofia ai "/etc/bind/zones.rfc1918";
aofia ai le "/etc/bind/zones.rfcFreeBSD";

// Faʻalauiloaina o le igoa, ituaiga, nofoaga, ma le faʻafouga faʻatagaga // o le DNS Records Zones // Uma Sone o MASTER sone "swl.fan" {ituaiga matai; faila "/var/lib/bind/db.swl.fan"; }; sone "10.168.192.in-addr.arpa" {ituaiga matai; faila "/var/lib/bind/db.10.168.192.in-addr.arpa"; };

aʻa @ matai: ~ # faʻaigoa-checkconf

aʻa @ matai: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ I SOA matai.swl.fan. aʻa.master.swl.fan. (1; serial 1D; faʻafouina 1H; toe taumafai 1W; faamutaina 3H); maualalo pe; Le lelei le taimi o le teuina o le ola e ola ai; @ I NS matai.swl.fan. @ I MX 10 meli. Swl.fan. @ I A 192.168.10.5 @ IN TXT "Mo Fans o Free Software"; sysadmin I LE 192.168.10.1 faila faila I le 192.168.10.4 matai I le 192.168.10.5 sui i le 192.168.10.6 blog I LE 192.168.10.7 ftpserver I LE 192.168.10.8 meli I LE 192.168.10.9

aʻa @ matai: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ I SOA matai.swl.fan. aʻa.master.swl.fan. (1; serial 1D; faʻafouina 1H; toe taumafai 1W; faamutaina 3H); maualalo pe; Le lelei le taimi o le teuina o le ola e ola ai; @ I NS matai.swl.fan. ; 1 I PTR sysadmin.swl.fan. 4 I PTR faila faila.swl.fan. 5 I PTR matai.swl.fan. 6 I PTR sui sui.swl.fan. 7 I PTR blog.swl.fan. 8 I PTR ftpserver.swl.fan. 9 I PTR meli.swl.fan.

aʻa @ matai: ~ # faʻaigoa-checkzone swl.fan /var/lib/bind/db.swl.fan
sone swl.fan/IN: utaina serial 1 OK
aʻa @ matai: ~ # faʻaigoaina-siaki zone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
sone 10.168.192.in-addr.arpa/IN: utaina serial 1 OK

aʻa @ matai: ~ # faʻaigoa-checkconf -zp
aʻa @ matai: ~ # systemctl toe amata bind9.service
aʻa @ matai: ~ # systemctl tulaga bind9.service

Bind9 siaki

aʻa @ matai: ~ # eli swl.fan axfr
aʻa @ matai: ~ # eli 10.168.192.in-addr.arpa axfr
aʻa @ matai: ~ # eli I SOA swl.fan
aʻa @ matai: ~ # eli I NS swl.fan
aʻa @ matai: ~ # eli IN MX swl.fan
root @ master: ~ # proxyweb host root @ master: ~ # nping --tcp -p 53 -c 3 localhost
aʻa @ matai: ~ # nping --udp -p 53 -c 3 localhost
aʻa @ matai: ~ # nping --tcp -p 53 -c 3 matai.swl.fan
aʻa @ matai: ~ # nping --udp -p 53 -c 3 matai.swl.fan
Amata Nping 0.6.47 ( http://nmap.org/nping ) i le 2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / A Raw packs lafoina: 84 (0B) | Rcvd: 0 (3B) | Leiloa: 100.00 (1%) Faʻauma: Faia le 3.01 IP tuatusi i le XNUMX sekone 

isc-dhcp-tautua

root @ master: ~ # aptitude faʻapipiʻi isc-dhcp-server
aa @ matai: ~ # nano / etc / default / isc-dhcp-server
# O a fesoʻotaʻiga e tatau i le DHCP server (dhcpd) tautua ai talosaga a le DHCP? # Faʻavavae eseʻese le tele o fesoʻotaʻiga ma avanoa, eg "eth0 eth1".
INTERFACES = "eth0"

aa @ master: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-ki
aʻa @ matai: ~ # pusi Kdhcp-ki. +157 + 51777. tofi 
Tumaoti-ki-faʻatulagaina: v1.3 Algorithm: 157 (HMAC_MD5) Ki: Ba9GVadq4vOCixjPN94dCQ == Bits: AAA = Fausia: 20170527133656 Lolomi: 20170527133656 Faʻaolaola: 20170527133656

aʻa @ matai: ~ # nano dhcp.key
ki dhcp-ki {
        algorithm hmac-md5;
        mea lilo "Ba9GVadq4vOCixjPN94dCQ == ";
}; root @ master: ~ # install -o root -g bind -m 0640 dhcp.key /etc/bind/dhcp.key root @ master: ~ # install -o root -g root -m 0640 dhcp.key / etc / dhcp /dhcp.key root @ master: ~ # nano /etc/bind/named.conf.local
aofia ai le "/etc/bind/dhcp.key";

sone "swl.fan" {ituaiga matai; faila "/var/lib/bind/db.swl.fan";
        faʻatagaina-faʻafouina {ki dhcp-ki; };
}; sone "10.168.192.in-addr.arpa" {ituaiga matai; faila "/var/lib/bind/db.10.168.192.in-addr.arpa";
        faʻatagaina-faʻafouina {ki dhcp-ki; };
};

aʻa @ matai: ~ # faʻaigoa-checkconf

aʻa @ matai: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
aʻa @ matai: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style le tumau; ddns-faʻafouga luga; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; le amanaʻia le tagata faʻatau-faʻafouga; faʻafouga-optimization sese; # Atonu e manaʻomia le pule a Debian; filifiliga ip-lafo i luma; filifiliga filifiliga-igoa "swl.fan"; aofia ai le "/etc/dhcp/dhcp.key"; sone swl.fan. {tulaga muamua 127.0.0.1; ki dhcp-ki; } sone 10.168.192.in-addr.arpa. {tulaga muamua 127.0.0.1; ki dhcp-ki; } fefaʻasoaaʻi-laina toe tuʻufaʻatasi {subnet 192.168.10.0 netmask 255.255.255.0 {filifiliga router 192.168.10.1; filifiliga subnet-mask 255.255.255.0; filifiliga faasalalau-tuatusi 192.168.10.255; filifiliga filifiliga-igoa-tautua 192.168.10.5; filifiliga netbios-igoa-tautua 192.168.10.5; filifiliga ntp-tautua 192.168.10.5; filifiliga taimi-tautua 192.168.10.5; tele 192.168.10.30 192.168.10.250; }}

aʻa @ matai: ~ # dhcpd -t
Internet Systems Consortium DHCP Server 4.3.1 Pule Tau Fatuga 2004-2014 Initaneti Faʻavasega Consortium. Ua taofia aia tatau uma. Mo faʻamatalaga, faʻamolemole asiasi https://www.isc.org/software/dhcp/
Faʻamau faila: /etc/dhcp/dhcpd.conf Faila o faila: /var/lib/dhcp/dhcpd.leases PID faila: /var/run/dhcpd.pid

aʻa @ matai: ~ # systemctl toe amata bind9.service 
aʻa @ matai: ~ # systemctl tulaga bind9.service 

aʻa @ matai: ~ # systemctl amata isc-dhcp-server.service
aʻa @ matai: ~ # systemctl tulaga isc-dhcp-server.service

ntp

aʻa @ matai: ~ # aptitude install ntp ntpdate
aʻa @ matai: ~ # cp /etc/ntp.conf /etc/ntp.conf.original
aʻa @ matai: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift statistics loopstats peertats clockstats filegen loopstats faila loopstats type day mafai ai filegen peertats faila peertats ituaiga aso mafai ai faila filest Jamstats failaina uati ituaiga aso mafai ai le aufaigaluega 192.168.10.1 faʻatapulaʻa -4 -6 default kod notrap nomodify nopeer noquery tapu 127.0.0.1 faʻatapulaʻa :: 1 faʻasalalauga 192.168.10.255

aʻa @ matai: ~ # systemctl toe amata ntp.service 
aʻa @ matai: ~ # systemctl tulaga ntp.service
aʻa @ matai: ~ # ntpdate -u sysadmin.swl.fan
27 Me 10:04:01 ntpdate [18769]: fetuunai taimi faigaluega 192.168.10.1 offset 0.369354 sek

Siaki a le lalolagi mo ntp, bind9 ma isc-dhcp-server

Mai le Linux, BSD, Mac OS, poʻo le Windows client siaki le taimi ua faʻasolo saʻo le taimi. Na te mauaina se tuatusi IP maoaʻe ma o le igoa o lena talimalo ua foia e ala i tuusao ma toe fesuiaʻi fesili DNS. Suia le igoa ole tagata faʻatau ma toe fai uma siaki. Aua neʻi e alu pea seʻi vagana ua e mautinoa o loʻo sologa lelei auaunaga o loʻo faʻapipiʻiina i le taimi nei. Mo se mea na matou tusia uma tala e uiga DNS ma DHCP i Fesootaiga komepiuta mo SMEs.

Faʻapipiʻi le NIS Server

aʻa @ matai: ~ # faʻaalia faʻaali nis
Feteʻenaʻiga ma: netstd (<= 1.26) Faʻamatalaga: tagata ma atemoni mo le Network Information Service (NIS) O lenei afifi e maua ai mea faigaluega mo le faʻatuina ma le faʻamautuina o le NIS. NIS, na lauiloa muamua o Yellow Pages (YP), e tele na faʻaaoga e faʻataga ai ni masini i totonu o se upega tafafao e tufatufaina atu tala tutusa o tala, pei o le faila faila.

aʻa @ matai: ~ # aptitude install nis
Faʻatulagaina afifi ┌─────────────────────────┤ Leai Fetuʻunaʻiga ├──────────────── ── │ │ Filifili le NIS "igoa igoa" mo lenei faiga. Afai e te manaʻo │ │ o lenei masini ia naʻo se tagata o tausia, e tatau ona e tusia le igoa o le │ │ NIS vaega e te manaʻo e auai. │ │ │ │ I se isi itu, pe a fai o lenei masini e avea ma se auauna NIS, e mafai ona e │ │ ulufale i se NIS fou "igoa igoa" poʻo le igoa o se NIS │ │ tulaga i ai. IS │ │ │ NIS Domain: │ │ │ │ swl.fan ________________________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

O le a faʻatuai ai lau oe aua o le tautua faʻatulagaina e le oi ai pei o sea. Faʻatali mo le faʻagasologa e maeʻa.

aʻa @ matai: ~ # nano / etc / default / nis
# O matou o se NIS tautua ma afai o lea o le a le ituaiga (taua: pepelo, pologa, matai)?
NISSERVER = matai

root @ master: ~ # nano /etc/ypserv.securenets # securenets O lenei faila o loʻo faʻamatalaina ai aia tatau i lau NIS server # mo tagata NIS (ma pologa pologa - e faʻaaoga foi e le ypxfrd le faila # lea). O lenei faila o loʻo iai netmask / soʻotaga paga. # O se tagata faʻatau IP tuatusi manaʻomia e faʻafetaui ma le le itiiti ifo ma le tasi # o na. # # E mafai e se tasi ona faʻaaoga le upu "talimalo" nai lo le netmask o # 255.255.255.255. Naʻo IP tuatusi e faʻatagaina i lenei # faila, ae leʻo igoa resitala. # # Faʻatagaina i taimi uma le avanoa mo localhost 255.0.0.0 127.0.0.0 # O lenei laina e avatua ai avanoa i tagata uma. IA FESOASOANI! # 0.0.0.0 0.0.0.0
255.255.255.0 192.168.10.0

root @ master: ~ # nano / var / yp / Makefile # Tatau ona tatou tuʻufaʻatasia le faila passwd ma le faila ata? # MERGE_PASSWD = moni | sese
MERGE_PASSWD = moni

# Tatau ona matou tuʻufaʻatasia le faila a le kulupu ma le faila gshadow? # MERGE_GROUP = moni | sese
MERGE_GROUP = moni

Matou te fausiaina le NIS faʻamaumauga

aʻa @ matai: ~ # / usr / lib / yp / ypinit -m
I le taimi lea, e tatau ona tatou fausia se lisi o talimalo o le a faʻatautaia NIS tautua. master.swl.fan o loʻo i le lisi o le au talimalo NIS. Faʻamolemole faʻaauau le faʻaopopoina o igoa mo isi 'au, tasi i le laina. A maeʻa oe i le lisi, ta le a . sosoʻo mai talimalo e faʻaopopo: [y / n: y] Matou te manaʻomia ni nai minute e fausia ai faʻamaumauga tuʻufaʻatasiga ... fai [1]: Tuʻua le lisi '/var/yp/swl.fan' master.swl.fan ua faʻatuina o se NIS master server . O lenei e mafai ona e tamoʻe ypinit -s master.swl.fan i luga o pologa tautua uma.

aʻa @ matai: ~ # systemctl toe amata nis
aʻa @ matai: ~ # systemctl tulaga nis

Matou te faʻaopopo tagata faʻaaoga

aʻa @ matai: ~ # adduser bilbo
Faʻaopopoina le tagata faʻaaoga `bilbo '... Faʻaopoopoina le vaega fou` bilbo' (1001) ... Faʻaopoopoina le tagata fou 'bilbo' (1001) ma le kulupu` bilbo '... Fausiaina o le fale tusi faʻasino` / fale / bilbo' ... Kopiina o faila mai le `/ etc / skel '... Ulufale i le UNIX password fou: Toe taina le upu UNIX fou: passwd: upu faʻafouina saʻo Suiga le faʻamatalaga a le tagata mo le bilbo Ulufale le tau fou, pe lolomi ENTER e faʻaaoga faaletonu Igoa Atoa []: Bilbo Bagins Potu Potu []: Telefoni Galue []: Telefoni i le Fale []: Isi []: E saʻo faamatalaga? [Y / n]

aʻa @ matai: ~ # adduser strides root @ master: ~ # adduser legolas

ma isi.

aʻa @ matai: ~ # tamatamai lima legolas
Login: legolas igoa: Legolas Archer Directory: / home / legolas Shell: / bin / bash Aua e te ulufale i totonu. Leai se meli Leai se Fuafuaga.

