General index yeakateedzana: Computer Networks yeSMEs: Sumo
munyori: Federico Antonio Valdes Toujague
Mhoro shamwari neshamwari!
Nechinyorwa ichi ndinoonekana neNharaunda DesdeLinux. Kuonekana kwakakosha kuNharaunda Yakakosha. Kubva zvino zvichienda mberi ndichave mune yangu yega chirongwa chaunogona kuona pairi http://www.gigainside.com.
Chinangwa chikuru cheiyo positi kupa «Mufananidzo Mukuru»Nezve iyo Yekusimbisa Sevhisi neFree Software yatinayo. Zvirinani icho chinangwa chedu. Naizvozvo ichave yakareba, kunyangwe tichiziva kuti zvinopesana nemitemo yakajairika yekunyora zvinyorwa. Tinovimba maSystem Administrators anozvikoshesa.
Tinoda kuratidza kuti yakajairika protocol kune mazhinji eazvino masisitimu echokwadi ndiyo LDAP, uye kuti hazvisi izvo zvekuita kuti unyatsoidzidza, kubva pane yekudzidza yatichawana pane yepamutemo saiti http://www.openldap.org/.
Hatizopa tsananguro dzakadzama - kana zvinongedzo - pazvinhu zvakafukidzwa muzvinyorwa zvakapfuura, kana kune avo vane tsananguro inogona kuwanikwa zvirinyore paWikipedia kana mamwe mawebhusaiti kana zvinyorwa paInternet, kuti tirege kurasikirwa nechinangwa cheshoko ratiri kuda kupa. Tichashandisawo musanganiswa wemazita anoshanda muChirungu neSpanish, sezvo tichifunga kuti masystem mazhinji akazvarwa aine mazita muChirungu uye zvinobatsira kuti veSysadmin vavabatanidze mumutauro wavo wekutanga..
- PAM: Inogadziriswa Yekusimbisa Module.
- NIS: Network_Information_Service.
- LDAP: Yakareruka Dhairekitori Yekuwana Protocol.
- Kerberos: Security protocol yekutendisa vashandisi, makomputa uye masevhisi ari pakati penetiweki, achisimbisa humbowo hwavo maringe nezvakange zviripo mudura reKerberos.
- DS: Directory Server kana Directory Service
- AD–DC: Dhairekitori Inoshanda - Domain Controler
PAM
Isu tinopa diki dzakateedzana kune iyi mhando yekusimbiswa kwenzvimbo, iyo yaunozoona mukuita kwemazuva ese kuti inoshandiswa zvakanyanya apo, semuenzaniso, patinobatana nekambani yekushandira kune Domain Controller kana Active Directory; mepu vashandisi yakachengetwa mune ekunze LDAP dhatabhesi sekunge vaive vemuno vashandisi; kumepu vashandisi vakachengetwa muDomain Dhairekita yeA Active Directory senge ivo vashandisi vemuno, zvichingodaro.
- Squid + PAM Kusimbiswa paCentOS 7.
- Yemunharaunda mushandisi uye boka manejimendi
- NSD Authoritarian DNS Server + Shorewall
- Prosody IM uye vashandisi vemuno
- Postfix + Dovecot + Squirrelmail nevashandisi vemuno
NIS
De Wikipedia:
- Network Information System (inozivikanwa neshoko rayo reNIS, iro muchiSpanish rinoreva Network Information System), izita remutengi-server dhairekitori services sevhisi yakagadzirwa neSun Microsystems yekutumira data rekumisikidza mumasystem akaparadzirwa senge mazita evashandisi uye mauto pakati pemakomputa. pane network.NIS yakavakirwa pane ONC RPC, uye ine sevha, raibhurari-parutivi raibhurari, uye akasiyana ekushandisa maturusi.
NIS pakutanga yainzi iyo Yero Mapeji, kana YP, iyo ichiri kushandiswa kureva iyo. Nehurombo, iro zita chiratidzo cheBritish Telecom, yaida kuti Sun idonhedze iro zita. Zvisinei YP inoramba iri chirevo chekutanga mumazita emirairo yakawanda inoenderana neNIS, senge ypserv uye ypbind.
DNS inoshandira yakaganhurirwa huwandu hweruzivo, chakanyanya kukosha kuve kunyorerana pakati pezita renzvimbo nekero yeIP. Kune mamwe marudzi eruzivo, hapana yakadaro yakasarudzika sevhisi. Kune rimwe divi, kana iwe uchingogadzirisa diki LAN isina kubatana kweInternet, zvinoita kunge zvisina basa kumisa DNS. Ichi ndicho chikonzero Sun yakagadzira iyo Network Information System (NIS). NIS inopa yakajairika dhatabhesi yekugona kugona iyo inogona kushandiswa kugovera, semuenzaniso, iyo ruzivo irimo mune passwd uye mapoka mafaira kune ese ma node pane yako network. Izvi zvinoita kuti network iratidzike senge imwechete sisitimu, iine maakaundi akafanana pane ese maodhi. Saizvozvowo, NIS inogona kushandiswa kugovera iyo node zita ruzivo rwuri mune / etc / mauto kumachina ese pane network.
Nhasi NIS inowanikwa mune angangoita ese kugoverwa kweUnix, uye kune mamwe mahara maitirwo. BSD Net-2 yakaburitsa imwe iyo yakatorwa kubva kuruzhinji rwezvinongedzo kuitiswa kumisangano yakapihwa neSun. Iyo raibhurari kodhi yemutengi chikamu cheiyi vhezheni yakave iripo muGNU / Linux libc kwenguva yakareba, uye zvirongwa zvehutongi zvakatumirwa kuGNU / Linux naSwel Thümmler. Zvisinei, sevha yeNIS inoshaikwa sekureva kwekuitwa.
Peter Eriksson akagadzira mushandirapamwe mutsva unonzi NYS. Inotsigira ese ari maviri ekutanga NIS uye neshanduro yakasimbiswa yeSun NIS +. NYS haingopa chete zvishandiso zveNIS uye sevha, asi zvakare inowedzera yese nyowani seti yemabasa emaraibhurari ayo iwe aunoda kuumbiridza mu libc yako kana iwe uchida kuishandisa. Izvi zvinosanganisira chirongwa chitsva chekumisikidza kusarudzika kwezita renzvimbo iyo inotsiva chirongwa chiripo chinoshandiswa ne "host.conf" faira.
Iyo GNU libc, inozivikanwa se libc6 munharaunda yeGNU / Linux, inosanganisira yakagadziridzwa vhezheni yetsika NIS rutsigiro yakagadzirwa naThorsten Kukuk. Iyo inotsigira ese emaraibhurari mabasa anopiwa neNYS, uye zvakare inoshandisa epamberi NYS yekumisikidza scheme. Iwo maturusi uye sevha zvichiri kudikanwa, asi kushandisa iyo GNU libc kunoponesa dambudziko rekugadzirisa uye kudzoreredza raibhurari
.
Komputa uye zita rezita, network interface uye kugadzirisa
- Isu tinotanga kubva kune yakachena kumisikidza - isina graphical interface- yeDebian 8 "Jessie". Iyo domain swl.fan zvinoreva "Fans of Mahara Software". Nderipi zita riri nani pane iri?.
