Tsvuku SWL (V): Debian Wheezy uye ClearOS. SSSD kuvimbiswa kunopesana neyekuzvarwa LDAP.

Mhoro shamwari !. Ndapota, ndinodzokorora, verenga pamberi pa «Nhanganyaya kune Network ine Mahara Software (I): Mharidzo yeClearOS»Uye dhawunirodha iyo ClearOS Nhanho nedanho yekuisa mifananidzo package (1,1 mega), kuti uzive zvatiri kutaura nezvazvo. Pasina kuverenga ikoko zvinenge zvakaoma kutitevera.

Sisitimu Yekuchengetedza Service Daemon

Purogiramu SSD o Daemon yeiyo System Security Service, chirongwa che Fedora, iyo yakazvarwa kubva kune chimwe chirongwa - zvakare kubva kuna Fedora- inonzi YemaharaIPA. Zvinoenderana nevakagadziri vayo, tsananguro ipfupi uye yakasununguka inoshandurwa ichave iri:

SSSD ibasa rinopa mukana kune akasiyana eVatisi uye Vanopa vimbiso. Iyo inogona kugadzirirwa kune yemuno LDAP domeini (LDAP-yakavakirwa chitupa mupi ane LDAP kusimbiswa), kana kune yeLDAP chitupa mupi neKerberos kuvimbiswa. SSSD inopa iyo interface kune system kuburikidza SSN y PAM, uye inowoneka Kudzoka End kuti ubatanidze kune akawanda uye akasiyana nhoroondo mavambo.

Isu tinotenda kuti takatarisana nemhinduro yakakwana uye yakasimba yekusimbisa nekusimbiswa kwevashandisi vakanyoreswa muWorldLDAP, pane idzo dzakataurwa muzvinyorwa zvakapfuura, chinhu chakasiirwa kungwara kwevanhu vese uye nezviitiko zvavo.

Mhinduro yakatsanangurwa muchinyorwa chino ndiyo yakanyanya kukurudzirwa kumakomputa efoni uye malaptop, nekuti zvinotibvumidza kuti tishande zvisina kukamurwa, nekuti SSSD inochengetedza humbowo pakombuta yemuno.

Semuenzaniso network

• Domain Dhairekita, DNS, DHCP: Bvisa Enterprise 5.2sp1.
• Anodzora Zita: cents
• Domain Name: shamwari.cu
• Mutungamiriri IP: 10.10.10.60
• ---------------
• Shanduro yeDebian: wheezy.
• Chikwata chechikwata: debian7
• IP kero: Uchishandisa DHCP

Isu tinoongorora kuti seDVDAP iri kushanda

Isu tinoshandura iyo faira /etc/ldap/ldap.conf uye isa iyo package ldap-zvishandiso:

: ~ # nano /etc/ldap/ldap.conf
[----] BASE dc = shamwari, dc = cu URI ldap: //centos.amigos.cu [----]

: ~ # aptitude yekuisa ldap-zvishandiso: ~ $ ldapsearch -x -b 'dc = shamwari, dc = cu' '(objectclass = *)': ~ $ ldapsearch -x -b dc = shamwari, dc = cu 'uid = matanho '
: ~ $ ldapsearch -x -b dc = shamwari, dc = cu 'uid = legolas' cn gidNumber

Nemirairo miviri yekupedzisira, tinotarisa kuwanikwa kweiyo OpenLDAP server yeedu ClearOS. Ngatitarisei zvakanaka kubuda kwemirairo yapfuura.

Zvakakosha: isu takaongorora zvakare kuti iyo Chitupa Sevhisi mune yedu OpenLDAP server inoshanda nemazvo.

Isu tinoisa iyo sssd package

Inokurudzirwa zvakare kuisa iyo package chigunwe kugadzira macheki anonwa kupfuura iyo ldapsearch:

: ~ # kugona kuisa sssd munwe

Pakupera kwekumisikidza, sevhisi ssd haitange nekuda kwekushaya faira /etc/sssd/sssd.conf. Kuburitswa kwekuisirwa kunoratidza izvi. Naizvozvo, isu tinofanirwa kugadzira iyo faira uye tisiye iyo ne chinotevera chidiki zvemukati:

: ~ # nano /etc/sssd/sssd.conf
[sssd] config_file_version = 2 services = nss, pam # SSSD haizotanga kana usinga gadzire chero domains. # Wedzera masisitimu matsva senge [domeini / ] zvikamu, uye # wobva wawedzera runyorwa rwemasimba (marongero aunoda kuti ivo vabvunzwe # kune "madomeni" hunhu pazasi uye wozorora. domains = amigos.cu [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 # LDAP domain [domain / amigos.cu] id_provider = ldap
munyori_provider = ldap
chpass_provider = ldap # ldap_schema inogona kuiswa ku "rfc2307", iyo inochengeta mazita enhengo dzeboka mu # "memberuid" hunhu, kana ku "rfc2307bis", iyo inochengetera nhengo yeboka reDNs mu # iyo "nhengo" Kana iwe usingazive kukosha uku, bvunza yako LDAP # maneja. # inoshanda neCryOS ldap_schema = rfc2307
ldap_uri = ldap: //centos.amigos.cu
ldap_search_base = dc = shamwari, dc = cu # Ziva kuti kugonesa kuverenga kuchave neyakaenzana mashandiro ekuita. # Nekudaro, iyo yekusarudzika kukosha kwekufungidzira ndeye FALSE. # Tarisa kune iyo sssd.conf peji remurume kuti uwane yakazara ruzivo. enumerate = false # Bvumira isingawanikwe malogi nekuno chengetedza password hashes (default: false). cache_credentials = ichokwadi
ldap_tls_reqcert = bvumira
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt

Kana iyo faira rave rakagadzirwa, isu tinopa iwo anoenderana mvumo uye kutangazve sevhisi:

: ~ # chmod 0600 /etc/sssd/sssd.conf
: ~ # service sssd kutanga

Kana isu tichida kufumisa zvirimo mufaira rapfuura, tinokurudzira kuitisa murume sssd.conf uye / kana kubvunza izvo zviripo zvinyorwa paInternet, kutanga nehukama pakutanga kwenyaya. Uyezve bvunza murume sssd-ldap. Iyo pasuru ssd inosanganisira muenzaniso mu /usr/share/doc/sssd/examples/sssd-example.conf, iyo inogona kushandiswa kuratidza ichipesana neMicrosoft Active Directory.

Zvino isu tinogona kushandisa inonyanya kunwa mirairo chigunwe y getent:

: ~ $ zvigunwe zvemunwe
Kupinda: inofamba Zita: Inotora El Rey Dhairekitori: / imba / inokamba Shell: / bin / bash Haana kumbopinda mukati. Hapana tsamba. Kwete Chirongwa.

: ~ $ sudo inopinda passwd legolas
legolas: *: 1004: 63000: Legolas The Elf: / home / legolas: / bin / bash

Hatichakwanise kuratidza semushandisi weLDAP server. Tisati tashandura iyo faira /etc/pam.d/common-session, kuitira kuti dhairekitori remushandisi rikwanise kugadzirwa paunotanga chikamu chako, kana chisipo, wobva watangazve sisitimu:

[----]
chikamu chinodiwa pam_mkhomedir.so skel = / etc / skel / umask = 0022

### Mutsara uri pamusoro unofanirwa kusanganisirwa PASI
# heano ma-package mapakeji (iyo "Yekutanga" block) [----]

Isu tinotangazve Wheezy yedu:

: ~ # reboot

Mushure mekupinda mukati, bvisa network uchishandisa Connection Manager uye pinda kunze uye dzokera mukati. Faster hapana. Mhanya mune imwe terminal ifconfig uye ivo vachaona kuti iyo eth0 haina kugadziridzwa zvachose.

Shandisa network. Ndokumbira upinde uye upinde zvakare. Tarisa zvakare ne ifconfig.

Ehezve, kuti ushande kunze kwenyika, zvinodikanwa kuti upinde mukati kamwechete apo OpenLDAP iri online, kuitira kuti humbowo huponeswe pakombuta yedu.

Ngatirege kukanganwa kuita wekunze mushandisi akanyoreswa muOldLDAP nhengo yemapoka anodikanwa, achigara achiteerera mushandisi akagadzirwa panguva yekumisikidzwa.

chitsamba:

Dudzira sarudzo ldap_tls_reqcert = never, mufaira /etc/sssd/sssd.conf, Inoita njodzi yekuchengetedza sezvakataurwa papeji SSSD - MIBVUNZO. Iko kusakosha kukosha kuri «chinodikanwa«. Maona murume sssd-ldap. Zvisinei, muchitsauko 8.2.5 Kugadziridza Domains Kubva kuFedora zvinyorwa, zvinotevera zvinotaurwa:

SSSD haitsigire chokwadi pamusoro peiyo isina kunyorwa chiteshi. Nekudaro, kana iwe uchida kuratidza uchipesana ne server yeLDAP, chero TLS/SSL or LDAPS inoda.

SSD haina kutsigira kusimbiswa pamusoro pekodhi isina kunyorwa. Naizvozvo, kana iwe uchida kuratidza uchipesana ne server yeLDAP, zvichave zvakakodzera WDC / SLL o LDAP.

Isu pachedu tinofunga kuti mhinduro yagadziriswa inokwana Enterprise LAN, kubva kunzvimbo yekuchengetedza yekutarisa. Kuburikidza neWWW Village, tinokurudzira kushandisa nzira yakavharidzirwa uchishandisa TLS kana «Yekutakura Yekuchengetedza Layer », Pakati pekombuta yekombuta uye sevha.

Isu tinoedza kuzadzisa izvi kubva pachizvarwa chakakodzera cheSeti Signed zvitupa kana «Kuzvisainira "Pane iyo ClearOS server, asi isu hatina kukwanisa. Iri iri nyaya yakamirira. Kana chero muverengi achiziva kuzviita, gamuchira kuti utsanangure!