Matou te faʻafouina le database NIS

aʻa @ matai: / var / yp # fai
fai le [1]: Ulufaleina faʻasino '/var/yp/swl.fan' Faʻafouina passwd.byname ... Faʻafouina passwd.byuid ... Faʻafouina group.byname ... Faʻafouina group.bygid ... Faʻafouina netid.byname. .. Faʻafouina shadow.byname ... Le amanaiaina -> tuʻufaʻatasia ma passwd faia [1]: Tuʻua le tusi faʻasino '/var/yp/swl.fan'

Matou te faʻaopopo NIS filifiliga i le isc-dhcp-server

aʻa @ matai: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style le tumau; ddns-faʻafouga luga; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; le amanaʻia le tagata faʻatau-faʻafouga; faʻafouga-optimization sese; pule; filifiliga ip-lafo i luma; filifiliga filifiliga-igoa "swl.fan"; aofia ai le "/etc/dhcp/dhcp.key"; sone swl.fan. {tulaga muamua 127.0.0.1; ki dhcp-ki; } sone 10.168.192.in-addr.arpa. {tulaga muamua 127.0.0.1; ki dhcp-ki; } fefaʻasoaaʻi-laina toe tuʻufaʻatasi {subnet 192.168.10.0 netmask 255.255.255.0 {filifiliga router 192.168.10.1; filifiliga subnet-mask 255.255.255.0; filifiliga faasalalau-tuatusi 192.168.10.255; filifiliga filifiliga-igoa-tautua 192.168.10.5; filifiliga netbios-igoa-tautua 192.168.10.5; filifiliga ntp-tautua 192.168.10.5; filifiliga taimi-tautua 192.168.10.5;
                filifiliga nis-domain "swl.fan";
                filifiliga nis-auauna 192.168.10.5;
                tele 192.168.10.30 192.168.10.250; }}

aʻa @ matai: ~ # dhcpd -t
root @ master: ~ # systemctl toe amata isc-dhcp-server.service

NIS Tagata Faʻapipiʻi Faʻapipiʻi

  • Tatou amata mai se mama faʻapipiʻi-aunoa fesoʻotaʻiga faʻafanua- o le Debian 8 "Jessie".
aʻa @ meli: ~ # igoa ole igoa -f
meli.swl.fan

aa @ meli: ~ # ip addr
2: eth0: mtu 1500 qdisc pfifo_fast state UP kulupu le tumau qlen 1000 link / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.9/24 brd 192.168.10.255 lautele lalolagi eth0

aʻa @ meli: ~ # aptitude faʻapipiʻi nis
aʻa @ meli: ~ # nano /etc/yp.conf # # yp.conf Faʻatulagaina faila mo le faʻagasologa o le ypbind. Oe mafai ona faʻauiga # NIS 'auʻauna lima iinei pe a le mafai ona maua i latou e # faʻasalalauga i luga o le upega tafaʻilagi (o le le masani ai). # # Vaʻai le itulau tusi a le ypbind mo le syntax o lenei faila. # # Taua: Mo le "ypserver", faʻaaoga tuatusi IP, pe mautinoa o # le talimalo o loʻo i totonu / etc / au. O lenei faila e naʻo le faʻauigaina # tasi, ma afai e le oʻo le DNS ae e le mafai ona fofo le ypserver ma e le mafai ona noatia le ypbind ile tautua. # ypserver ypserver.network.com ypserver master.swl.fan domain swl.fan

aa @ meli: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Faʻataʻitaʻiga faʻatulagaina o le GNU Igoa Auaunaga Suiga gaioiga. # Afai o loʻo e faapipiiina le 'glibc-doc-reference' ma le` info ', taumafai: # `info libc" Igoa o le Suiga o Suiga "' mo faʻamatalaga e uiga i lenei faila. passwd: compat nis group: compat nis shadow: compat nis gshadow: faila host: faila dns nis network: faila tulafono: db faila tautua: db faila ethers: db faila rpc: db faila netgroup: nis

aa @ meli: ~ # nano /etc/pam.d/common-session
# pam-auth-update (8) mo auiliiliga.
sauniga filifiliga tuu i le faitalia pam_mkhomedir.so skel = / etc / skel umask = 077
# o mea ia o le-package modules (o le "Peraimeri" poloka)

aʻa @ meli: ~ # systemctl tulaga nis
aʻa @ meli: ~ # systemctl toe amata nis

Matou te tapunia le sauniga ma toe amataina ae ma se tagata faʻaaoga lesitalaina i le NIS faʻamaumauga i le master.swl.fan.

aʻa @ meli: ~ # fafo
logout Fesoʻotaʻiga i meli tapunia.

buzz @ sysadmin: ~ $ ssh legolas @ meli
legolas @ mail's password: Fausia le tusi faʻasino '/ home / legolas'. O polokalame e aofia ai ma le Debian GNU / Linux system e leai se totogi polokalama; o faʻamatalaga tuʻufaʻatasia mo polokalama taʻitasi o loʻo faʻamatalaina i faila taʻitasi i / usr / share / doc / * / copyright. Debian GNU / Linux eo mai ma AUTU E LEAI SE OU WARRANTY, i le mea ua faʻatagaina e tulafono talafeagai.
legolas @ meli: ~ $ pwd
/ fale / legolas
legolas @ meli: ~ $ 

Matou te suia le pasiupu a le legolas tagata faʻaoga ma siaki

legolas @ meli: ~ $ yppasswd 
Suia o faʻamatalaga a le NIS mo legolas i le master.swl.fan. Faʻamolemole ulufale i le tuai password: legolas Suia NIS upu faʻamau mo legolas luga master.swl.fan. Faʻamolemole ulufale mai fou upu faʻamau: tagata fanafana O le upu faʻamau e tatau ona i ai uma mataitusi tetele ma mataʻitusi laiti, poʻo le leai ni mataitusi. Faʻamolemole ulufale mai fou upu faʻatonu: Arquero2017 Faʻamolemole toe lolomi upu fou: Arquero2017 O le NIS password ua suia i le master.swl.fan.

legolas @ meli: ~ $ alu ese
logout Fesoʻotaʻiga i meli tapunia.

buzz @ sysadmin: ~ $ ssh legolas @ meli
legolas @ meli le faʻaupuga: Arquero2017

O polokalame e aofia ai ma le Debian GNU / Linux system e leai se totogi polokalama; o faʻamatalaga tuʻufaʻatasia mo polokalama taʻitasi o loʻo faʻamatalaina i faila taʻitasi i / usr / share / doc / * / copyright. Debian GNU / Linux eo mai ma AUTU E LEAI SE OU WARRANTY, i le mea ua faʻatagaina e tulafono talafeagai. Login mulimuli: Aso Toonaʻi Me 27 12:51:50 2017 mai le sysadmin.swl.fan
legolas @ meli: ~ $

O le NIS Auaunaga faʻatinoina i le sapalai ma tagata faʻatau tulaga galue lelei.

LDAP

Mai Wikipedia:

  • O le LDAP o le faʻapuʻupuʻu lea mo le Lightweight Directory Access Protocol (i le Spanish Lightweight / Simplified Directory Access Protocol) e faʻasino i se application-level protocol e faʻatagaina ai le ulufale atu i se faʻatonuga ma tufatufaina auaunaga faʻatonutonu e suʻe ai faʻamatalaga eseese i se upega tafailagi. O le LDAP e taʻua foʻi o se nofoaga e teu ai faʻamaumauga (e ui lava e eseʻese lana faiga e teu ai) e mafai ona fesiligia.O le lisi faʻasino o se seti o mea faitino ma uiga faʻatulagaina i se talafeagai ma hierarchical auala. O le faʻataʻitaʻiga sili ona taatele o le tusi telefoni, e aofia ai le faasologa o igoa (tagata poʻo faʻalapotopotoga) e faʻasologa faʻasolosolo, ma igoa taʻitasi o loʻo iai le tuatusi ma le numera telefoni o loʻo pipii iai. Ina ia malamalama atili i ai, o se tusi poʻo le faila, lea e tusia ai igoa o tagata, numera o telefoni ma tuatusi, ma e faʻasologa faʻavasega.

    O se lisi o faʻamaumauga a le LDAP i nisi taimi e atagia mai ai le eseese o polokiki, faʻafanua, poʻo faʻalapotopotoga faʻatapulaʻaina, fuafua i le faʻatusa filifilia. O loʻo iai nei le faʻaaogaina o le LDAP e masani ona faʻaaoga ai Domain Name System (DNS) igoa e fausia ai le maualuga maualuga o le faʻatulagaga. A o e tusi i lalo le lisi, o mea e ono ono faʻaalia e fai ma sui o tagata, iunite faʻalapotopotoga, lolomitusi, pepa, vaega o tagata, poʻo se isi lava mea e fai ma faʻailoga o loʻo tuʻuina mai i totonu o le laʻau (poʻo ni faʻamatalaga se tele).

    E masani lava, na te faʻaputuina faʻamaoniga faʻamatalaga (tagata faʻaaoga ma le upega tafaʻilagi) ma e faʻaaogaina e faʻamaonia ai, e ui lava e mafai ona teuina isi faʻamatalaga (tagata faʻafesoʻotaʻi faʻamaumauga, nofoaga o le tele o fesoʻotaʻiga punaoa, faʻatagaga, tusi faʻamaonia, ma isi). I se aotelega, o le LDAP o se tuʻufaʻatasia o avanoa i se seti o faʻamatalaga i luga o se upega tafailagi.

    O le lata mai nei ole LDAPv3, ma ua faʻamatalaina ile RFCs RFC 2251 ma le RFC 2256 (LDAP base document), RFC 2829 (authentication method for LDAP), RFC 2830 (extension for TLS), ma le RFC 3377 (faʻapitoa faʻapitoa)

    .

Mo se taimi umi, le LDAP maliega faʻataʻitaʻi -ma ona faʻamaumauga tuʻufaʻatasia pe leai foi ma OpenLDAP- o le sili ona faʻaaogaina i le tele o faʻamaoniga aso nei. I le avea ai o se faʻataʻitaʻiga o le faʻamatalaga talu ai, matou te tuʻuina atu i lalo nisi o igoa o system -Free pe Private- o loʻo faʻaaogaina database LDAP o backend e teu uma ai a latou mea.