midzi @ tenzi: ~ # hostname
tenzi
midzi @ tenzi: ~ # hostname -f
master.swl.fan
midzi @ tenzi: ~ # ip addr 1: tarira: munhu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 :: 1/128 chiyero chekutambira chinoshanda_lft zvachose yakasarudzwa_lft zvachose 2: eth0: munhu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 4c: 76: d9 brd ff: ff: ff: ff: ff: ff inet 192.168.10.5/24 brd 192.168.10.255 scope global eth0 valid_lft zvachose unosarudzwa_lft nekusingaperi inet6 fe80 :: 20c: 29ff: fe4c: 76d9 / 64 chiyero chinobatanidza chinoshanda_lft zvachose chinodiwa_lft zvachose
midzi @ tenzi: ~ # kati /etc/resolv.conf
tsvaga swl.fan nameserver 127.0.0.1
Kuiswa kwe bind9, isc-dhcp-server uye ntp
sunga9
midzi @ tenzi: ~ # aptitude gadza bind9 bind9-doc nmap
midzi @ tenzi: ~ # systemctl chinzvimbo bind9
midzi @ tenzi: ~ # nano /etc/bind/named.conf
sanganisira "/etc/bind/named.conf.options"; sanganisira "/etc/bind/named.conf.local"; inosanganisira "/etc/bind/named.conf.default-zones";
midzi @ tenzi: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original
midzi @ tenzi: ~ # nano /etc/bind/named.conf.options
sarudzo {dhairekitori "/ var / cache / bind"; // Kana paine firewall pakati pako nemazita mazita aunoda // kutaura nawo, ungangoda kugadzirisa iyo firewall kubvumidza akawanda // madoko kuti ataure. Maona http://www.kb.cert.org/vuls/id/800113
// Kana yako ISP yakapa imwe kana anopfuura IP maadhi eakagadzikana // nameservers, iwe ungangoda kuvashandisa sevatambi. // Uncomment inotevera block, uye isa maadress anotsiva // iyo yese-0 chinobata. // vanotungamira {// 0.0.0.0; //}; // ============================================== = ==================== $ // Kana BUNGISA matanda ekukanganisa mameseji nezve iyo kiyi yemidzi iri kupera, // iwe uchafanirwa kugadzirisa makiyi ako. Maona https://www.isc.org/bind-keys
// ========================================== == ==================== $ // Hatidi DNSSEC
dnssec-inogonesa kwete;
// dnssec-yekusimbisa auto; auth-nxdomain kwete; # tevedzera RFC1035 teerera-pa-v6 {chero; }; // Zvekutarisa kubva kune localhost uye sysadmin // kuburikidza nekuchera swl.fan axfr // Hatina Varanda DNS ... kusvika zvino
tendera-chinja {localhost; 192.168.10.1; };
}; midzi @ tenzi: ~ # inonzi-checkconf
midzi @ tenzi: ~ # nano /etc/bind/zones.rfcFreeBSD
// Yakagovaniswa Kero Nzvimbo (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
// Unganidzo-yemuno / APIPA (RFCs 3927, 5735 uye 6303)
nzvimbo "254.169.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IETF protocol inopihwa (RFCs 5735 uye 5736)
nzvimbo "0.0.192.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// TEST-NET- [1-3] yeChinyorwa (RFCs 5735, 5737 uye 6303)
nzvimbo "2.0.192.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "100.51.198.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "113.0.203.in-addr.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 Semuenzaniso Range reGwaro (RFCs 3849 uye 6303)
nzvimbo "8.bd0.1.0.0.2.ip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// Mazita eDomain eDhipatimendi uye Kuedza (BCP 32)
zone "test" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "muenzaniso" {mhando tenzi; faira "/etc/bind/db.empty"; }; zone "invalid" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "example.com" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "example.net" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "example.org" {type master; faira "/etc/bind/db.empty"; };
// Router Benchmark Kuedza (RFCs 2544 uye 5735)
nzvimbo "18.198.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "19.198.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IANA Yakachengetedzwa - Old Class E Space (RFC 5735)
nzvimbo "240.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "241.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "242.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "243.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "244.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "245.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "246.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "247.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "248.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "249.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "250.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "251.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "252.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "253.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "254.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IPv6 Isina Kero Kero (RFC 4291)
nzvimbo "1.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "3.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "4.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "5.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "6.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "7.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "8.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "9.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "a.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "b.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "c.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "d.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "e.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "0.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "1.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "2.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "3.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "4.f.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "5.f.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "6.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "7.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "8.f.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "9.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "afip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "bfip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "0.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "1.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "2.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "3.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "4.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "5.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "6.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "7.efip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 ULA (RFCs 4193 uye 6303)
nzvimbo "cfip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "dfip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 Link Yemunharaunda (RFCs 4291 uye 6303)
nzvimbo "8.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "9.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "aefip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "befip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 Yakadzingwa Saiti-Yemunharaunda Kero (RFCs 3879 uye 6303)
nzvimbo "cefip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "defip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "eefip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "fefip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IP6.INT yakabviswa (RFC 4159)
nzvimbo "ip6.int" {type master; faira "/etc/bind/db.empty"; };
midzi @ tenzi: ~ # nano /etc/bind/named.conf.local
// // Ita chero gadziriso yemuno pano // // Funga kuwedzera nzvimbo dze1918 pano, kana dzikasashandiswa musangano rako // dzinosanganisira "/etc/bind/zones.rfc1918";
sanganisira "/etc/bind/zones.rfcFreeBSD";
// Chiziviso chezita, mhando, nzvimbo, uye yekuvandudza mvumo // yeiyo DNS Marekodhi Nzvimbo Dzese // Nzvimbo Dzese dziri mbiri MASTER zone "swl.fan" {mhando tenzi; faira "/var/lib/bind/db.swl.fan"; }; nzvimbo "10.168.192.in-addr.arpa" {mhando tenzi; faira "/var/lib/bind/db.10.168.192.in-addr.arpa"; };
midzi @ tenzi: ~ # inonzi-checkconf
midzi @ tenzi: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ IN SOA master.swl.fan. mudzi.master.swl.fan. (1; serial 1D; zorodza 1H; edza zvakare 1W; kupera 3H); shoma kana; Negative caching nguva yekurarama; @ IN NS tenzi.swl.fan. @ IN MX 10 mail.swl.fan. @ IN A 192.168.10.5 @ IN TXT "For Fans of Free Software"; sysadmin IN A 192.168.10.1 fileserver IN A 192.168.10.4 master IN A 192.168.10.5 proxyweb IN A 192.168.10.6 blog IN A 192.168.10.7 ftpserver MUNE 192.168.10.8 tsamba IN A 192.168.10.9
midzi @ tenzi: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ IN SOA master.swl.fan. mudzi.master.swl.fan. (1; serial 1D; zorodza 1H; edza zvakare 1W; kupera 3H); shoma kana; Negative caching nguva yekurarama; @ IN NS tenzi.swl.fan. ; 1 IN PTR sysadmin.swl.fan. 4 IN PTR fileserver.swl.fan. 5 IN PTR tenzi.swl.fan. 6 IN PTR proxyweb.swl.fan. 7 IN PTR blog.swl.fan. 8 IN PTR ftpserver.swl.fan. 9 IN PTR mail.swl.fan.
midzi @ tenzi: ~ # inonzi-checkzone swl.fan /var/lib/bind/db.swl.fan