  • OpenLDAP
  • Apache DirectoryServer
  • Red Hat Directory Server - 389 DS
  • Auaunaga Tusitusiga Novell - eDirectory
  • SUN Microsystem Tatala DS
  • Red Hat Identity Pule
  • FreeIPA
  • Samba NT4 Classic Domain Controller.
    Matou te manaʻo e faʻamanino o lenei faiga o se atinaʻe o Team Samba ma Samba 3.xxx + OpenLDAP as backend. Microsoft e leʻi faʻatinoina se mea faapena. Alu ese mai le NT 4 Domain Controllers i a latou Active Directory
  • Samba 4 Active Directory - Domain Controler
  • Fa'amama OS
  • Tele
  • UCS Uninvention Lautele Tūmau
  • Microsoft Active Directory

O faʻatinoga taʻitasi e iai ona lava uiga, ma o le sili ona faʻamau ma fetaui o le OpenLDAP.

O le Active Directory, o le amataga mai ia Microsoft poʻo le tasi mai le Samba 4, e aofia ai le tuʻufaʻatasia o ni vaega taua o:

E le tatau ona tatou fenumiai a Auaunaga Faʻasino o Tautua Faʻatonu ma le a Active Directory o Faagaioiga Galue. O le muamua mafai pe leai foi Kerberos faʻamaoniaina, ae latou te le ofaina le Microsoft Network tautua o loʻo avatua i le Windows Domain, pe iai foʻi se latou Windows Domain Controller faʻapea.

E mafai ona faʻaaogaina le Directory Service poʻo le Directory Service e faʻamaonia ai tagata faʻaoga i se fesoʻotaʻiga felanulanuaʻi ma UNIX / Linux ma Windows tagata faʻatau. Mo le vaega mulimuli, e tatau ona faʻapipiʻi se polokalame i tagata taʻitoʻatasi o loʻo avea ma tagata faufautua i le va o le Directory Service ma le Windows client, e pei o le Free Software. itulau.

Auaunaga Faʻatonu ma OpenLDAP

  • Tatou amata mai se mama faʻapipiʻi-aunoa fesoʻotaʻiga faʻafanua- o le Debian 8 "Jessie", ma le tutusa "master" masini igoa na faʻaaogaina mo le NIS faʻapipiʻiina, faʻapea foi ma le faʻatulagaina o lona network interface ma le /etc/resolv.conf faila. Na matou faapipiina le ntp, bind9 ma le isc-dhcp-server mo lenei server fou, e aunoa ma le faagaloina o siaki a le lalolagi i le saʻo o le faʻagaioiga o le tolu auaunaga muamua..
root @ master: ~ # aptitude faʻapipiʻi slapd ldap-utils

Faʻatulagaina afifi

'' Slapd faʻatulagaina │ │ Ulufale le faʻaupuga mo le faʻatonutonu ulufale o lau LDAP AP │ tusi faʻasino. Password │ │ │ Administrator password: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘

Matou te siakiina le faʻavae muamua

aʻa @ matai: ~ # sasa
dn: dc = swl, dc = ili
objectClass: top objectClass: dcObject objectClass: organisation o: swl.fan dc: swl strukturalObjectClass: faalapotopotoga ulufaleUUID: c8510708-da8e-1036-8fe1-71d022a16904 foafoa Igoa: cn = admin, dc = swl, dc = fan ulufale fausiaTimestamp20170531205219: 20170531205219.833955 : 000000ZN000 ulufale Z # 000000 # 20170531205219 # XNUMX fesuiaʻiga Igoa: cn = admin, dc = swl, dc = fan modifyTimestamp: XNUMXZ

dn: cn = admin, dc = swl, dc = ili
objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin faamatalaga: LDAP pule userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e- da8fe1036e entrySw8d-da2fe71 entrySw022c16904e-da20170531205219fe20170531205219.834422e-000000 entrySw000e-da000000fe20170531205219e = entrySXNUMX entrySwXNUMXe-daXNUMXfeXNUMXeXNUMXpmTmlYOVhKSUXNUMX entrySXNUMXe-XNUMXe tusia = cXNUMXe XNUMX Z # XNUMX # XNUMX # XNUMX suia

Matou te fesuiaʻi le faila /etc/ldap/ldap.conf

aʻa @ matai: ~ # nano /etc/ldap/ldap.conf
FUA dc = swl, dc = ili URI    ldap: // localhost

Iunite faʻalapotopotoga ma vaega lautele «tagata faʻaaoga»

Matou te faʻaopopoina laʻititi mea manaʻomia Iunite faʻatulagaina, faʻapea foi ma le vaega o le Posix «tagata faʻaoga» matou te faia ai tagata uma e avea ma sui, mulimuli i le faʻataʻitaʻiga o le tele o faiga o loʻo iai le kuluputagata e faaaogāina«. Matou te filifilia ma le igoa o le «tagata faʻaoga» ina ia aua neʻi ulufale atu i ni feteʻenaʻiga ma le kulupu.tagata faʻaaogā"o le faiga.

aʻa @ matai: ~ # nano base.ldif
dn: ou = people, dc = swl, dc = fan objectClass: organisationalUnit ou: people dn: ou = kulupu, dc = swl, dc = fan objectClass: organisationalUnit ou: kulupu dn: cn = tagata faʻaoga, ou = kulupu, dc = swl, dc = fan objectClass: posixGroup cn: tagata faʻaaoga gidNumber: 10000

aʻa @ matai: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f base.ldif
Ulufale i le LDAP Password: faʻaopopo le ulufale fou "ou = people, dc = swl, dc = fan" faʻaopopo le ulufale fou "ou = kulupu, dc = swl, dc = ili"

Matou te siakiina le faʻaopoopoga o mea na tusia

aʻa @ matai: ~ # ldapsearch -x ou = tagata
# people, swl.fan dn: ou = people, dc = swl, dc = fan objectClass: organisationalUnit ou: people

aʻa @ matai: ~ # ldapsearch -x ou = kulupu
# kulupu, swl.fan dn: ou = kulupu, dc = swl, dc = fan objectClass: organisationalUnit ou: kulupu

aʻa @ matai: ~ # ldapsearch -x cn = tagata faʻaoga
# tagata faʻaoga, kulupu, swl.fan dn: cn = tagata faʻaoga, ou = kulupu, dc = swl, dc = fan objectClass: posixGroup cn: tagata faʻaaoga gidNumber: 10000

Matou te faʻaopopoina ni tagata faʻaaoga

O le password e tatau ona tatou faʻailoa i le LDAP e tatau ona maua mai i le faʻatonuga slappasswd, lea e toe faʻafoʻi mai ai le SSHA faʻailoga o faʻaupuga.

Upu faʻamau mo le tagata faʻaoga savali:

aʻa @ matai: ~ # slappasswd 
Upu fou: Toe ulufale i totonu fou password: 
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp

Upu faʻamau mo le tagata legolas

aʻa @ matai: ~ # slappasswd 
Upu fou: Toe ulufale i totonu fou password: 
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD

Upu faʻamau mo tagata faʻaaoga gandalf

aʻa @ matai: ~ # slappasswd 
Upu fou: Toe ulufale i totonu fou password: 
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u

aʻa @ matai: ~ # nano tagata faʻaaoga.ldif
dn: uid = strides, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides giveName: Strides sn: El Rey userPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
uidNumber: 10000 gidNumber: 10000 meli: trancos@swl.fan
gecos: Strider El Rey loginShell: / bin / bash homeDirectory: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cn: legolas givenName : Legolas sn: Tagata faʻaaoga aufana {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
uidNumber: 10001 gidNumber: 10000 meli: legolas@swl.fan
gecos: Legolas Archer loginShell: / bin / bash homeDirectory: / home / legolas dn: uid = gandalf, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: gandalf cn: gandalf givenName: Gandalf sn: Le Tagata faʻaoga WizardPassword: {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
uidNumber: 10002 gidNumber: 10000 meli: gandalf@swl.fan
gecos: Gandalf Le Wizard loginShell: / bin / bash homeTaʻiala: / fale / gandalf

aʻa @ matai: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f tagata faʻaoga.ldif
Ulufale i le upu faʻamau upu LDAP: faʻaopopo le faʻaulufale fou "uid = strides, ou = people, dc = swl, dc = fan" faʻaopoopoina le ulufale fou "uid = legolas, ou = people, dc = swl, dc = fan" faʻaopoopoina le ulufale fou "uid = gandalf, ou = people, dc = swl, dc = fan "

Matou te siakiina le faʻaopoopoga o mea na tusia

aʻa @ matai: ~ # ldapsearch -x cn = sitepu
aʻa @ matai: ~ # ldapsearch -x uid = sitepu

Matou te puleaina le slpad database ma faʻamanuiaga

Matou te filifilia le afifi ldapscripts mo sea galuega. O le faʻapipiʻiina ma faʻasologa auala e pei ona taʻua i lalo:

root @ master: ~ # aptitude faʻapipiʻi ldapscripts
 
aʻa @ matai: ~ # mv /etc/ldapscripts/ldapscripts.conf \
/etc/ldapscripts/ldapscripts.conf.original
 
aʻa @ matai: ~ # nano /etc/ldapscripts/ldapscripts.conf
SERVER = localhost BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDSON = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = groups' USUFFIX = 'ou = people' # MSUFFIX = 'ou = Computers' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # OpenLDAP client faʻatonu LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixGroup "/ etcEMPL etc" . /ldapadduser.template "PASSWORDGEN =" echo% u "

Faʻaaliga o tusitusiga e faʻaaoga ai le afifi o faʻatonuga ldap-utils. Tamoe dpkg -L ldap-utils | grep / lapisi ia iloa po o a ia mea.

root @ master: ~ # sh -c "echo -n 'admin-password'> \
/etc/ldapscripts/ldapscripts.passwd "
 
aʻa @ matai: ~ # chmod 400 /etc/ldapscripts/ldapscripts.passwd
 
aʻa @ matai: ~ # cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \
/etc/ldapscripts/ldapadduser.template
 
aʻa @ matai: ~ # nano /etc/ldapscripts/ldapadduser.template
dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: ataAccount uid: cn: suafa muamua: sn: faʻaali Igoa: uidNumber: gidNumber: 10000 faleTaʻiala: loginShell: meli: @ swl.fan geckos: faamatalaga: Teugatupe a le Tagata
 
aʻa @ matai: ~ # nano /etc/ldapscripts/ldapscripts.conf
## matou te aveʻese le faʻamatalaga UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"

Faʻaopopo le tagata faʻaaoga "bilbo" ma avea o ia ma totino o le kulupu "tagata faʻaoga"

aʻa @ matai: ~ # ldapadduser tagata faʻaoga pasi
[dn: uid = bilbo, ou = people, dc = swl, dc = fan] Ulufale le tau mo "givenName": Bilbo [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Ulufale le taua mo " sn ": Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Ulufale le aoga mo" displayName ": Bilbo Bagins Faʻamanuiaina le faʻaopopoina o le tagata faʻaoga i le LDAP Ua setiina lelei le upu faʻaupuga mo le tagata

aʻa @ matai: ~ # ldapsearch -x uid = bilbo
# bilbo, people, swl.fan dn: uid = bilbo, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins displayName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / home / bilbo loginShell: / bin / bash mail: bilbo@swl.fan
gecos: bilbo faʻamatalaga: Faʻamatalaga a le Tagata

Ina ia vaʻaia le hash o le password a le tagata faʻaoga bilbo, e manaʻomia le faʻatinoina o le fesili ma le faʻamaoniga.

root @ master: ~ # ldapsearch -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo

Aveese le mea faʻaoga bilbo matou te faʻatinoina:

aa @ master: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo, ou = people, dc = swl, dc = fan
Ulufale i le LDAP Password:

aʻa @ matai: ~ # ldapsearch -x uid = bilbo

Matou te puleaina le slapd database e ala i se upega tafailagi

E i ai la matou auaunaga faʻatonu, ma matou te mananaʻo e faʻafoe faigofie. E tele polokalama fuafuaina mo lenei galuega, pei o le phpldapadmin, ldap-account-pule, ma isi, o loʻo avanoa saʻo mai fale teuoloa. E mafai foʻi ona matou faʻatonutonuina se lisi o auaunaga e ala i le Apache Directory Studio, lea e tatau ona tatou aumaia mai luga mai le Initaneti.

Mo nisi faʻamatalaga, faʻamolemole asiasi mai https://blog.desdelinux.net/ldap-introduccion/, ma isi tala e 6.