zone swl.fan/IN: yakatakura serial 1 OK
midzi @ tenzi: ~ # inonzi-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
nzvimbo 10.168.192.in-addr.arpa/IN: yakatakura serial 1 OK
midzi @ tenzi: ~ # inonzi-checkconf -zp
midzi @ tenzi: ~ # systemctl restart bind9.service
midzi @ tenzi: ~ # systemctl chinzvimbo bind9.service
Bhinda9 cheki
midzi @ tenzi: ~ # dig swl.fan axfr midzi @ tenzi: ~ # chera 10.168.192.in-addr.arpa axfr midzi @ tenzi: ~ # chera IN SOA swl.fan midzi @ tenzi: ~ # chera IN NS swl.fan midzi @ tenzi: ~ # dig IN MX swl.fan midzi @ tenzi: ~ # proxyweb inomiririra midzi @ tenzi: ~ # nping --tcp -p 53 -c 3 localhost midzi @ tenzi: ~ # nping --udp -p 53 -c 3 yemunohost midzi @ tenzi: ~ # nping --tcp -p 53 -c 3 master.swl.fan midzi @ tenzi: ~ # nping --udp -p 53 -c 3 master.swl.fan Kutanga Nping 0.6.47 ( http://nmap.org/nping ) pa2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / A Maphaketi mbichana akatumwa: 84 (0B) | Rcvd: 0 (3B) | Vakarasika: 100.00 (1%) Kubvisa zvaitwa: 3.01 IP kero yakanamirwa mumasekonzi XNUMX
isc-dhcp-server
midzi @ tenzi: ~ # aptitude yekuisa isc-dhcp-server midzi @ tenzi: ~ # nano / etc / default / isc-dhcp-server # Ndeapi maumbirwo ayo DHCP server (dhcpd) inoshandira DHCP zvikumbiro? # Patsanura nzvimbo dzakawanda dzine nzvimbo, semuenzaniso "eth0 eth1". INTERFACES = "eth0" midzi @ tenzi: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-kiyi mudzi @ tenzi: ~ # kati Kdhcp-kiyi. + 157 + 51777 Yakavanzika-kiyi-fomati: v1.3 Algorithm: 157 (HMAC_MD5) Kiyi: Ba9GVadq4vOCixjPN94dCQ == Bits: AAA = Yakagadzirwa: 20170527133656 Tsikisa: 20170527133656 Activate: 20170527133656 midzi @ tenzi: ~ # nano dhcp.key kiyi dhcp-kiyi { algorithm hmac-md5; chakavanzika "Ba9GVadq4vOCixjPN94dCQ == "; }; midzi @ tenzi: ~ # gadza -o mudzi -g kusunga -m 0640 dhcp.key /etc/bind/dhcp.key midzi @ tenzi: ~ # gadza -o mudzi -g mudzi -m 0640 dhcp.key / etc / dhcp /dhcp.key midzi @ tenzi: ~ # nano /etc/bind/named.conf.local sanganisira "/etc/bind/dhcp.key"; nzvimbo "swl.fan" {mhando tenzi; faira "/var/lib/bind/db.swl.fan"; tendera-gadziriso {kiyi dhcp-kiyi; }; }; nzvimbo "10.168.192.in-addr.arpa" {mhando tenzi; faira "/var/lib/bind/db.10.168.192.in-addr.arpa"; tendera-gadziriso {kiyi dhcp-kiyi; }; }; midzi @ tenzi: ~ # inonzi-checkconf midzi @ tenzi: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original midzi @ tenzi: ~ # nano /etc/dhcp/dhcpd.conf ddns-yekuvandudza-maitiro epakati; ddns-inogadziridza pane; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; rega hanya nevatengi-inogadziridza; kugadzirisa-kugadzirisa nhema; # Inogona kudikanwa pane yakatenderwa naDebian; sarudzo ip-kutumira kure; sarudzo domain-zita "swl.fan"; sanganisira "/etc/dhcp/dhcp.key"; nzvimbo swl.fan. {kutanga 127.0.0.1; kiyi dhcp-kiyi; } nzvimbo 10.168.192.in-addr.arpa. {kutanga 127.0.0.1; kiyi dhcp-kiyi; } yakagovaniswa-network redlocal {subnet 192.168.10.0 netmask 255.255.255.0 {sarudzo ma routers 192.168.10.1; sarudzo subnet-mask 255.255.255.0; sarudzo nhepfenyuro-kero 192.168.10.255; sarudzo domain-zita-maseva 192.168.10.5; sarudzo netbios-zita-seva 192.168.10.5; sarudzo ntp-seva 192.168.10.5; sarudzo-nguva-maseva 192.168.10.5; chiyero 192.168.10.30 192.168.10.250; }} midzi @ tenzi: ~ # dhcpd -t Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. Kodzero dzose dzakachengetedzwa. Nezve info, ndapota shanya https://www.isc.org/software/dhcp/ Gadzira faira: /etc/dhcp/dhcpd.conf Dhatabhesi faira: /var/lib/dhcp/dhcpd.leases PID faira: /var/run/dhcpd.pid midzi @ tenzi: ~ # systemctl restart bind9.service midzi @ tenzi: ~ # systemctl chinzvimbo bind9.service midzi @ tenzi: ~ # systemctl kutanga isc-dhcp-server.service midzi @ tenzi: ~ # systemctl chimiro isc-dhcp-server.service
ntp
midzi @ tenzi: ~ # aptitude yekuisa ntp ntpdate midzi @ tenzi: ~ # cp /etc/ntp.conf /etc/ntp.conf.original midzi @ tenzi: ~ # nano /etc/ntp.conf driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable server 192.168.10.1 kudzivirira -4 default kod notrap nomodify nopeer noquery -6 default kod notrap nomodify nopeer noquery inorambidza 127.0.0.1 kudzivirira :: 1 nhepfenyuro 192.168.10.255 midzi @ tenzi: ~ # systemctl restart ntp.service midzi @ tenzi: ~ # systemctl chimiro ntp.service midzi @ tenzi: ~ # ntpdate -u sysadmin.swl.fan 27 Chivabvu 10:04:01 ntpdate [18769]: chinja nguva server 192.168.10.1 kukanganisa 0.369354 sec
Kuongorora kwepasirese kwe ntp, bind9, uye isc-dhcp-server
Kubva kuLinux, BSD, Mac OS, kana Windows mutengi tarisa kuti nguva yakaenderana nenzira kwayo. Kuti inowana yakasimba IP kero uye kuti zita reiye host rinogadziriswa kuburikidza yakananga uye inodzosera DNS mibvunzo. Chinja zita remutengi uye dzokorora zvekare cheki dzese. Usaenderere mberi kusvikira iwe uine chokwadi chekuti masevhisi akaiswa kusvika parizvino ari kushanda nemazvo. Kune chimwe chinhu isu takanyora zvese zvinyorwa nezveDNS uye DHCP mu Computer Networks eSMEs.
Kuiswa kweNIS Server
midzi @ tenzi: ~ # aptitude ratidza nis Kunetsana ne: netstd (<= 1.26) Tsananguro: vatengi uye madhimoni eiyo Network Information Service (NIS) Iyi pasuru inopa maturusi ekumisikidza nekuchengetedza dura reNIS. NIS, pakutanga yaizivikanwa seYellow Mapeji (YP), inowanzoshandiswa kurega michina yakati wandei mu network kugoverana iyo yakafanana nhoroondo account, senge password password. midzi @ tenzi: ~ # kugona kuisa nis Pasuru Kugadziriswa ┌─────────────────────────┤ Nis Kugadziriswa ├──────────────── ── │ │ Sarudza iyo NIS "zita renzvimbo" yeiyi system. Kana iwe uchida uyu │ │ muchina kuti uve mutengi chete, iwe unofanirwa kuisa zita reiyo │ │ NIS dura iwe yaunoda kujoina. Zvimwe, kana muchina uyu uchizove seNIS server, unogona │ │ kuisa nyowani NIS "zita rezita" kana zita renzvimbo iripo yeNIS │ │. IS │ │ │ NIS Domain: │ │ │ │ l fan fan fan ________________ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘
Ichanonotsa yako nekuti kumisikidzwa kwebasa hakuite sekudaro. Ndokumbirawo umirire kuti chirongwa ichi chipedze.
midzi @ tenzi: ~ # nano / etc / default / nis
# Tiri sevha yeNIS uye kana zvirizvo rudzii (kukosha: manyepo, muranda, tenzi)?
NISSERVER = tenzi
root @ master: ~ # nano /etc/ypserv.securenets # safenets Iyi faira inotsanangura kodzero dzekuwana kune yako NIS server # yeNIS vatengi (uye nhapwa maseva - ypxfrd inoshandisa iyi # faira zvakare). Iyi faira ine netmask / network vaviri vaviri. # Yevatengi IP kero inoda kuenderana neinenge imwe # yeaya. # # Mumwe anogona kushandisa izwi rekuti "host" panzvimbo ye netmask ye # 255.255.255.255 Chete IP kero dzinotenderwa mune iri # faira, kwete mazita ekumisidzana. # # Gara uchibvumidza kuwana kwe localhost 255.0.0.0 127.0.0.0 # Iyi tambo inopa mukana kune wese munhu. Ndapota chinja! # 0.0.0.0 0.0.0.0
255.255.255.0 192.168.10.0
midzi @ tenzi: ~ # nano / var / yp / Makefile # Tinofanira kusanganisa iyo passwd faira nemumvuri faira? # MERGE_PASSWD = ichokwadi | nhema
MERGE_PASSWD = ichokwadi
# Tinofanira kusanganisa iro boka refaira neiyo gshadow faira? # MERGE_GROUP = ichokwadi | nhema
MERGE_GROUP = ichokwadi
Isu tinovaka iyo NIS dhatabhesi
midzi @ tenzi: ~ # / usr / lib / yp / ypinit -m Panguva ino, isu tinofanirwa kuvaka runyorwa rwevamiriri vanozomhanya maseva eNIS. master.swl.fan iri mune runyorwa rweNIS server inomiririra. Ndokumbirawo muenderere kuwedzera mazita evamwe mauto, imwe pamutsetse. Paunenge wapedza nerondedzero, nyora a . inotevera inomiririra kuwedzera: master.swl.fan inotevera inomiririra kuwedzera: Razvino runyorwa rweNIS maseva anotaridzika seizvi: master.swl.fan Izvi ndizvo here? [y / n: y] Tinoda maminetsi mashoma kuti tigadzire dhatabhesi ... gadzira [1]: Kusiya dhairekitori '/var/yp/swl.fan' master.swl.fan yakagadzwa seNIS master server . Iye zvino unogona kumhanya ypinit -s master.swl.fan pane ese muranda server. midzi @ tenzi: ~ # systemctl kutangazve nis midzi @ tenzi: ~ # systemctl chinzvimbo nis
Tinowedzera vashandisi vemuno
midzi @ tenzi: ~ # adduser bilbo Kuwedzera mushandisi `bilbo '... Kuwedzera iro idzva boka` bilbo' (1001) ... Kuwedzera mushandisi mutsva` bilbo '(1001) neboka` bilbo' ... Kugadzira dhairekitori repamba` / imba / bilbo ' ... Kuteedzera mafaera kubva ku '/ etc / skel' ... Pinda iyo nyowani nyowani yeUNIX password: Nyorazve iyo nyowani nyowani password: passwd: password yakavandudzwa nemazvo Kuchinja ruzivo rwemushandisi rwe bilbo Pinda iyo nyowani kukosha, kana pinda ENTER kuti ushandise iyo default Zita Rakazara []: Bilbo Bagins Kamuri Nhamba []: Yekushanda Runhare []: Kumba Runhare []: Zvimwe []: Ruzivo rwacho rwakarurama here? [Y / n] midzi @ tenzi: ~ # adduser matanho emudzidzi @ master: ~ # adduser legolas
zvichingodaro.
midzi @ tenzi: ~ # minwe legolas Kupinda: legolas Zita: Legolas Archer Dhairekitori: / kumba / legolas Shell: / bin / bash Haana kumbopinda mukati. Kwete tsamba. Kwete Chirongwa.
Isu tinovandudza iyo NIS dhatabhesi
midzi @ tenzi: / var / yp # make gadzira [1]: Kupinda dhairekitori '/var/yp/swl.fan' Kugadziridza passwd.byname ... Kugadziridza passwd.byuid ... Kugadziridza group.byname ... Kuvandudza group.bygid ... Kuvandudza netid.byname .. Kuvandudza mumvuri.byname ... Kuregererwa -> kwakabatanidzwa nepasswd gadzira [1]: Kusiya dhairekitori '/var/yp/swl.fan'
Isu tinowedzera sarudzo dzeNIS kune isc-dhcp-server
midzi @ tenzi: ~ # nano /etc/dhcp/dhcpd.conf
ddns-yekuvandudza-maitiro epakati; ddns-inogadziridza pane; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; rega hanya nevatengi-inogadziridza; kugadzirisa-kugadzirisa nhema; chiremera; sarudzo ip-kutumira kure; sarudzo domain-zita "swl.fan"; sanganisira "/etc/dhcp/dhcp.key"; nzvimbo swl.fan. {kutanga 127.0.0.1; kiyi dhcp-kiyi; } nzvimbo 10.168.192.in-addr.arpa. {kutanga 127.0.0.1; kiyi dhcp-kiyi; } yakagovaniswa-network redlocal {subnet 192.168.10.0 netmask 255.255.255.0 {sarudzo ma routers 192.168.10.1; sarudzo subnet-mask 255.255.255.0; sarudzo nhepfenyuro-kero 192.168.10.255; sarudzo domain-zita-maseva 192.168.10.5; sarudzo netbios-zita-seva 192.168.10.5; sarudzo ntp-seva 192.168.10.5; sarudzo-nguva-maseva 192.168.10.5;
sarudzo nis-domain "swl.fan";
sarudzo nis-server 192.168.10.5;
chiyero 192.168.10.30 192.168.10.250; }}
midzi @ tenzi: ~ # dhcpd -t
midzi @ tenzi: ~ # systemctl kutanga isc-dhcp-server.service
NIS Mutengi Kuisirwa
- Isu tinotanga kubva kune yakachena kumisikidza - isina graphical interface- yeDebian 8 "Jessie".
midzi @ mail: ~ # hostname -f
mail.swl.fan
midzi @ mail: ~ # ip addr
2: eth0: munhu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
inet 192.168.10.9/24 brd 192.168.10.255 chiyero chenyika yose eth0
midzi @ mail: ~ # kugona kuisa nis
midzi @ mail: ~ # nano /etc/yp.conf # # yp.conf Faira yekugadzirisa yeiyo ypbind maitiro. Unogona kutsanangura # NIS maseva nemaoko pano kana asingakwanise kuwanikwa ne # nhepfenyuro pamambure emuno (zvinova zvisizvo). # # Ona iro rekushandisa peji ypbind ye syntax yeiyi faira. # # ZVINOKOSHA: Kune iyo "ypserver", shandisa IP kero, kana kuve nechokwadi chekuti # iyo inomiririra iri mu / etc / hosts. Iyi faira inongodudzirwa # kamwe, uye kana DNS isingasvikike zvakadaro ypserver haigone # kugadziriswa uye ypbind haizombosunga kuseva. # ypserver ypserver.network.com ypserver master.swl.fan domain swl.fan
midzi @ mail: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Muenzaniso kumisikidzwa kweGNU Name Service Shandura mashandiro. # Kana uine iyo `glibc-doc-reference 'uye` info' mapakeji akaiswa, edza: #` info libc "Name Service switchch" 'kuti uwane ruzivo nezve iyi faira. passwd: compat nis boka: compat nis shadow: compat nis gshadow: mafaira mauto: mafaira dns nis network: mafaira protocols: db mafaira mabasa: db mafaira ethers: db mafaira rpc: db mafaira netgroup: nis
midzi @ mail: ~ # nano /etc/pam.d/common-session
# pam-auth-kugadzirisa (8) kune rumwe ruzivo.
chikamu chisarudzo pam_mkhomedir.so skel = / etc / skel umask = 077
# heano ma-package mapakeji (iyo "Yekutanga" block)
midzi @ mail: ~ # systemctl chinzvimbo nis
midzi @ mail: ~ # systemctl kutangazve nis
Isu tinovhara musangano uye toitangazve asi nemushandisi akanyoreswa mudura reNIS pa master.swl.fan.
midzi @ mail: ~ # kubuda logout Kubatanidza kune tsamba yakavharwa. buzz @ sysadmin: ~ $ ssh legolas @ tsamba legolas @ password yeemail: Kugadzira dhairekitori '/ imba / legolas'. Iwo mapurogiramu akasanganisirwa neiyo Debian GNU / Linux system ndeye mahara software; mazwi chaiwo ekuparadzira chirongwa chega chega anotsanangurwa mune ega mafaera mu / usr / share / doc / * / copyright. Debian GNU / Linux inouya neABSOLUTELY NO garandi, kusvika padanho rinotenderwa nemutemo unoshanda. legolas @ tsamba: ~ $ pwd / kumba / legolas legolas @ tsamba: ~ $
Isu tinoshandura password yeiyo legolas mushandisi uye tarisa
legolas @ tsamba: ~ $ yppasswd Kuchinja ruzivo rweNIS account ye legolas pane master.swl.fan. Ndokumbirawo kuti upinze rekare password: legolas Kuchinja NIS password ye legolas pane master.swl.fan. Ndokumbirawo kuti nyora nyowani nyowani: archer Iyo pasiwedhi inofanira kunge iine ese epamusoro uye madiki mavara, kana asiri mavara. Ndokumbirawo kuti nyora nyowani nyowani: Arquero2017 Ndokumbira utorezve nyowani nyowani: Arquero2017 Iyo NIS password yakachinjwa pane master.swl.fan. legolas @ mail: ~ $ kubuda logout Kubatanidza kune tsamba yakavharwa. buzz @ sysadmin: ~ $ ssh legolas @ tsamba legolas @ pasiwedhi password: Arquero2017 Iwo mapurogiramu akasanganisirwa neiyo Debian GNU / Linux system ndeye mahara software; mazwi chaiwo ekuparadzira chirongwa chega chega anotsanangurwa mune ega mafaera mu / usr / share / doc / * / copyright. Debian GNU / Linux inouya neABSOLUTELY NO garandi, kusvika padanho rinotenderwa nemutemo unoshanda. Kwekupedzisira kupinda: Sat May 27 12:51:50 2017 kubva sysadmin.swl.fan legolas @ tsamba: ~ $
Iyo NIS Service inoitwa pane sevha uye mutengi chikamu chinoshanda nemazvo.
LDAP
Kubva kuWikipedia:
- LDAP ndicho chidimbu cheLightweight Directory Access Protocol (muSpanish Lightweight / Simplified Directory Access Protocol) iyo inoreva nzira yekushandisa-chikamu inobvumidza mukana kune yakarairwa uye yakapihwa dhairekitori sevhisi kutsvaga ruzivo rwakasiyana munzvimbo yenharaunda. LDAP inoonekwawo sedhatabhesi (kunyangwe hurongwa hwayo hwekuchengetedza hungangosiyana) hunogona kubvunzwa.Dhairekitori seti yezvinhu zvine hunhu zvakarongedzwa nenzira inonzwisisika uye inoteerana. Muenzaniso wakajairika ndeye dhairekitori dhairekitori, iyo ine akateedzana emazita (vanhu kana masangano) akarongedzwa nearufabheti, zita rega rega riine kero uye nhamba yefoni yakasungirirwa pairi. Kuti urinzwisise zvirinani, ibhuku kana dhairekitori, umo makanyorwa mazita evanhu, nhamba dzenhare nekero, uye zvakarongedzwa nemavara.
LDAP dhairekitori yemuti dzimwe nguva inoratidza akasiyana mamiriro ezvematongerwo enyika, enzvimbo, kana ehurongwa, zvichienderana nemhando yakasarudzwa. Parizvino LDAP deployments inowanzo shandisa Domain Name System (DNS) mazita kuronga matunhu epamusoro ehurongwa. Sezvaunodongorera pasi dhairekitori, zvinyorwa zvinogona kuoneka zvinomiririra vanhu, zvikamu zvesangano, maprinta, zvinyorwa, mapoka evanhu, kana chero chinhu chinomiririra chakapihwa mukova mumuti (kana akawanda akanyorwa).