Tagata faatau LDAP

Tulaga:

Fai atu o loʻo ia matou le 'au meli.swl.fan o se meli tautua faʻatinoina e pei ona tatou vaʻaia i le tusitusiga Postfix + Dovecot + Squirrelmail ma tagata faʻaoga i le lotoifale, e ui e atiaʻe i le CentOS, atonu e avea ma taʻiala mo Debian ma le tele o isi itu o Linux. Matou te mananaʻo i lena, e faʻaopopoga i tagata faʻaoga ua uma ona matou faʻalauiloaina, o tagata o loʻo teuina i le OpenLDAP database o loʻo iai i totonu master.swl.fan. Ina ia ausia le mea i luga e tatau ona tatou «faafanua i fafo»I le au faʻaoga i le LDAP o ni tagata o loʻo faigaluega i le server meli.swl.fan. Lenei fofo e aoga foi mo soʻo se auaunaga faʻavae i luga o le PAM faʻamaonia. O taualumaga lautele mo Debian, o mea nei:

root @ mail: ~ # aptitude faʻapipiʻi libnss-ldap libpam-ldap ldap-utils

  'Faʻatulagaina o libnss-ldap │ │ Ulufale i le URI ("Uniform Resource Identifier", poʻo le │ │ Uniform Resource Identifier) ​​o le LDAP server. O lenei manoa e tutusa ma le │ │ «ldap: //: / ». Oe mafai foi │ │ faʻaaoga «ldaps: // » poʻo le "ldapi: //". Ole filifiliga ole numera. │ │ │ │ Fautuaina e faʻaaoga se tuatusi IP e aloese ai mai le toilalo pe a le maua ni igoa igoa igoa estén │. Server │ │ │ LDAP server URI: │ │ │ │ ldap: //master.swl.fan________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ───────────────────────────┘ ┌───────────────────── 'Faʻatulagaina o libnss-ldap │ │ Ulufale i le igoa iloga (DN) o le LDAP faʻavae faʻavae. Tele o 'upega tafaʻilagi e faʻaaogaina le vaega igoa igoa mo lenei mafuaʻaga │ │. Mo se faʻataʻitaʻiga, o le vaega "example.net" o le a faʻaaogaina le │ │ "dc = faʻataʻitaʻiga, dc = net" o se igoa iloga o le sailiga faʻavae. Name │ │ │ O le igoa iloga (DN) o le sailiga faʻavae: │ │ │ │ dc = swl, dc = ili ________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libnss-ldap │ │ Ulufale i le lomiga o le LDAP protocol e tatau ona faʻaaoga e ldapns. E fautuaina │ │ e faʻaaoga le numera maualuga numera avanoa. │ │ │ │ LDAP faʻamatalaga e faʻaaoga: │ │ │ │                                     3                                     │ │ 2 │ │ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libnss-ldap │ │ Filifili poʻo le fea teuga tupe o le a faʻaaogaina mo nss fesili ma │ │ aʻa faʻamanuiaga. │ │ │ │ Faʻaliga: Mo lenei filifiliga e aoga, o le teuga manaʻoga faʻatagaina e │ │ mafai ai ona ulufale i le LDAP uiga o loʻo fesoʻotaʻi ma le tagata faʻaoga │ │ "ata" faʻasologa faʻapea foʻi ma passwords a tagata faʻaoga ma │ │ kulupu . │ │ │ │ LDAP teugatupe mo le aʻa: │ │ │ │ cn = admin, dc = swl, dc = ili ___________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libnss-ldap ├─────────────────────┐ │ Ulufale le faʻaupuga e faʻaaoga pe a taumafai libnss-ldap e │ │ faʻamaonia i le LDAP tusi faʻatasi ma le LDAP teugatupe o aʻa. │ │ │ │ O le upu faiupu o le a sefe i se isi faila │ │ ("/etc/libnss-ldap.secret") e naʻo le aʻa e mafai ona ulufale ai. │ │ │ │ Afai e te faʻaulu se upu faʻaoga ua leai se aoga, o le a toe faʻaaoga le password tuai. │ │ │ │ Upu faʻamau mo le aitalafu tala ole LDAP: │ │ │ │ ******** ________________________________________________________________ ________________ │ │ │ │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── 'Faʻatulagaina o libnss-ldap ├──────────────────────┐ │ │ │ nsswitch.conf e le otometi ona faʻatonutonu │ │ │ │ E tatau ona e fesuiaʻi lau faila "/etc/nsswitch.conf "ia faʻaaoga se LDAP datasource pe a e manaʻo e aoga le teuina o le libnss-ldap. │ │ E mafai ona e faʻaaogaina le faʻataʻitaʻiga faila │ │ i le "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" o se faʻataʻitaʻiga o le nsswitch config poʻo le │ │ e mafai ona e kopiina i luga atu o lau seti o faʻatulagaina. │ │ │ │ Manatua aʻo leʻi aveʻeseina lenei afifi atonu e faigofie ona │ │ aveʻese "ldap" faʻamaumauga mai le faila nsswitch.conf ina ia faʻaauau pea ona galue ia 'auʻaunaga autu. │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libpam-ldap │ │ │ │ O lenei filifiliga e faʻatagaina ai mea faigaluega e faʻaaoga ai le PAM e suia ai upu faʻapitonuʻu. │ │ │ │ O le password mo le LDAP administrator account o le a teuina i se isi faila │ │ e na o le pule e mafai ona faitauina e le pule. │ │ │ │ O lenei filifiliga e tatau ona le atoatoa, peʻa faʻapipiʻi le "/ etc" e ala i le NFS. │ │ │ │ E te manaʻo e faʻatagaina le teutusi o le LDAP e amio o le │ │ o le pule o le lotoifale? │ │ │ │                                            │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libpam-ldap │ │ │ │ Filifili pe faʻamalosia e le server LDAP le faʻailoaina ae e leʻi mauaina entradas │ faʻaulu. │ │ │ │ O lenei tulaga e seasea manaʻomia. │ │ │ │ E manaʻomia e se tagata faʻaaoga le ulufale i le LDAP database? │ │ │ │                                               │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libpam-ldap │ │ Ulufale i le igoa o le LDAP administrator account. │ │ │ │ O lenei teuga tupe o le a otometi lava ona faʻaaoga mo le pulega faʻamaumauga, e tatau ona i ai avanoa talafeagai tau pulega. │ │ │ │ LDAP pule teuga tupe: │ │ │ │ cn = admin, dc = swl, dc = ili ___________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── 'Faʻatulagaina o libpam-ldap │ │ Ulufale le faʻaupuga mo le teuga tupe. │ │ │ │ O le a sefe le password i le faila "/etc/pam_ldap.secret". O le │ │ pule o le a naʻo ia lava e mafai ona faitauina lenei faila, ma o le a faʻatagaina le │ │ libpam-ldap e otometi ona faʻatonutonuina le puleaina o fesoʻotaʻiga i le │ │ database. │ │ │ │ Afai e te tuua lenei avanoa avanoa, o le a toe faʻaoga le password muamua na sefeina │ │ │ │ │ │ LDAP pule faʻaupuga: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

aa @ meli: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Faʻataʻitaʻiga faʻatulagaina o le GNU Igoa Auaunaga Suiga gaioiga. # Afai o loʻo e faapipiiina le 'glibc-doc-reference' ma le` info ', taumafai: # `info libc" Igoa o le Suiga o Suiga "' mo faʻamatalaga e uiga i lenei faila. passwd: compat ldap
kulupu: compat ldap
ata lafoia: compat ldap
gshadow: faila faila: faila dns upega tafailagi: faila tulafono: faila faila faila: faila faila ethers: faila faila rpc: faila faila netgroup: nis

Seʻi tatou faʻatonutonu le faila /etc/pam.d/common-password, tatou te o atu i le laina 26 ma aveʻese le taua «faʻaaoga_authtok":

aa @ meli: ~ # nano /etc/pam.d/common-password
# # /etc/pam.d/common-password - o fesoʻotaʻiga faʻapitoa i le password masani i auaunaga uma # # O lenei faila e aofia mai isi faila faapitoa a le PAM config, # ma e tatau ona i ai se lisi o modules e faʻauigaina ai le tautua # faʻaaogaina e sui ai upu faʻaoga a tagata faʻaaoga. O le faaletonu o le pam_unix. # Faʻamatalaga o filifiliga pam_unix: # # O le filifiliga "sha512" e faʻaaogaina ai masima SHA512 faʻaupuga. A aunoa ma lenei filifiliga, # o le faaletonu o le Unix crypt. O faʻamalologa muamua na faʻaaoga le filifiliga "md5". # # O le "le manino" filifiliga suia le tuai `OBSCURE_CHECKS_ENAB 'filifiliga i # login.defs. # # Vaai i le pam_unix manpage mo isi filifiliga. # A o le pam 1.0.1-6, o lenei faila e pulea e pam-auth-faʻafouina e ala i le le masani ai. # Ina ia faʻaaoga lelei lenei mea, e fautuaina oe tee configure soʻo se # lotoifale modules a o le i oʻo i tua pe a maeʻa le poloka poloka, ma faʻaaoga le # pam-auth-update e faʻatonutonu ai filifiliga o isi vaega. Vaʻai # pam-auth-update (8) mo auiliiliga. # o mea ia o le-package modules (o le "Peraimeri" poloka) password [manuia = 2 faaletonu = le amanaʻia] pam_unix.so faʻanenefu sha512
upu faataga [manuia = 1 user_unknown = le amanaʻiaina le le mautinoa = oti] pam_ldap.so taumafai_first_pass
# Lenei o le fallback pe a fai e leai se module manuia upu faʻatonu manaʻomia pam_deny.so # sili le faʻaputuga ma se lelei toe faʻafoi taua pe afai e leai se tasi ua maeʻa; # o lenei e 'aloʻalo mai ia matou pe a toe faʻafoʻi se mea sese ona e leai se mea e setiina ai le code manuia # talu ai o modula i luga o le a naʻo le feosofi solo faʻataʻamilo e manaʻomia pam_permit.so # ma o lea e sili atu per-package modules (le "faʻaopoopo" poloka) # iʻuga o pam- auth-faʻafouga config

I le tulaga tatou te manaʻomia le Lotoifale Login o tagata faʻaoga teuina i le LDAP, ma matou te mananaʻo ia fausia a latou faila otometi aiga, e tatau ona tatou faʻasaʻo le faila /etc/pam.d/common-session ma faʻaopopo le laina lea i le pito o le faila:

sauniga filifiliga tuu i le faitalia pam_mkhomedir.so skel = / etc / skel umask = 077

I le OpenLDAP Directory Service faʻataʻitaʻiga na atiaʻe muamua, naʻo le pau le tagata faʻaaoga na fausia o le tagata faʻaaoga uʻamea, aʻo i le LDAP matou te fausiaina tagata faʻaoga laa, Legolas, gandalfma pili. Afai o faʻamatalaga na faia i le taimi nei e saʻo, ona tatau lea ona tatou lisiina tagata faʻaoga ma i latou ua faʻafanua e pei o le lotoifale ae teu i le nofoaga tuʻu mamao a le LDAP.

aʻa @ meli: ~ # passent passwd 
buzz: x: 1001: 1001: Buzz Debian First OS ,,,: / home / buzz: / bin / bash
Laʻasaga: x: 10000: 10000: Strides El Rey: / home / strides: / bin / bash
legolas: x: 10001: 10000: Legolas Archer: / home / legolas: / bin / bash
gandalf: x: 10002: 10000: Gandalf The Wizard: / home / gandalf: / bin / bash
bilbo: x: 10003: 10000: bilbo: / home / bilbo: / bin / bash

A maeʻa suiga i le faʻamaoniga o le polokalama, e aoga le toe amataina o le server pe a fai matou te le o feagai ma se tautua taua:

aʻa @ meli: ~ # toe fai

Mulimuli ane matou amata se sauniga i le lotoifale luga o le sapalai meli.swl.fan ma faʻamaoniga a se tagata faʻaaoga ua teuina i le LDAP database o master.swl.fan. E mafai foi ona tatou taumafai e logging i totonu e ala ile SSH.