Kazhinji, inochengetedza iyo yekusimbisa ruzivo (zita rekushandisa uye password) uye inoshandiswa kuratidza, kunyangwe zvichikwanisika kuchengeta rumwe ruzivo (mushandisi wekubata data, nzvimbo yenzvimbo dzakasiyana netiweki, mvumo, zvitupa, nezvimwewo). Muchidimbu, LDAP inobatana yekuwana protocol kune seti yeruzivo pane network.
Iyo yazvino vhezheni ndeye LDAPv3, uye inotsanangurwa muRFCs RFC 2251 uye RFC 2256 (LDAP base gwaro), RFC 2829 (yechokwadi nzira yeLDAP), RFC 2830 (kuwedzerwa kweTLS), uye RFC 3377 (technical technical)
.
Kwenguva refu, iyo LDAP protocol - uye dhatabhesi dzayo dzinoenderana kana kwete neOpenLDAP - ndiyo inoshandiswa zvakanyanya mumasisitimu mazhinji ekuvimbika nhasi. Semuenzaniso wechirevo chakapfuura, isu tinopa pazasi mamwe mazita ehurongwa -Free kana Yakavanzika- iyo inoshandisa LDAP dhatabhesi seyendend yekuchengetedza zvinhu zvavo zvese.
- OpenLDAP
- Apache Dhairekitori Server
- Red Hat Directory Server - 389 DS
- Novell Dhairekitori Services - eDirectory
- ZUVA Microsystem Vhura DS
- Red Hat Chitupa Chizivikanwa
- YemaharaIPA
- Samba NT4 Classic Domain Mutongi.
Tinoda kujekesa kuti iyi sisitimu yaive yekusimudzira kweTimu Samba ine Samba 3.xxx + OpenLDAP se backend. Microsoft haina kumbobvira yaita chero chinhu chakadai. Yakasvetuka kubva NT 4 Domain Dhairekita kune avo Anoshanda maDirector - Samba 4 Anoshanda Dhairekitori - Domain Controler
- DeleOS
- zentyal
- UCS Uninvention Corporate Server
- Microsoft Inoshanda Dhairekitori
Kuitwa kwega kwega kune maitiro ayo, uye yakanyanya mwero uye inoenderana ndeye OpenLDAP.
Active Dhairekitori, ingave iri yekutanga Microsoft kana Samba 4, inoumba mubatanidzwa wezvimwe zvinhu zvikuru zviri izvo:
- Tsika LDAP neMicrosoft uye Samba.
- Microsoft Windows Domain o Domain. Iyo iri chaizvo iyo Microsoft Network.
- Microsoft Domain Dhairekita o Domain Dhairekita.
- Kerberos yakagadzirirwa neveMicrosoft uye Samba.
Hatifanire kuvhiringidza a Directory Services o Dhairekitori Sevhisi ine Active Directory o Rinoshanda Directory. Vaya vekare vanogona kana kusagamuchira Kerberos kuvimbiswa, asi havape iyo Microsoft Network sevhisi yakapihwa neWindows Domain, uye havana Windows Domain Controller saizvozvo.
A Directory Service kana Dhairekitori Service inogona kushandiswa kuratidza vashandisi mune yakasanganiswa network neUNIX / Linux uye Windows vatengi. Kune yekupedzisira, chirongwa chinofanirwa kuiswa pane yega mutengi inoshanda semubatanidzi pakati peDirector Service neWindows mutengi pachayo, senge Mahara Software. peji.
Dhairekitori Sevhisi neOpenLDAP
- Isu tinotanga kubva kune yakachena kumisikidza - isina graphical interface- yeDebian 8 "Jessie", iine zita rimwechete rekuti "tenzi" muchina unoshandiswa kuiswa kweNIS, pamwe nekugadziriswa kweiyo network interface uye /etc/resolv.conf faira. Kune ino nyowani server isu tinoisa iyo ntp, bind9 uye isc-dhcp-server, tisingakanganwe kuongorora kwepasirese kwekushanda chaiko kweaya matatu apfuura masevhisi..
midzi @ tenzi: ~ # aptitude gadza slapd ldap-zvishandiso Pasuru yekumisikidza ┌───────────────────┤ Slapd kumisikidza │ Pinda pasiwedhi yekupinda kwemutungamiriri weLDAP yako │ dhairekitori. Password │ │ │ Administrator pasiwedhi: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘
Isu tinotarisa iko kwekutanga kumisikidzwa
midzi @ tenzi: ~ # slapcat dn: dc = swl, dc = fan objectClass: top objectClass: dcObject objectClass: organisation o: swl.fan dc: swl structuralObjectClass: organization entryUUID: c8510708-da8e-1036-8fe1-71d022a16904 creatorsName: cn = admin, dc = swl, dc = fan entry createTimestamp20170531205219: 20170531205219.833955 : 000000ZND000S000000 kupinda Z # 20170531205219 # XNUMX # XNUMX modifiersName: cn = admin, dc = swl, dc = fan shanduraTimestamp: XNUMXZ dn: cn = admin, dc = swl, dc = fan objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin rondedzero: LDAP mutariri userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e- da8fe1036e entrySw8d-da2fe71 entrySw022c16904e-da20170531205219fe20170531205219.834422e-000000 entrySw000e-da000000fe20170531205219e = entrySXNUMX entrySwXNUMXe-daXNUMXfeXNUMXeXNUMXpmTmlYOVhKSUXNUMX entrySXNUMXe-XNUMXe-kupinda = cXNUMXe XNUMX Z # XNUMX # XNUMX # XNUMX modifiersName: cn = admin, dc = swl, dc = fan shanduraTimestamp: XNUMXZ
Isu tinoshandura iyo faira /etc/ldap/ldap.conf
midzi @ tenzi: ~ # nano /etc/ldap/ldap.conf BASE dc = swl, dc = fan URI ldap: // yemunharaunda
Masangano Ehurongwa uye general boka «vashandisi»
Isu tinowedzera iwo mashoma anodikanwa Masangano Ehurongwa, pamwe neboka rePosix «vashandisi» uko kwatichaita vese vashandisi nhengo, tichitevedzera muenzaniso weakawanda masisitimu ane boka «vanozvishandisa«. Isu tinozvipa zita rine zita rekuti «vashandisi» kuti vasapinda mukukonana kunogona kuitika neboka «mushandisi"yehurongwa.
midzi @ tenzi: ~ # nano base.ldif dn: ou = vanhu, dc = swl, dc = fan objectClass: sanganoUnit ou: vanhu dn: ou = mapoka, dc = swl, dc = fan objectClass: sanganoUnit ou: mapoka dn: cn = vashandisi, ou = mapoka, dc = swl, dc = fan chinhuClass: posixGroup cn: vashandisi gidNumber: 10000 midzi @ tenzi: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f base.ldif Pinda LDAP Pasiwedhi: kuwedzera chitsva kupinda "ou = vanhu, dc = swl, dc = fan" kuwedzera chitsva chekupinda "ou = mapoka, dc = swl, dc = fan"
Isu tinotarisa zvinyorwa zvakawedzerwa
midzi @ tenzi: ~ # ldapsearch -x ou = vanhu # vanhu, swl.fan dn: ou = vanhu, dc = swl, dc = fan chinhuClass: sanganoUnit ou: vanhu midzi @ tenzi: ~ # ldapsearch -x ou = mapoka # mapoka, swl.fan dn: ou = mapoka, dc = swl, dc = fan chinhuClass: sanganoUnit ou: mapoka midzi @ tenzi: ~ # ldapsearch -x cn = vashandisi # vashandisi, mapoka, swl.fan dn: cn = vashandisi, ou = mapoka, dc = swl, dc = fan chinhuClass: posixGroup cn: vashandisi gidNhamba: 10000
Tinowedzera vashandisi vakati wandei
Pasiwedhi yatinofanira kuzivisa muLDAP inofanira kuwanikwa kuburikidza nemurairo slappasswd, iyo inodzosera SSHA yakavharidzirwa password.
Pasiwedhi yemushandisi inofamba:
midzi @ tenzi: ~ # slappasswd
Nyowani nyowani: Re-pinda nyowani nyowani:
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
Pasiwedhi yemushandisi legolas
midzi @ tenzi: ~ # slappasswd
Nyowani nyowani: Re-pinda nyowani nyowani:
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
Pasiwedhi yemushandisi gandalf
midzi @ tenzi: ~ # slappasswd
Nyowani nyowani: Re-pinda nyowani nyowani:
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
midzi @ tenzi: ~ # nano vashandisi.ldif
dn: uid = matanho, ou = vanhu, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides givenName: Strides sn: El Rey userPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
uidNumber: 10000 gidNhamba: 10000 tsamba: striders@swl.fan
gecos: Strider El Rey loginShell: / bin / bash homeDirectory: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cn: legolas yakapiwaZita : Legolas sn: Archer mushandisiPassword: {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
uidNumber: 10001 gidNhamba: 10000 tsamba: Legolas@swl.fan
gecos: Legolas Archer loginShell: / bin / bash homeDirectory: / kumba / legolas dn: uid = gandalf, ou = vanhu, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: gandalf cn: gandalf givenName: Gandalf sn: Iyo Wizard mushandisiPassword: {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
uidNumber: 10002 gidNhamba: 10000 tsamba: gandalf@swl.fan
gecos: Gandalf Iyo Wizard loginShell: / bin / bash kumbaDirectory: / imba / gandalf
midzi @ tenzi: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f vashandisi.ldif
Pinda LDAP Pasiwedhi: kuwedzera chitsva chekupinda "uid = matanho, ou = vanhu, dc = swl, dc = fan" kuwedzera chitsva "uid = legolas, ou = vanhu, dc = swl, dc = fan" kuwedzera chitsva "uid = gandalf, ou = vanhu, dc = swl, dc = fan "
Isu tinotarisa zvinyorwa zvakawedzerwa
midzi @ tenzi: ~ # ldapsearch -x cn = matanho midzi @ tenzi: ~ # ldapsearch -x uid = matanho
Isu tinotungamira iyo slpad dhatabhesi ine console zvishandiso
Isu tinosarudza iyo package zvinyorwa yebasa rakadai. Iyo yekumisikidza uye yekugadzirisa maitiro ndeinotevera:
midzi @ tenzi: ~ # aptitude isa ldapscriptts midzi @ tenzi: ~ # mv /etc/ldapscript/ldapscript.conf \ /etc/ldapscripts/ldapscripts.conf.original midzi @ tenzi: ~ # nano /etc/ldapscripts/ldapscripts.conf SERVER = yemukatihost BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = mapoka' USUFFIX = 'ou = vanhu' # MSUFFIX = 'ou = Makomputa' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # OpenLDAP mutengi anoraira LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixPLATE "# . /ldapadduser.template "PASSWORDGEN =" echo% u "
Cherekedza kuti zvinyorwa zvinoshandisa iyo package mirairo ldap-zvishandiso. Mhanya dpkg -L ldap-zvishandiso | grep / bin kuziva zvavari.
midzi @ tenzi: ~ # sh -c "echo -n 'admin-password'> \ /etc/ldapscripts/ldapscripts.passwd " midzi @ tenzi: ~ # chmod 400 /etc/ldapscript/ldapscript.passwd midzi @ tenzi: ~ # cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \ /etc/ldapscripts/ldapdduser.template midzi @ tenzi: ~ # nano /etc/ldapscripts/ldapadduser.template dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: cn: zita rekupihwa: sn: kuratidzaName: uidNumber: gidNumber: 10000 kumbaDirectory: loginShell: tsamba: @ swl.fan geckos: tsananguro: Akaundi Yevashandisi midzi @ tenzi: ~ # nano /etc/ldapscripts/ldapscripts.conf ## tinobvisa chirevo UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"
Isu tinowedzera mushandisi "bilbo" uye kumuita nhengo yeboka "vashandisi"
midzi @ tenzi: ~ # ldapadduser bilbo vashandisi [dn: uid = bilbo, ou = vanhu, dc = swl, dc = fan] Pinda kukosha kwe "givenName": Bilbo [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Pinda kukosha kwe " sn ": Bagins [dn: uid = bilbo, ou = vanhu, dc = swl, dc = fan] Pinda kukosha kwe" displayName ": Bilbo Bagins Akabudirira kuwedzera mushandisi bilbo kuLDAP Achibudirira kumisikidza password yemushandisi bilbo midzi @ tenzi: ~ # ldapsearch -x uid = bilbo # bilbo, vanhu, swl.fan dn: uid = bilbo, ou = vanhu, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins showName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / kumba / bilbo loginShell: / bin / bash tsamba: bilbo@swl.fan gecos: bilbo tsananguro: Akaundi Yevashandisi
Kuti uone password yehash yemunhu anoshandisa bilbo, zvinodikanwa kuti uite mubvunzo uine chokwadi:
midzi @ tenzi: ~ # ldapsearch -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo
Kudzima mushandisi webilbo watinoita:
midzi @ tenzi: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo, ou = vanhu, dc = swl, dc = fan Pinda LDAP Pasiwedhi: midzi @ tenzi: ~ # ldapsearch -x uid = bilbo
Isu tinotungamira iyo slapd dhatabhesi kuburikidza newebhu interface
Tine anoshanda Dhairekitori Sevhisi, uye isu tinoda kuibata zviri nyore. Kune akawanda zvirongwa zvakagadzirirwa iri basa, senge phldapadmin, ldap-account-maneja, nezvimwewo, izvo zvinowanikwa zvakananga kubva kunzvimbo dzekuchengetedza. Isu tinogona zvakare kubata Dhairekitori Service kuburikidza ne Dhairekitori reApache, yatinofanira kurodha pasi kubva paInternet.
Kuti uwane rumwe ruzivo, ndapota shanya https://blog.desdelinux.net/ldap-introduccion/, uye zvinyorwa zvitanhatu zvinotevera.
LDAP mutengi
Chikamu:
Iti tine timu mail.swl.fan sesevha yetsamba inoitwa sezvatakaona muchinyorwa Postfix + Dovecot + Squirrelmail nevashandisi vemuno, iyo kunyange yakagadziridzwa kuCentOS, inogona kushanda segwara reDebian nemamwe akawanda Linux distros. Tinoda izvo, pamusoro pevashandisi vemuno vatakatotaura, vashandisi vakachengetwa mudhatabhesi yeOpenLDAP iripo mu master.swl.fan. Kuti zvibudirire pamusoro apa tinofanira «mepu»Kune vashandisi veLDD sevashandisi vemuno pane server mail.swl.fan. Mhinduro iyi inoshandawo kune chero sevhisi inoenderana nekusimbiswa kwePAM. Maitiro akajairwa e Debian, inotevera:
midzi @ mail: ~ # aptitude yekuisa libnss-ldap libpam-ldap ldap-zvishandiso
Kugadziriswa kwe libnss-ldap Enter Enter URI ("Unifomu Resource Chitupa", kana │ │ Unifomu Resource Chitupa) yeiyo LDAP server. Iyi tambo yakafanana ne │ │ «ldap: //: / ». Iwe unogona zvakare │ │ kushandisa «ldaps: // » kana "ldapi: //". Nhamba yechiteshi inosarudzika. │ │ │ │ Zvinokurudzirwa kushandisa kero ye IP kudzivisa kukundikana kana masevhisi ezita renzvimbo D │ │ │ LDAP server URI: │ │ │ │ ldap: //master.swl.fan________________________________________________________ │ │ │ │ │ └────────────────────────────────────────────── ───────────────────────────┘ ┌───────────────────── Kugadziriswa kwe libnss-ldap │ Isa zita rakakurumbira (DN) yeiyo LDAP yekutsvaga base. Sites las Masaiti mazhinji anoshandisa domeini mazita zvinhu izvi.. Chinangwa. Semuenzaniso, iyo domain "example.net" yaizoshandisa │ │ "dc = muenzaniso, dc = net" sezita rakakurumbira renzvimbo yekutsvaga. Distingu │ │ │ Zita rakatanhamara (DN) renzvimbo yekutsvaga: │ │ │ │ dc = swl, dc = fan ____________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libnss-ldap │ │ Pinda iyo vhezheni yeLDAP protocol iyo ldapns inofanira kushandisa. Iyo │ │ inokurudzirwa kushandisa iyo yepamusoro vhezheni nhamba inowanikwa. Version │ │ │ LDAP vhezheni yekushandisa: │ │ │ │ 3 │ │ 2 │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libnss-ldap │ │ Sarudza iyo account ichashandiswa kune nss queries ne with │ midzi rombo. │ │ │ │ Cherekedza: Kuti iyi sarudzo ishande, iyo account inoda mvumo kuti │ │ ikwanise kuwana hunhu hweLDAP hunosanganiswa nemushandisi │ │ "mumvuri" zvinyorwa pamwe nemapassword evashandisi uye │ │ mapoka . Akaundi yeLDAP ye mudzi: admin │ │ cn = admin, dc = swl, dc = fan ______________________________________________ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libnss-ldap │ Isa password kuti ishandiswe kana