 

buzz @ sysadmin: ~ $ ssh gandalf @ meli
gandalf @ meli le faʻaupuga: Fausia le tusi faʻasino '/ home / gandalf'. O polokalame e aofia ai ma le Debian GNU / Linux system e leai se totogi polokalama; o faʻamatalaga tuʻufaʻatasia mo polokalama taʻitasi o loʻo faʻamatalaina i faila taʻitasi i / usr / share / doc / * / copyright. Debian GNU / Linux eo mai ma AUTU E LEAI SE OU WARRANTY, i le mea ua faʻatagaina e tulafono talafeagai.
gandalf @ meli: ~ $ su
Konekarate:

aʻa @ meli: / fale / gandalf # vaega faʻaalia
Buzz: x: 1001: tagata faʻaoga: *: 10000:

aʻa @ meli: / fale / gandalf # alu ese
ulufalega

gandalf @ meli: ~ $ ls -l / home /
aofaʻi 8 drwxr-xr-x 2 buzz buzz     4096 Jun 17 12:25 buzz drwx ------ 2 gandalf tagata faʻaoga 4096 Jun 17 13:05 gandalf

O le Directory Services faʻatinoina i le 'auʻaunaga ma tagata faʻatau tulaga, galue saʻo.

Kerberos

Mai Wikipedia:

  • Kerberos o se komepiuta fesoʻotaʻiga fesoʻotaʻiga aiaiga faia e le MIT e faʻatagaina ai ni komupiuta se lua i luga o se fesoʻotaʻiga le mautinoa e faʻamaonia le faʻamaonia o le tasi i le tasi. O ana tisaini na muamua taulaʻi atu i se tagata o tausia-auaunaga faʻataʻitaʻiga, ma e maua ai faʻamaoniga taʻitasi: uma tagata o tausia ma tautua faʻamaonia le tasi o le tasi. O faʻamatalaga faʻamaoni e puipuia e puipuia ai fa'alogo y toe osofaʻi.

    O Kerberos e faʻavae i luga o le symmetric key cryptography ma e manaʻomia le talitonuina i le pati lona tolu. I se faʻaopopoga, e i ai faʻaopoopoga i le maliega faʻavae ina ia mafai ai ona faʻaaogaina asymmetric ki cryptography.

    Kerberos e faʻavae i luga ole Needham-Schroeder faʻavae. E faʻaaogaina le vaega lona tolu talitonuina, e taʻua o le "Key Distribution Center" (KDC), lea e aofia ai vaega eseese e lua: o le "Authentication Server" (AS poʻo le Authentication Server) ma le «ticket ticket Tuuina atu tautua» (TGS poʻo le Ticket Granting Server ). Kerberos galue i luga o le faʻavae o "pepa ulufale", lea tautua e faʻamaonia ai le faʻailoga o tagata faʻaaoga.

    Kerberos tausia se database o ki lilo; O vaega taʻitasi i luga o le upega tafailagi - a le o le client poʻo le server - tufatufaina se ki lilo naʻo ia lava ma Kerberos. Malamalama i lenei ki aoga faʻamaonia le faʻailoa o le kamupani. Mo se fesoʻotaʻiga i le va o vaega e lua, Kerberos fausiaina se sauniga ki, lea e mafai ona latou faʻaaogaina e faʻamautu ai a latou faʻafitauli.

Le lelei o Kerberos

De Fausia:

E ui lava Kerberos aveʻese se masani faʻamatau puipuiga, e mafai ona faigata ona faʻatinoina mo le tele o mafuaaga:

  • Malaga mai o tagata e faʻaaoga ai password mai se tulaga faʻaupuga database UNIX, pei o / etc / passwd poʻo / etc / shadow, i le Kerberos password database, e ono faʻatiga ma e leai se vave auala e faʻataunuʻu ai lenei galuega.
  • Kerberos manatu o tagata taʻitasi e faʻatuatuaina, ae o loʻo faʻaaogaina se masini le faʻatuatuaina luga o se le talitonuina upega. O lona autu faʻamoemoe o le puipuia lea o upufaʻailoga e leʻo faʻaaogaina mai le lafoina i luga o le upega tafailagi. Ae peitaʻi, afai e i ai seisi tagata faʻaoga, ese mai i le tagata talafeagai, mafai ona oʻo i le ticketing machine (KDC) mo le faʻamaoniga, o Kerberos o le a i Tulaga Lamatia.
  • Mo se tusi talosaga e faʻaaoga ai Kerberos, o le numera tatau ona toe teuteuina ina ia faia ai le talafeagai valaʻau i le Kerberos faletusi. O apalai e teuteuina i lenei auala e taʻua o le kerberized. Mo nisi tusi talosaga, atonu o lenei o se tele taumafaiga polokalame, ona o le tele o le talosaga poʻo lona Design. Mo isi talosaga le talafeagai, e tatau ona faia suiga i le auala e fesoʻotaʻi ai le 'auʻaunaga o fesoʻotaʻiga ma ana tagata faʻatau; toe, lenei mafai ona fai lava si sili atu o polokalama. I se tulaga lautele, tapunia punavai tusi apalai e leai se lagolago Kerberos e masani lava o le sili ona faʻafitauli.
  • I le iuga, afai e te filifili e faʻaaoga Kerberos i luga o lau 'upega tafaʻilagi, e tatau ona e iloaina o se mea uma pe leai se filifiliga. Afai e te filifili e faʻaaoga Kerberos i luga o lau upega tafaʻilagi, e tatau ona e manatua afai e pasia ni upu faʻamau i se tautua e le faʻaaogaina Kerberos e faʻamaonia ai, o lona uiga ua e ono aafia i le pepa. O le mea lea, o lau upega tafailagi o le a le maua se penefiti mai le faʻaaogaina Kerberos. Ina ia faʻamautuina lau fesoʻotaʻiga ma Kerberos, oe tatau ona naʻo le faʻaogaina o faʻamatalaga o mea uma a le tagata o tausia / tautua e lafoina ai upu faʻamau e leʻo faʻaaogaina pe le o faʻaaogaina nei mea i luga ole laiga.

Faʻaaoga lima ma configuring OpenLDAP o se Kerberos Back-Iuga e le o se faigofie galuega. Ae ui i lea, mulimuli ane o le a tatou vaʻaia ai o le Samba 4 Active Directory - Domain Controller tuʻufaʻatasia i se auala manino mo le Sysadmin, o se DNS server, le Microsoft Network ma lana Domain Controller, LDAP server o Back-End o le toeititi o ona mea uma, ma le Kerberos-faʻavae faʻamaoniga tautua o ni vaega taua o le Microsoft-style Active Directory.

E oʻo mai i le taimi nei e leʻi iai se manaʻoga e faʻatino se "Kerberized Network". O le mea lea matou te leʻo tusi ai e faʻatatau Kerberos.

Samba 4 Active Directory - Domain Pule

Taua:

E leai se sili atu faʻamaumauga nai lo le 'upega tafaʻilagi wiki.samba.org. O Sysadmin e faʻaaloalo ia te ia lava e tatau ona asiasi i le tulaga lea i le Igilisi- ma vaʻai i le tele o laupepa e tuʻuina atoa atu i le Samba 4, tusia e le Team Samba lava ia. Ou te le talitonu o loʻo avanoa ni tusitusiga i luga ole initaneti e sui ai. I le auala, mataʻitu le aofaʻi o asiasiga atagia i lalo o laupepa taʻitasi. O se faʻataʻitaʻiga o lenei o lau itulau autu poʻo le «Autu Itulau» na asia 276,183 taimi e oʻo mai i le aso Iuni 20, 2017 i le 10:10 i sasaʻe o le Taimi Faʻatonu. I se faʻaopopoga, o faʻamaumauga o loʻo teuina pea ona lata mai, ona o lena itulau na toe teuteuina ia Iuni 6.

Mai Wikipedia:

Samba o se faʻatinoina fua o le Microsoft Windows File Sharing Protocol (na taʻua muamua o le SMB, talu ai nei ua toe faaigoaina CIFS) mo UNIX-pei o faiga. I lenei auala, e mafai o komepiuta ma GNU / Linux, Mac OS X poʻo Unix i se tulaga lautele foliga pei o 'auʻauna pe fai o ni tagata faʻatau i Windows network. E faʻatagaina foi e Samba tagata faʻaoga e faʻamaonia o se Peraimeri Domain Controller (PDC), o se sui o le vaega ma e oʻo lava i le Active Directory vaega mo Windows-faʻavae fesoʻotaʻiga; ese mai i le mafai ona tautua lolomiga queues, tufatufaina faʻatonutonuina ma faʻamaonia ma lana ia tagata faʻamaumauga.

Faʻatasi ai ma le Unix-pei o faiga e mafai ai e Samba ona tamoʻe o le GNU / Linux tufatufaina, Solaris ma eseese BSD eseese i e mafai ona matou mauaina le Apple OS Mac Server X.

Samba 4 AD-DC ma lona DNS i totonu

  • Tatou amata mai se mama faʻapipiʻi-aunoa fesoʻotaʻiga faʻafanua- o le Debian 8 "Jessie".

Siaki muamua

aʻa @ matai: ~ # igoa faʻaigoa
aliʻi
aʻa @ matai: ~ # igoa ole igoa --fqdn
master.swl.fan
aʻa @ matai: ~ # ip addr
1: a: mtu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 lautele host host valid_lft faavavau prefer_lft faavavau inet6 :: 1/128 lautele 'au talimalo valid_lft faʻavavau fiafia_lft faavavau 2: eth0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link / ether 00: 0c: 29: 80: 3b: 3f brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.5/24 brd 192.168.10.255 lautele lalolagi eth0
       valid_lft faavavau faʻavagana_lft faavavau inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 lautele avanoa valid_lft faʻavavau fiafia_lft faavavau
aʻa @ matai: ~ # pusi /etc/resolv.conf
saili swl.fan nameserver 127.0.0.1
  • Matou te faʻailoa ai le lala tele naʻo, e sili atu ma le lava mo a matou faʻamoemoe.
aʻa @ matai: ~ # pusi /etc/apt/source.list
aitalafu aitalafu http://192.168.10.1/repos/jessie-8.6/debian/ jessie tele
aitalafu aitalafu http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / faafouga tele

Postfix e Exim ma aoga

root @ master: ~ # aptitude faʻapipiʻi postfix htop mc deborphan

  'Faʻatonuga mulimuli fix │ │ Filifili le ituaiga seti meli faʻatulagaina e sili ona fetaui ma ou manaʻoga │ │. │ │ │ │ Leai se faʻatulagaina: │ │ Taofi le faʻatulagaina o loʻo tumau pea. 'Upega tafaʻilagi i le Initaneti: │ │ Meli e lafo ma mauaina saʻo faʻaoga SMTP. │ │ Initaneti ma le "smarthost": │ │ Meli e maua saʻo e faʻaaoga ai SMTP pe faʻatautaia se │ │ mea faigaluega pei o le "fetchmail". Lafo lafo meli lafoina faʻaaogaina │ │ a "smarthost". Mail │ Naʻo imeli i le lotoifale: │ │ Pau lava le meli e kilivaina mo tagata faʻaaoga. Leai │ │ e iai le upega tafailagi. │ │ │ │ Lautele ituaiga o meli faʻatulagaina: │ │ │ │ Leai configuration │ │ 'Upega tafaʻilagi Initaneti │ │ Initaneti ma le "smarthost" │ │ Satelite sisitema │ │                         Naʻo imeli i le lotoifale                                │ │ │ │ │ │                                     │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── ─────┤ Faʻatulagaina Postfix ├─────────────────────────┐ │ O le "meli igoa igoa" o le igoa o le vaega e │ │ e faʻaaoga e "agavaʻa ai" _ALL_ imeli tuatusi e aunoa ma se igoa igoa. E aofia ai ma meli i ma mai le "aʻa": faʻamolemole aua le faia │ │ lau masini lafo imeli mai root@example.org ia │ │ laititi atu i le root@example.org Fesili atu. │ │ │ │ O isi polokalame o le a faʻaaogaina lenei igoa. E tatau ona avea ma tulaga ese │ │ agavaʻa igoa igoa (FQDN). │ │ │ │ O lea la, afai o se imeli tuatusi i luga o le lotoifale masini o le │ │ se mea@example.org, o le sao saʻo mo lenei filifiliga o le a avea ma example.org. System │ │ │ Igoa ole igoa meli: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Matou te faʻamama

aʻa @ matai: ~ # faʻamamaina faʻamama ~ c
aʻa @ matai: ~ # aptitude faʻapipiʻi -f
aʻa @ matai: ~ # aptitude mama
aʻa @ matai: ~ # aptitude autoclean

Matou te faʻapipiʻi manaʻoga e tuʻufaʻatasia Samba 4 ma isi afifi talafeagai

root @ master: ~ # aptitude faʻapipiʻi acl atr autoconf bison \
fausia-manaʻomia debhelper dnsutils docbook-xml docbook-xsl flex gdb \
krb5-tagata faʻaaoga libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev perl perl-modules pkg-config \
python-all-dev python-dev python-dnspython python-crypto \
xsltproc zlib1g -dev libgpgme11 -dev python -gpgme python -m2crypto \
libgnutls28-dbg gnutls-dev ldap-utils krb5-config

 ┌───────────────┤ Faʻamautuina Kerberos faʻamaoniga ├───────────────┐ │ A faʻaoga e taumafai e faʻaaoga Kerberos ma faʻamaoti se igoa │ │ puleaoga poʻo tagata faʻaaoga e aunoa ma le faʻamaninoina o le pulega Kerberos vaega o le autu │ │ aofia ai, o le faiga aveese le masani ai │ │ malo.  E mafai foi ona faʻaaogaina le malo le aoga o le │ │ malo o le tautua a Kerberos o loʻo faʻatautaia i luga o le masini a le atunuʻu.  │ │ E masani lava, o le malo le lelei o le igoa pito i luga o le lotoifale DNS │ │ domain.  Ber version │ │ Kerberos version 5 faaletonu malo: │ │ │ │ SWL.FAN ________________________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────┤ ┌───────────────┤ Faʻamautuina faʻamaonia Kerberos │ │ Ulufale i igoa o 'auʻauna Kerberos i le SWL.FAN malo o │ │ Kerberos, vavaeʻese i avanoa.  │ │ │ │ Kerberos servers mo lou malo: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────┤ ┌───────────────┤ Faʻamautuina faʻamaonia Kerberos │ │ Ulufale i le pulega igoa igoa (fesuiaʻiga o upu) │ │ mo le Kerberos SWL.FAN malo.   

O le faʻagasologa i luga na alu ai sina taimi ona e leʻi iai sa matou auaunaga DNS. Ae ui i lea, na e filifilia le itu saʻo i lau faila / Isi / 'au. Manatua lena i le faila /etc/resolv.conf ua matou taʻutino atu o se igoa igoa tautua i le IP 127.0.0.1.

Ua matou faʻatulagaina nei le / etc / ldap / ldap / conf file

aʻa @ matai: ~ # nano /etc/ldap/ldap.conf
FUA dc = swl, dc = ili URI ldap: //master.swl.fan

Mo fesili faʻaogaina le faʻatonuga ldapsarch faia mai le aʻa tagata faʻaaoga o le ituaiga ldapsearch -x -W cn = xxxx, e tatau ona tatou faia le faila /root/.ldapsearch ma mea o loʻo mulimuli mai:

aʻa @ matai: ~ # nano .ldaprc
BINDDN CN = Pule, CN = Tagata faʻaoga, DC = swl, DC = ili

O le faila faila e tatau ona lagolagoina ACL - Access Control List

aʻa @ matai: ~ # nano / etc / fstab
# / etc / fstab: faʻamatalaga faila faila static. # # Faʻaaoga le 'blkid' e lolomi ai le faʻailoga tulaga ese lautele mo se # masini; e mafai ona faʻaaoga lenei ma UUID = o se auala sili ona malosi e taʻu ai igoa masini # e aoga tusa lava pe faʻaopopo tisiki ma aveʻese. Vaai fstab (5). # # # / was on / dev / sda1 i le taimi na faʻapipiʻi ai UUID = 33acb024-291b-4767-b6f4-CF207a71060c / ext4 user_xattr, acl, papupuni = 1, noatime, mea sese = remount-ro 0 1
# swap sa i luga / dev / sda5 i le taimi na faʻapipiʻi ai UUID = cb73228a-615d-4804-9877-3ec225e3ae32 leai se swap sw 0 0 / dev / sr0 / media / cdrom0 udf, iso9660 tagata faʻaaoga, noauto 0 0

aʻa @ matai: ~ # mauga a

aʻa @ matai: ~ # paʻi suʻega_acl.txt
aʻa @ matai: ~ # setfattr -n user.test -v suʻega suʻega_acl.txt
root @ master: ~ # setfattr -n security.test -v test2 tofotofoina_acl.txt
aʻa @ matai: ~ # getfattr -d suʻega_acl.txt
# faila: tofotofoina_acl.txt user.test = "tofotofoga"

aʻa @ matai: ~ # getfattr -n security.test -d tofotofoina_acl.txt
# faila: tofotofoina_acl.txt security.test = "test2"

aʻa @ matai: ~ # setfacl -mg: adm: rwx tofotofoina_acl.txt

aʻa @ matai: ~ # getfacl tofotofoina_acl.txt
# faila: suʻega_acl.txt # ana: root # group: root user :: rw- group :: r-- group: adm: rwx mask :: rwx isi :: r--

Matou te mauaina le puna Samba 4, tuʻufaʻatasia, ma faʻapipiʻi

E matua fautuaina lava e download mai le faila o le failaoa Stable mai le 'upega tafaʻilagi https://www.samba.org/. I a matou faʻataʻitaʻiga matou te aumaia ai le kopi samba-4.5.1.tar.gz agai i le faila / filifili.

aʻa @ matai: ~ # cd / opt
aʻa @ matai: / opt # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
aʻa @ matai: / filifili # tar xvfz samba-4.5.1.tar.gz
aʻa @ matai: / filifili # cd samba-4.5.1 /

Filifiliga faʻalelei

Afai matou te mananaʻo e faʻatulagaina filifiliga faʻatulagaina, matou te faʻatinoina:

aʻa @ matai: /opt/samba-4.5.1# ./faʻatulagaina - fesoasoani

ma le faʻaeteete tele filifili i mea tatou te manaʻomia. E fautuaina e siaki pe mafai ona faʻapipiʻi le afifi na tuʻuina mai i luga o le tufatufaga Linux o loʻo matou faʻaaogaina, ae i le matou tulaga ia Debian 8.6 Jessie:

aʻa @ matai: /opt/samba-4.5.1# ./configure faʻasese

Matou te faʻatulagaina, tuʻufaʻatasia ma Faʻapipiʻi samba-4.5.1

  • Mai mea na muamua faʻapipiʻiina ma faila 8604 (e fausia ai le samba-4.5.1.tar.gz) e tusa ma le 101.7 megabytes -e aofia ai ma le source3 ma le source4 folder e mamafa e tusa ma le 61.1 megabytes - o le a tatou maua se sui mo se Microsoft-style Active Directory, o se tulaga lelei ma le mautu sili atu nai lo taliaina mo soʻo se gaosiga siosiomaga. E tatau ona tatou faʻamamafaina le galuega a le Team Samba i le kilivaina o le Free Software Samba 4.

O tulafono o loʻo i lalo o tulafono masani ia mo le tuʻufaʻatasia ma le tuʻuina o afifi mai a latou mea e maua ai. E tatau ona tatou onosaʻi aʻo tumau le gaioiga atoa. Pau lava lea o le auala e maua ai iʻuga saʻo ma saʻo.

aʻa @ matai: /opt/samba-4.5.1# ./faʻatulagaina --with-systemd -faʻaleaogaina ipu
aʻa @ matai: /opt/samba-4.5.1# fai
aʻa @ matai: /opt/samba-4.5.1# faʻaopoopo

I le taimi o le faʻatonuga gaioiga fai, e mafai ona tatou vaʻaia le tuʻufaʻatasia o le Samba 3 ma le Samba 4. O le mafuaʻaga lena na faʻamaonia ai e le Team Samba, o lana faʻamatalaga 4 o le faʻafouga masani lea o le version 3, e le gata i le Domain Controllers e faʻavae i le Samba 3 + OpenLDAP, ma faila faila, pe sili atu lomiga o Samba 4.

Faʻavasegaina o Samba

O le a matou faʻaaogaina o DNS le SAMBA_INCEAL. en https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End o le a matou mauaina nisi faʻamatalaga. A latou fesili mai ia i matou mo le password a le Administrator tagata faʻaaoga, e tatau ona ta taina se tasi o le laʻititi maualalo o 8 mataitusi faʻapea foi ma mataʻitusi - pito i luga ma lalo mataʻutia - ma numera.

Ae tatou te leʻi o atu i le sauniuniga ma ia faafaigofie le olaga, matou te faaopoopoina le Ala o le Samba faʻaaogaina i la matou faila .bashrcOna matou tapunia lea ma toe ulufafo.

aʻa @ matai: ~ # nano .bashrc
# ~ / .bashrc: faʻataunuʻuina e bash (1) mo atigi le ulufale i totonu. # Faʻaliga: PS1 ma umask ua uma ona seti i totonu / etc / talaʻaga. E le tatau # manaʻomia lenei seʻi vagana ua e manaʻo i eseese ese mo aʻa. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # Atonu e te le faʻavasega laina ia pe a e manaʻo e valivali ia `ls ': # export LS_OPTIONS =' - lanu = auto '# eval "` dircolors` "# alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # Nisi isi igoa e aloese ai mai le faia o mea sese: # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
folafola -x PATH = "/ usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / local / samba / lapisi "

root @ master: ~ # exit logout Fesoʻotaʻiga i le master tapunia. xeon @ sysadmin: ~ $ ssh aʻa @ matai

root @ master: ~ # samba-tool domain aiaiga --use-rfc2307 --interactive
Lalolagi [SWL.FAN]: SWL.FAN
 Nofoaga [SWL]: SWL
 Tuʻufaʻatasi Server (dc, member, standalone) [dc]: dc
 DNS backend (SAMBA_INTERNAL, BIND9_FLATSON, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INCEAL
 DNS tuatusi IP tuatusi (tusi 'leai' e faʻamuta ai le lafo atu i luma) [192.168.10.5]: 8.8.8.8
Faʻatonu upu faʻatonu: LauPassword2017
Toe lolomi le faʻaupuga: LauPassword2017
Sailia o IPv4 tuatusi Vaʻai IPv6 tuatusi Leai IPv6 tuatusi o le a tofiaina Faatuina share.ldb Faʻatuina lilo.ldb Fausiaina o le lesitala Le faʻatutuina o faʻamaumauga o faʻamaumauga Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and setting Setting luga sam.ldb rootDSE Uluai uta le Samba 4 ma AD schema Faʻaopoopo DomainDN: DC = swl, DC = fan Faʻaopoopoina fagu faʻatulagaina Setting up sam.ldb schema Faʻatuina sam.ldb faʻatulagaina faʻamatalaga Faʻatulagaina faʻaaliga auiliili Fetuʻunaʻi faʻaaliga auiliili Faʻaopopoina tagata faʻaaoga container Fesuiaʻiga o mea e faʻaaoga ai container Faʻapipiʻiina o pusa komepiuta Fesuiaʻiga o koneteina container Faʻatulagaina o sam.ldb faʻamaumauga Faʻatutuina sili lauiloa pulega puipuiga Faʻatulagaina sam.ldb tagata faʻaoga ma kulupu Faʻatuina a latou lava auai Faʻaopoopoina DNS tala Fausiaina CN = MicrosoftDNS, CN = System, DC = swl, DC = fan Fausiaina DomainDnsZones ma ForestDnsZones vaeluaina Populate DomainDnsZones ma ForestDnsZones vaeluaina Faʻatuina sam.ldb rootDSE faʻailoga e pei o faʻatasi Faʻaleleia Fofoina aiaigaO le faʻatulagaina Kerberos talafeagai mo Samba 4 na fausia i le /usr/local/samba/private/krb5.conf Faʻatuina ni faʻasologa pepelo yp server A maeʻa ona faʻapipiʻi faila i luga, o lau Samba4 server o le a sauni e faʻaaoga le Server Role: active Directory domain pule Hostname: matai NetBIOS Domain: SWL DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556

Aua neʻi galo ona kopi le faila faʻamaumauga Kerberos e pei ona faʻailoa mai e le galuega faatino a le Tuuina atu:

aʻa @ matai: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

Aua le taina le faʻatonuga samba-mea faigaluega ma lou igoa atoa, matou te faia se faʻatusa faʻatusa ma le igoa puʻupuʻu mea faigāluega:

aʻa @ matai: ~ # ln -s / usr / local / samba / bin / samba-tool / usr / local / samba / bin / tool