libnss-ldap ichiedza ku │ │ kuratidza kune dhairekitori reLDAP ine mudzi weLDAP account. │ │ │ │ Pasiwedhi inozochengetwa mune rimwe faira │ │ ("/etc/libnss-ldap.secret") iro rinokwanisa kuwana mudzi chete. │ │ │ │ Kana iwe ukapinda password isina chinhu, iro rekare password rinoshandiswa zvekare. │ │ │ │ Pasiwedhi yeiyo mudzi LDAP account: │ │ │ │ ******** ____________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── Kugadziriswa kwe libnss-ldap Nsswitch.conf haigadziriswe otomatiki │ │ │ │ Unofanirwa kugadzirisa yako faira "/etc/nsswitch.conf kushandisa LDAP dhatabhesi kana iwe uchida kuti libnss-ldap package ishande. Can │ Unogona kushandisa muenzaniso faira │ │ mu "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" semuenzaniso weiyo nsswitch kumisikidza kana │ │ unogona kuikopa pane yako yazvino gadziriso. │ │ │ │ Ziva kuti usati wabvisa pasuru iyi zvingaite nyore │ │ kubvisa "ldap" zvinyorwa kubva mu nsswitch.conf faira kuitira kuti masevhisi ekutanga │ │ arambe achishanda. │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libpam-ldap Iyi sarudzo inobvumira maturusi ekushandisa uchishandisa PAM kushandura mapassword emuno. Password │ │ │ Pasiwedhi yeiyo account yeLDAP inochengetwa mune rakasiyana │ │ faira iro rinogona kungoverengwa nemutungamiri. Iyi sarudzo inofanirwa kuremara, kana kukwira "/ nezvimwewo" kuburikidza neNFS You │ │ D Unoda here kubvumidza iyo account yeIDDAP kuzvibata sa │ │ maneja wepanzvimbo? │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libpam-ldap │ │ │ │ Sarudza kana iyo LDAP server ichimanikidza kuzivikanwa usati wawana entradas - zvinyorwa. Aya marongero haawanzo kudikanwa. A │ │ │ Kuti mushandisi anodikanwa kuti uwane iyo database yeLDAP? │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libpam-ldap Isa zita reiyo account yeIDDAP. Akaundi ino ichave ichishandisirwa otomatiki manejimendi manejimendi, inofanirwa kuve iine akakodzera manejimendi ekuremekedza. Akaunti yevatungamiriri yeLDAP: │ │ │ n cn = admin, dc = swl, dc = fan _______________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Kugadziriswa kwe libpam-ldap │ Pinda pasiwedhi yeakaundi account. │ │ │ │ pasiwedhi ichachengetwa mufaira "/etc/pam_ldap.secret". Iye │ │ maneja ndiye ega anogona kuverenga iyi faira, uye anotendera pam │ libpam-ldap kudzora otomatiki manejimendi ekubatanidza mune iyo │ │ dhatabhesi. │ │ │ │ Kana ukasiya munda uyu usina chinhu, password yakachengetedzwa yapfuura password │ inoshandiswa zvakare. Password │ │ │ LDAP password yekushandisa: │ │ │ **** **** │ * ________________ ________________ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘
midzi @ mail: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Muenzaniso kumisikidzwa kweGNU Name Service Shandura mashandiro. # Kana iwe uine iyo `glibc-doc-referenzi 'uye` info' mapakeji akaiswa, edza: #` info libc "Name Service switch" "yeruzivo nezve iyi faira. passwd: nyika ldap
boka: compat ldap
mumvuri: compat ldap
gshadow: mafaira anomiririra: mafaira dns network: mafaira protocols: db mafaera masevhisi: db mafaera ethers: db mafaera rpc: db mafaira netgroup: nis
Ngatigadzirise iyo faira /etc/pam.d/common-password, tinoenda kumutsetse 26 uye kubvisa kukosha «use_authok":
midzi @ mail: ~ # nano /etc/pam.d/common-password # # /etc/pam.d/common-password - ma-module ane chekuita ne password-anowanikwa kune ese masevhisi # # Iyi faira inosanganisirwa kubva kune mamwe masevhisi-akanangana nePAM mafaira emafaira, # uye inofanirwa kuve nerunyorwa rwema module anotsanangudza masevhisi acho # inoshandiswa kushandura mapassword emushandisi. Izvo zvisipo ndeye pam_unix. # Tsananguro ye pam_unix sarudzo: # # Iyo "sha512" sarudzo inogonesa ine munyu SHA512 mapassword. Pasina iyi sarudzo, # iyo yakasarudzika ndeye Unix crypt. Isati yaburitswa yakashandisa sarudzo "md5". # # Iyo "isingazivikanwe" sarudzo inotsiva yekare `OBSCURE_CHECKS_ENAB 'sarudzo mu # login.defs. # # Ona pam_unix manpage yeimwe sarudzo. # Kana zviri pam 1.0.1-6, iri faira rinotarisirwa ne pam-auth-kugadzirisa nekukasira. # Kuti utore mukana weizvi, zvinokurudzirwa kuti iwe ugadzirise chero # emamojuru emamoresi zvisati zvaitika kana mushure mekutadza block, uye shandisa # pam-auth-kugadzirisa kugadzirisa sarudzo yemamwe ma module. Ona # pam-auth-kugadzirisa (8) kuti uwane ruzivo. # heano ma-package mapakeji (iyo "Yekutanga" block) password [kubudirira = 2 default = hanya] pam_unix.so isina kujeka sha512 password [kubudirira = 1 mushandisi_kuzivikanwa = kusazvidza default = kufa] pam_ldap.so edza_first_pass # heino kudonha kana pasina module ikabudirira password inodikanwa pam_deny.so # prime iyo stack ine yakanaka yekudzoka kukosha kana pasina imwe yatovepo; # izvi zvinotidzivirira kudzosera kukanganisa nekuti hapana chinogadza kodhi yekubudirira # sezvo ma module ari pamusoro apa ega ega achangosvetuka kutenderera password inodiwa pam_permit.so # uye heano mamwe mapakeji module (iro "Rakawedzerwa" bhuroka) # kumagumo emam- munyori-gadziridza gadziriso
Kana tichida iyo Local Login yevashandisi yakachengetwa muLDAP, uye isu tinoda kuti avo maforodha agadzirwe otomatiki musha, isu tinofanirwa kugadzirisa iyo faira /etc/pam.d/common-session uye wedzera unotevera mutsara kumagumo efaira:
chikamu chisarudzo pam_mkhomedir.so skel = / etc / skel umask = 077
Mumuenzaniso weWorldLDAP Directory Service wakagadziridzwa kare, mushandisi wega wemunharaunda akagadzirwa aive mushandisi Buzz, tichiri muLDAP tinogadzira vashandisi matanho, Legolas, gandalfuye bilbo. Kana magadzirirwo akaitwa kusvika parizvino ari echokwadi, saka isu tinokwanisa kukwanisa kunyora vashandisi vemuno uye avo vakapihwa mamepu senzvimbo asi vakachengetwa mune iri kure LDAP server:
midzi @ mail: ~ # getent passwd buzz: x: 1001: 1001: Buzz Debian Kutanga OS ,,,: / imba / buzz: / bin / bash Matanho: x: 10000: 10000: Anokwenenzvera El Rey: / imba / matanho: / bin / bash legolas: x: 10001: 10000: Legolas Archer: / kumba / legolas: / bin / bash gandalf: x: 10002: 10000: Gandalf Iyo Wizard: / imba / gandalf: / bin / bash bilbo: x: 10003: 10000: bilbo: / imba / bilbo: / bin / bash
Mushure mekushandurwa kweyechokwadi kweiyo system, zvinoshanda kuti titangezve sevha zvikasadaro isu takatarisana nebasa rakakomba:
midzi @ mail: ~ # reboot
Gare gare isu tinotanga yemunharaunda chikamu pane server mail.swl.fan nezviratidzo zvemushandisi zvakachengetwa mudhatabhesi reLDAP re master.swl.fan. Isu tinogona zvakare kuyedza kupinda mukati kuburikidza neSSH.
buzz @ sysadmin: ~ $ ssh gandalf @ tsamba gandalf @ mail's password: Kugadzira dhairekitori '/ imba / gandalf'. Iwo mapurogiramu akasanganisirwa neiyo Debian GNU / Linux system ndeye mahara software; mazwi chaiwo ekuparadzira chirongwa chega chega anotsanangurwa mune ega mafaera mu / usr / share / doc / * / copyright. Debian GNU / Linux inouya neABSOLUTELY NO garandi, kusvika padanho rinotenderwa nemutemo unoshanda. gandalf @ tsamba: ~ $ su Contraseña: midzi @ mail: / imba / gandalf # getent boka buzz: x: 1001: vashandisi: *: 10000: midzi @ mail: / imba / gandalf # kubuda mbudo gandalf @ tsamba: ~ $ ls -l / imba / Yakazara 8 drwxr-xr-x 2 buzz buzz 4096 Jun 17 12:25 buzz drwx ------ 2 vashandisi ve gandalf 4096 Jun 17 13:05 kupazwa
Iyo Dhairekitori Sevhisi inoitwa padura uye mutengi chikamu, inoshanda nemazvo
Kerberos
Kubva kuWikipedia:
- Kerberos ikomputa network yekusimbisa protocol yakagadzirwa ne with iyo inobvumira maviri makomputa pane isina kuchengetedzeka network kuratidza zvakachengeteka kuzivikanwa kwavo kune mumwe nemumwe. Vagadziri varo vanotanga kutarisa pamutengi-server modhi, uye inopa kuwiriranazve: vese mutengi uye sevha vanozivisa kuzivikanwa kweumwe neumwe. Meseji yekusimbisa inodzivirirwa kudzivirira kudonhedza y dzokorora kurwiswa.