Matou te faʻapipiʻi le NTP

O se vaega taua i totonu o le Active Directory o le Network Time Service .. A o le faʻamaoniga e faia e ala ia Kerberos ma ana Pepa, o le faʻafetauiina o le taimi ma le Samba 4 AD-DC e taua tele.

aʻa @ matai: ~ # aptitude install ntp
aʻa @ matai: ~ # mv /etc/ntp.conf /etc/ntp.conf.original

aʻa @ matai: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd statistics loopstats peertats clockstats filegen loopstats faila loopstats type day mafai ai faila filegentats faila peertats type day mafai ai filegenstats faila o uati ituaiga uati aso mafai ai le server 192.168.10.1 faʻatapulaʻa -4 le faʻaaogaina o le kod notrapify nopeer noquery faʻatapulaʻa -6 default kod notrap nomodify nopeer noquery tapu faʻatapulaʻaina mssntp tapulaʻa 127.0.0.1 faʻatapulaʻa :: 1 faasalalauga 192.168.10.255

aʻa @ matai: ~ # tautua ntp toe amata
aʻa @ matai: ~ # tautua ntp tulaga

aʻa @ matai: ~ # tail -f / var / log / syslog

Afai a o suʻesuʻeina le syslog Faʻaaogaina le faʻatonuga i luga pe faʻaaogaina tusitalafaʻamatalaga -f tatou maua le savali:

Jun 19 12:13:21 matai ntpd_intres [1498]: maliu le matua ae leʻi uma, exiting

e tatau ona tatou toe amata le tautua ma toe taumafai. O lea ua matou fausia le faila ntp_signd:

aʻa @ matai: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
ls: le mafai ona ofi i / usr / local / samba / var / lib / ntp_signd: E leai se faila poʻo se faʻasino

aʻa @ matai: ~ # mkdir / usr / local / samba / var / lib / ntp_signd
aʻa @ matai: ~ # aʻa aʻa: ntp / usr / local / samba / var / lib / ntp_signd /
aʻa @ matai: ~ # chmod 750 / usr / local / samba / var / lib / ntp_signd / root @ master: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /

# E pei ona talosagaina luga o samba.wiki.org
aʻa @ matai: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
drwxr-x --- 2 aʻa ntp 4096 Jun 19 12:21 / usr / local / samba / var / lib / ntp_signd

Matou te configure le Samba amata faʻaaoga systemd

aʻa @ matai: ~ # nano /lib/systemd/system/samba-ad-dc.service
[Tautua] Ituaiga = forking PIDFile = / usr / local / samba / var / run / samba.pid LimitNOemium = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / fasioti -HUP $ MAINPID [Faʻamau] WantedBy = multi-user.target

aʻa @ matai: ~ # systemctl faʻatagaina samba-ad-dc
aʻa @ matai: ~ # toefaʻa

aʻa @ matai: ~ # systemctl tulaga samba-ad-dc
aʻa @ matai: ~ # systemctl tulaga ntp

Samba 4 AD-DC faila nofoaga

UMA -toʻesea le samba-ad-dc.service faatoa faia- o faila i totonu:

aʻa @ matai: ~ # ls -l / usr / local / samba /
aofaʻi 32 drwxr-sr-x 2 aʻa faigaluega 4096 Jun 19 11:55 te
drwxr-sr-x 2 aʻa faigaluega 4096 Jun 19 11:50 etc.
drwxr-sr-x 7 aʻa faigaluega 4096 Jun 19 11:30 aofia
drwxr-sr-x 15 aʻa faigaluega 4096 Jun 19 11:33 lib
drwxr-sr-x 7 aʻa faigaluega 4096 Jun 19 12:40 patino
drwxr-sr-x 2 aʻa faigaluega 4096 Jun 19 11:33 sbin
drwxr-sr-x 5 aʻa faigaluega 4096 Jun 19 11:33 sea
drwxr-sr-x 8 aʻa faigaluega 4096 Jun 19 12:28 var

i le faiga sili ona lelei UNIX. E fautuaina i taimi uma e suʻe i totonu o isi laupepa ma suʻesuʻeina a latou mataupu.

Faila /usr/local/samba/etc/smb.conf

aʻa @ matai: ~ # nano /usr/local/samba/etc/smb.conf 
# Faʻavaʻaiga lalolagi [lalolagi] netbios igoa = MASTER malo = SWL.FAN workgroup = SWL dns forwarder = 8.8.8.8 tautua tautua = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns server role = active Directory domain controller faʻatagaina dns faafouga = puipuia naʻo idmap_ldb: faʻaaoga rfc2307 = ioe idmap config *: backend = tdb idmap config *: laina = 1000000-1999999 ldap server manaʻomia malosi auth = leai printcap igoa = / dev / null [netlogon] auala = /usr/local/samba/var/locks/sysvol/swl.fan/scripts faitau na o le = Leai [sysvol] ala = / usr / local / samba / var / loka / sysvol faitau lava = Leai

aʻa @ matai: ~ # testparm
Avega faila o le smb config mai le /usr/local/samba/etc/smb.conf Faʻagasologa o vaega "[netlogon]" Vaega faʻagasologa "[sysvol]" Faila faila tautua na lelei. Tuʻufaʻatasiga a le aufaigaluega: ROLE_ACTIVE_DIRECTORY_DC Press ulufale e vaʻai se lafoa o au tautua faʻauiga # Global parameter [global] malo = SWL.FAN workgroup = SWL dns forwarder = 192.168.10.1 ldap server manaʻomia malosi auth = Le passdb backend = samba_dsdb server role = active Directory vaega pule rpc_server: tcpip = leai rpc_daemon: spoolssd = tamau rpc_server: spoolss = utaina rpc_server: winreg = utaina rpc_server: ntsvcs = utaina rpc_server: eventlog = utaina rpc_server: srvsvtvt externals : fafo paipa = config idmap moni *: tele = 1000000-1999999 idmap_ldb: faʻaaoga rfc2307 = ioe idmap config *: backend = tdb faʻamaumauga faʻamaumauga = Leai se faʻafanua faitau pea = leai faleoloa dos uiga = Ioe vfs mea = dfs_samba4 acl_xattr [netlogon] ala = / usr / local / samba / var / loka / sysvol / swl.fan / scripts faitau naʻo = Leai [sysvol] auala = / usr / local / samba / var / loka / sysvol faitau naʻo = Leai

Siaki laiti

aʻa @ matai: ~ # mea faigaluega tulaga tulaga faʻaalia
Laʻasaga ma galuega o le vaomatua maualuga mo le itu 'DC = swl, DC = fan' Vaʻaiga o le vaomatua tulaga: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Laʻititi o galuega faatino o le DC: (Windows) 2008 R2

aʻa @ matai: ~ # ldapsearch -x -W

aʻa @ matai: ~ # mea faigaluega dbcheck
Siakiina o 262 mea Siaki Siaki 262 mea (0 mea sese)

aʻa @ matai: ~ # kinit Pule
Upu faataga mo Pule@SWL.FAN: 
aʻa @ matai: ~ # klist -f
Pepa faʻailoga: Faila: / tmp / krb5cc_0
Peraimeri faʻaletonu: Pule@SWL.FAN

Faʻamaonia amata Lavaʻa maeʻa Auaunaga autu 19/06/17 12:53:24 19/06/17 22:53:24  krbtgt/SWL.FAN@SWL.FAN
    toe faʻafou seʻia 20/06/17 12:53:18 PM, Fuʻa: RIA

aʻa @ matai: ~ # kdestroy
aʻa @ matai: ~ # klist -f
klist: Faʻamaoniga cache faila '/ tmp / krb5cc_0' le maua

aʻa @ matai: ~ # smbclient -L localhost -U%
Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Sharename Ituaiga Faʻamatalaga ---- - ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Auaunaga (Samba 4.5.1) Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Faʻamatalaga a le auauna ----- ------- Workgroup Master ---- ----- -------

aʻa @ matai: ~ # smbclient // localhost / netlogon -UAdadbator -c 'ls'
Ulufale upu faʻatonu a le Administrator: Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 poloka o le telē 1024. 16198044 poloka ua avanoa

aʻa @ matai: ~ # mea faigaluega dns serverinfo matai -U pule

aʻa @ matai: ~ # talimalo - SRV _ldap._tcp.swl.fan
_ldap._tcp.swl.fan ei ai le SRV faamaumauga 0 100 389 master.swl.fan.

aʻa @ matai: ~ # talimalo - SRV _kerberos._udp.swl.fan
_kerberos._udp.swl.fan ei ai le SRV faamaumauga 0 100 88 master.swl.fan.

aʻa @ matai: ~ # talimalo - O le matai.swl.fan
master.swl.fan ei ai le tuatusi 192.168.10.5

aʻa @ matai: ~ # talimalo - SOA swl.fan
swl.fan ei ai SOA faamaumauga matai.swl.fan. hostmaster.swl.fan. 1 900 600 86400 3600

aʻa @ matai: ~ # talimalo - NS swl.fan
swl.fan igoa tautua master.swl.fan.

aʻa @ matai: ~ # talimalo - MX swl.fan
swl.fan leai ni faamaumauga MX

aʻa @ matai: ~ # samba_dnsupdate --verbose

aʻa @ matai: ~ # lisi mea faʻaoga mea faigaluega
Pule le malo krbtgt malo

aʻa @ matai: ~ # lisi kulupu mea faigaluega
# O le faʻatinoga o se vaega o kulupu. ;-)

Matou te faʻatonutonuina le Samba 4 AD-DC

Afai matou te manaʻo e toe faʻaleleia le faʻaiuga i aso o le Administrator password; o le faigata o upu faʻapipiʻi; o le umi maualalo o le password; le laʻititi ma maualuga le umi - ile aso - ole password; ma suia le faʻatonuga a le Administrator faʻalauiloa i le taimi o le Tuuina atu, e tatau ona tatou faʻatinoina tulafono nei ma le tulaga faatauaina fetuunai i ou manaʻoga:

aʻa @ matai: ~ # mea faigaluega
Faʻaaogaina: samba-mea faigaluega Main samba pulega meafaigaluega. Filifiliga: -h, --help faʻaali lenei fesoasoani feʻau ma alu ese Faʻamatalaga Filifili: -V, --version Faʻaalia numera numera Avanoa tamaʻi tusi: dbcheck - Siaki nofoaga AD faʻamaumauga mo mea sese. sui usufono - Pulega o sui. dns - Domain Name Service (DNS) pulega. vaega - Pulega faʻafoeina. drs - Faʻatonutonuina o le Tautua Faʻasologa o Auaunaga (DRS). dsacl - DS ACLs togafiti. fsmo - Flexible Nofofua Matai Faagaioiga (FSMO) matafaioi pulega. gpo - Vaega Faʻatonutonu Faiga Faʻavae (GPO) puleaina. kulupu - Pulega faʻavaega. ldapcmp - Faʻatusatusa lua ldap database. ntacl - NT ACLs togafiti. faiga - Lisi faʻagasologa (e fesoasoani debugging i luga o sisitema e aunoa ma setproctitle). rodc - Faitau-Naʻo Domain Pule (RODC) pulega. 'upega tafaʻilagi - Pulega o nofoaga. spn - Auaunaga Autu Autu (SPN) pulega. testparm - Syntax siaki le faila faʻatulagaina. taimi - Toe aumai le taimi i luga o se sapalai. tagata faʻaoga - Pulega o tagata. Mo nisi fesoasoani i luga o se subcommand faʻapitoa, faʻamolemole ituaiga: samba-mea faigaluega (-h | --help)

root @ master: ~ # mea faigaluega faʻaaoga setexpiry pule --noexpiry
aʻa @ matai: ~ # mea faigaluega igoa seti setiina --min-pwd-length = 7
root @ master: ~ # mea faigaluega tulaga seti setema seti --min-pwd-age = 0
root @ master: ~ # mea faigaluega tulaga seti setema seti --max-pwd-age = 60
aʻa @ matai: ~ # mea faigaluega faʻaaoga setpassword --filter = samaccountname = Administrator --newpassword = Passw0rD

Matou te faʻaopopoina ni faʻamaumauga DNS

aʻa @ matai: ~ # mea faigaluega dns
Faʻaaogaina: samba-tool dns Domain Name Service (DNS) pulega. Filifiliga: -h, --help faʻaali lenei fesoasoani feʻau ma aluese Laʻau maualalo avanoa: faʻaopopo - Faʻaopopo se DNS faʻamama avega - Aveese se DNS faamaumauga fesili - Fesili se igoa. Roothints - Faʻaafa aʻa faʻailo. serverinfo - Fesili mo le 'auʻaunaga faʻamatalaga. faʻafouga - Faʻafouina le DNS record zonecreate - Fausia se sone. zonedelete - Tape se sone. zoneinfo - Fesili mo faʻamatalaga sone. zonelist - Fesili mo sone. Mo nisi fesoasoani i luga o se subcommand patino, faʻamolemole taina: samba-tool dns (-h | --help)

Meli tautua

aʻa @ matai: ~ # mea faigaluega faʻaopoopo master swl.fan meli O le 192.168.10.9 -U pule
aʻa @ master: ~ # mea faigaluega faʻaopoopo master swl.fan swl.fan MX "mail.swl.fan 10" -U pule

Faʻamau IP o isi sapalai

aʻa @ matai: ~ # mea faigaluega faʻaopoopo master swl.fan sysadmin O le 192.168.10.1 -U pule
root @ master: ~ # mea faigaluega dns faʻaopoopo le master swl.fan fileserver A 192.168.10.10 -U pule
aʻa @ matai: ~ # mea faigaluega dns faʻaopoopo master swl.fan sui A 192.168.10.11 -U pule
aʻa @ matai: ~ # mea faigaluega faʻaopoopo master swl.fan talanoaga O le 192.168.10.12 -U pule

Sone Faʻafetauia

root @ master: ~ # mea faigaluega dns zonecreate matai 10.168.192.in-addr.arpa -U pule
Upu faʻamau mo [SWL \ pule]: Sone 10.168.192.in-addr.arpa ua foafoaina ma le manuia

aʻa @ matai: ~ # mea faigaluega faʻaopoopo master 10.168.192.in-addr.arpa 5 PTR master.swl.fan. -Faʻatonu
aʻa @ matai: ~ # mea faigaluega faʻaopoopo master 10.168.192.in-addr.arpa 9 PTR mail.swl.fan. -Faʻatonu
aʻa @ matai: ~ # mea faigaluega faʻaopoopo master 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. -Faʻatonu
root @ master: ~ # mea faigaluega dns faʻaopoopo le matai 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. -Faʻatonu
aʻa @ matai: ~ # mea faigaluega faʻaopoopo faʻaopoopo 10.168.192.in-addr.arpa 11 PTR sui.swl.fan. -Faʻatonu
aʻa @ matai: ~ # mea faigaluega faʻaopoopo master 10.168.192.in-addr.arpa 12 PTR chat.swl.fan. -Faʻatonu

Siaki

aʻa @ matai: ~ # mea faigaluega dns fesili matai swl.fan meli UMA -U pule
Upu faʻamau mo [SWL \ pule]: Igoa =, Faʻamaumauga = 1, Tamaiti = 0 A: 192.168.10.9 (fuʻa = f0, serial = 2, ttl = 900)

aʻa @ matai: ~ # talimalo talimalo
master.swl.fan ei ai le tuatusi 192.168.10.5
aʻa @ matai: ~ # talimalo sysadmin
sysadmin.swl.fan ei ai le tuatusi 192.168.10.1
aʻa @ matai: ~ # talimalo talimalo
meli.swl.fan ei ai le tuatusi 192.168.10.9
aʻa @ matai: ~ # talimalo talimalo
chat.swl.fan ei ai le tuatusi 192.168.10.12
aʻa @ matai: ~ # sui talimalo
proxy.swl.fan ei ai le tuatusi 192.168.10.11
aʻa @ matai: ~ # talimalo faila
fileserver.swl.fan ei ai le tuatusi 192.168.10.10
aʻa @ matai: ~ # talimalo 192.168.10.1
1.10.168.192.in-addr.arpa igoa igoa pointer sysadmin.swl.fan.
aʻa @ matai: ~ # talimalo 192.168.10.5
5.10.168.192.in-addr.arpa igoa igoa pointer master.swl.fan.
aʻa @ matai: ~ # talimalo 192.168.10.9
9.10.168.192.in-addr.arpa igoa igoa faʻasino meli.swl.fan.
aʻa @ matai: ~ # talimalo 192.168.10.10
10.10.168.192.in-addr.arpa igoa igoa faʻailoga failaerver.swl.fan.
aʻa @ matai: ~ # talimalo 192.168.10.11
11.10.168.192.in-addr.arpa igoa igoa tusi faasino upu sui.swl.fan.
aʻa @ matai: ~ # talimalo 192.168.10.12
12.10.168.192.in-addr.arpa igoa igoa faʻasino talatalanoaga.swl.fan.

Mo le fiailoa

aʻa @ matai: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/ \
DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | grep dn:

Matou te faʻaopopoina tagata faʻaoga

aʻa @ matai: ~ # mea faigaluega faʻaaoga
Faʻaaogaina: samba-mea faigaluega tagata faʻaaoga Pulega o tagata Filifiliga: -h, --help faʻaali lenei fesoasoani feʻau ma tuʻufaʻatasi Avanoa laiti: faʻaopoopo - Fausia se tagata fou. fausia - Fausia se fou tagata faʻaaoga. tape - Tape se tagata faʻaaoga. disable - Faʻamuta se tagata faʻaaoga. faʻatagaina - Faʻaola se tagata faʻaaoga. getpassword - Maua le faʻaupuga upu o le tagata faʻaaoga / komepiuta teuga. lisi - Lisi uma au faʻaoga. upu faʻapipiʻi - Suia le upu faʻataga mo se teuga tupe faʻaaoga (o le tasi aiaia i le faʻamaoniga). setexpiry - Seti le faʻamutaina o se tagata faʻaaoga teuga tupe. setpassword - Seti pe toe seti le faʻaupuga o se teuga tupe faʻaaoga. syncpasswords - Faʻasolo upu faʻataga o teuga tupe a le au faʻaoga. Mo nisi fesoasoani i luga o se subcommand patino, faʻamolemole type: samba-mea faigaluega tagata faʻaaoga (-h | --help)

aʻa @ matai: ~ # mea faigaluega faʻaaoga fausia strides Trancos01
Tagata 'trancos' fausia manuia
aʻa @ matai: ~ # mea faigaluega faʻaaoga fausia gandalf Gandalf01
Tagata 'gandalf' na foafoaina ma le manuia
aʻa @ matai: ~ # mea faigaluega faʻaaoga fausia legolas Legolas01
Tagata 'legolas' na fausia ma le manuia
aʻa @ matai: ~ # lisi mea faʻaoga mea faigaluega
Administrator gandalf legolas strides krbtgt malo

Faʻafoega e ala i kalafi fesoʻotaʻiga poʻo ala web web client

Asiasi i le wiki.samba.org mo faʻamatalaga auiliili pe faʻafefea ona faʻapipiʻi le Microsoft RSAT o Meafaigaluega mo le faʻaaogaina o mea faigaluega mamao. A e le manaʻomia tulafono faʻavae masani na saunia e Microsoft Active Directory, e mafai ona e faʻapipiʻi le afifi ldap-account-pule lea e ofaina se faigofie fesoʻotaʻiga mo pulega e ala i se 'upega tafaʻilagi browser.

O le Microsoft Remote Server Administration Tools (RSAT) polokalame o loʻo aofia i luga o le Windows Server operating system.

Matou te auai i le vaega i le Windows 7 tagata faʻatau e igoa "fitu"

Talu ai e leai sa matou server DHCP i totonu o le upega tafailagi, o le mea muamua lava e tatau ona matou faia o le faʻatulagaina o le network card a le tagata maʻi ma le IP faʻamau, taʻutino mai o le muamua DNS o le IP o le samba-ad-dc, ma siaki le filifiliga "Tusi le tuatusi o lenei fesoʻotaʻiga i le DNS" ua faʻagaoioia. E le faʻatamala e siaki le igoa «fitu»E leʻi lesitalaina ile Samba Internal DNS.

A maeʻa ona tatou auai i le komipiuta i le vaega ma toe amataina, tatou taumafai e tusi faʻamau i totonu ma le tagata faʻaaoga «laa«. O le a matou siakiina e lelei mea uma. E fautuaina foi le siakiina o ogalaau o le Windows Client ma siaki pe faʻafefea ona faʻatasi le taimi.

Faʻatonu ma nisi Windows poto masani o le a mauaina soʻo se siaki latou te faia i luga o le tagata o tausia o le a maua ai faʻamalieina iʻuga.

Aotelega

Ou te faamoemoe o le tusitusiga e aoga i le aufaitau o le FromLinux Community.

Tofa soifua!


O mataupu o le tusitusiga e tausisi ia tatou mataupu silisili o amio lelei faʻatonu. E lipotia se mea sese kiliki iinei.

8 manatu, tuʻu lau

Tuʻu lau faamatalaga

o le a le lomia lou tuatusi imeli.

*

*

  1. E tali atu mo faʻamatalaga: Miguel Ángel Gatón
  2. Faamoemoega o faʻamatalaga: Pulea le SPAM, faʻamatalaga pulega.
  3. Tulaga faʻatulafonoina: Lau maliega
  4. Fesoʻotaʻiga o faʻamatalaga: O faʻamatalaga o le a le fesoʻotaʻi atu i isi vaega vagana i tulafono faʻatulafonoina.
  5. Teuina o faʻamatalaga: Faʻamaumauga tuʻufaʻatasia e Occentus Networks (EU)
  6. Aia Tatau: I soo se taimi e mafai ai ona e faʻatapulaʻaina, toe maua ma aveʻese au faʻamatalaga.

  1.   Gonzalo martinez malo

    O le uumi ae auiliili tusitusiga, sili lelei lea laʻasaga i lea laasaga i auala e fai ai mea uma.

    Ou te faamamafaina le NIS, o le mea moni e ui lava ou te iloa e uiga i lona i ai, ou te leʻi iloa moni le auala e galue ai, talu ai ona o le faamaoni na aumaia pea ia te aʻu le lagona o le mea moni na mate i tafatafa o le LDAP ma le Samba 4.

    PS: Manuia tele lau poloketi fou! Se faʻanoanoaga ona e te le o faʻaauauina tusitusiga iinei, ae o le mea sili e i ai se nofoaga e mulimuli ai ia te oe.

  2.   HO2Gi malo

    Tele aʻoaʻoga pei o taimi uma i laʻu pele, Faʻafeiloaiga Fico.
    Manuia le poloketi.

  3.   IWO malo

    E manaia tele le vaega NIS, oute alofa faʻatasi ma Gonzalo Martinez, na ou iloaina puʻupuʻu ae leai se manatu pe faʻafefea ona faʻatino ma pe o a tulaga na faʻaaogaina ai.
    Faʻafetai lava faʻatasi mo se maoaʻe "ogalaau" o le teori ma aoga tusitusiga.
    I le iuga fou manuia i lau galuega fou «gigainside».

  4.   Feterika malo

    Faʻafetai tele lava i tagata uma mo manatu !!!.
    Tali i le upusii

  5.   mussol malo

    le smb.conf o loʻo e faʻaalia e leai se soʻotaga ma le LDAP, pe faʻapea e faʻamoemoe pe na ou tuua se mea?

  6.   phico malo

    mussol: Lenei o le Samba 4 Active Directory Domain Controler ua uma ona i ai lana fausia-i totonu LDAP server.

  7.   Vincent malo

    E mafai ona e fai mai pe faʻafefea ona tuʻufaʻatasia se mac (apu) i le samba 4 AD-DC?
    Faafetai lava.

  8.   jramirez malo

    Oa mai oe;

    Faʻafetai mo le tusi lesona, manaia tele. E i ai laʻu fesili e uiga i se feʻau e faʻaali mai ia te aʻu.

    aa @ AD: ~ # nping –tcp -p 53 -c 3 ad.rjsolucionessac.com
    Ua le mafai ona foʻia le igoa hostname / IP: ad.rjsolucionessac.com. Manatua e le mafai ona e faʻaaogaina le '/ mask' AND '1-4,7,100-' style IP range
    Le maua se saʻo faʻamoemoe. Faʻamolemole ia mautinoa o auiliili faʻapitoa o IP tuatusi i tulaga masani faʻailogaina poʻo talimalo igoa e mafai ona fofo i le DNS
    aʻa @ AD: ~ #