Kerberos yakavakirwa pane symmetric kiyi cryptography uye inoda yakavimbika yechitatu bato. Uyezve, pane zvinowedzeredzwa kune iyo protocol yekugona kushandisa asymmetric kiyi cryptography.
Kerberos yakavakirwa pane iyo Needham-Schroeder protocol. Iyo inoshandisa yakavimbika yechitatu bato, inonzi "Key Distribution Center" (KDC), iyo ine zvikamu zviviri zvakasiyana zvine musoro: "Authentication Server" (AS kana Authentication Server) uye "tikiti rinoburitsa server" (TGS kana Tiketi Inopa Server. ). Kerberos inoshanda pahwaro hwe "matikiti", ayo anoshanda kuratidza kuzivikanwa kwevashandisi.
Kerberos inochengetedza dhatabhesi yekiyi dzakavanzika; Chinhu chega chega pane network - angave mutengi kana sevha - anogovera kiyi yakavanzika inozivikanwa chete kwaari uye Kerberos. Kuziva kwekiyi iyi kunoshanda kuratidza kuzivikanwa kwesangano. Zvekutaurirana pakati pezvinhu zviviri, Kerberos inogadzira kiyi yechikamu, iyo yavanogona kushandisa kuchengetedza matambudziko avo.
Kukanganisa kweKerberos
De Kuchengetedzwa:
Kunyange zvakadaro Kerberos inobvisa tyisidziro yakajairika yekuchengetedza, zvingave zvakaoma kuitisa nekuda kwezvikonzero zvakasiyana.
- Kufambisa kwemapassword emushandisi kubva kune yakajairika password dhatabhesi UNIX, senge / etc / passwd kana / etc / mumvuri, kune database yeKerberos password, inogona kunetesa uye hapana inokurumidza nzira yekuita iri basa.
- Kerberos anofungidzira kuti mushandisi wega wega anovimbwa, asi ari kushandisa mushini usina kuvimbika pane isina kuvimbika network. Chinangwa chayo chikuru ndechekudzivirira mapassword asina kunyorwa kubva pakutumirwa pamusoro pemambure. Nekudaro, kana paine chero mumwe mushandisi, kunze kwemushandisi akakodzera, anokwanisa kuwana iyo tikiti muchina (KDC) yekusimbiswa, Kerberos angave ari Panjodzi.
- Kuti ushandise kushandisa Kerberos, kodhi yacho inofanirwa kuchinjwa kuti ifone zvakakodzera kumaraibhurari eKerberos. Mafomu anoshandurwa nenzira iyi anoonekwa seakerberized. Kune kumwe kunyorera, uku kungave kuri kwakanyanyisa chirongwa kuyedza, nekuda kwehukuru hwechishandiso kana Dhizaini yayo. Kune kumwe kunowirirana kunyorera, shanduko dzinofanirwa kuitwa munzira iyo sevha yeneti nevatengi vayo vanotaurirana; zvakare, izvi zvinogona kutora zvishoma chirongwa. Muzhinji, yakavharwa sosi yekushandisa iyo isina Kerberos rutsigiro kazhinji ndiyo inonyanya kunetsa.
- Chekupedzisira, kana iwe ukafunga kushandisa Kerberos pane yako network, iwe unofanirwa kuziva kuti icho chiri chese kana chisina chinhu sarudzo. Kana iwe ukafunga kushandisa Kerberos pane yako network, iwe unofanirwa kuyeuka kuti kana chero mapassword akapfuudzwa kusevhisi isingashandise Kerberos kuratidza, unoisa njodzi yekuti iyo packet inogona kubatwa. Nekudaro, yako network haigone kuwana chero bhenefiti kubva kushandisa Kerberos. Kuchengetedza network yako neKerberos, iwe unofanirwa kushandisa chete kerberized vhezheni yeavo ese makasitoma / sevha kunyorera ayo anotumira asina kunyorwa mapassword kana kusashandisa chero eaya maapplication pane network.
Kushandisa nemaoko kugadzirisa OpenLDAP seKerberos Kudzoka-Kuguma harisi basa riri nyore. Nekudaro, gare gare tichaona kuti iyo Samba 4 Inoshanda Dhairekitori - Domain Dhairekitori inosangana nenzira yakajeka yeSysadmin, server yeDNS, iyo Microsoft Network uye yayo Domain Dhairekita, LDAP server seKudzokera-Kuguma kweanenge ese ayo zvinhu, uye iyo Kerberos-yakavakirwa yekusimbisa sevhisi sezvinhu zvakakosha zveMicrosoft-style Active Directory.
Kusvika pari zvino hatina kumbobvira taita yekushandisa "Kerberized Network". Ichi ndicho chikonzero isu tisina kunyora nezve maitirwo eKerberos.
Samba 4 Anoshanda Dhairekitori - Domain Dhairekita
Zvinokosha:
Iko hakuna zvinyorwa zvirinani kupfuura saiti wiki.samba.org. Sysadmin yakakosha munyu wayo inofanirwa kushanyira saiti - muChirungu- uye kutarisa huwandu hukuru hwemapeji akatsaurirwa kuSamba 4, yakanyorwa naTimu Samba iye. Ini handitende kuti pane zvinyorwa zviripo paInternet kutsiva. Nenzira, tarisa huwandu hwekushanyirwa kunoonekwa pazasi peji rega. Muenzaniso weizvi ndewako peji hombe kana «Main Peji» yakashanyirwa 276,183 nguva kubudikidza nanhasi Chikumi 20, 2017 na10: 10 mangwanani mangwanani Nguva Uye zvakare, zvinyorwa zvinochengetwa zviri zvechizvino-zvino, sezvo iro peji rakagadziridzwa munaJune 6.
Kubva kuWikipedia:
Samba ndeye yemahara kuitiswa kweMicrosoft Windows File Sharing Protocol (yaimbonzi SMB, ichangobva kunzi CIFS) yeUNIX-senge masystem Nenzira iyi, zvinokwanisika kuti makomputa ane GNU / Linux, Mac OS X kana Unix zvakajairika anotaridzika semaseva kana kuita sevatengi mumaWindows network. Samba zvakare inobvumidza vashandisi kusimbisa sePrimary Domain Controller (PDC), senhengo yedomeini uye kunyangwe seA Active Directory domain yeWindows-based network; Kunze kwekukwanisa kushandira mitsara yekudhinda, akagovaniswa madhairekitori uye wobva waita neyako yekushandisa dura.
Pakati peiyo Unix-senge masisitimu ayo Samba anogona kumhanyisa pane iyo GNU / Linux migove, Solaris uye akasiyana BSD akasiyana pakati kuti isu tinogona kuwana Apple's Mac OS X Server.
Samba 4 AD-DC pamwe neayo Yemukati DNS
- Isu tinotanga kubva kune yakachena kumisikidza - isina graphical interface- yeDebian 8 "Jessie".
Chekutanga macheki
midzi @ tenzi: ~ # hostname
tenzi
midzi @ tenzi: ~ # hostname --fqdn
master.swl.fan
midzi @ tenzi: ~ # ip addr
1: chii: munhu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 :: 1/128 chiyero chekutambira chinoshanda_lft zvachose yakasarudzwa_lft nekusingaperi 2: eth0: munhu 1500 qdisc pfifo_fast nyika UNKNOWN group default qlen 1000 link / ether 00: 0c: 29: 80: 3b: 3f brd ff: ff: ff: ff: ff: ff
inet 192.168.10.5/24 brd 192.168.10.255 chiyero chenyika yose eth0
valid_lft zvachose yakasarudzwa_lft nekusingaperi inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 chiyero chinongedzo chinoshanda_lft zvachose chinodiwa_lft zvachose
midzi @ tenzi: ~ # kati /etc/resolv.conf
tsvaga swl.fan nameserver 127.0.0.1
- Iyo yatinozivisa nayo bazi kuru chete, zvinokwana zvakakwana kuzvinangwa zvedu.
midzi @ tenzi: ~ # kati /etc/apt/source.list deb http://192.168.10.1/repos/jessie-8.6/debian/ jessie kuru deb http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / inogadziridza kuru
Postfix neExpim uye zvinoshandiswa
midzi @ tenzi: ~ # aptitude gadza postfix htop mc deborphan ┌────────────────────────┤ Postfix Kugadziriswa ├───────────────────── │ │ Sarudza mhando yeemail server dhizaini inokodzera zvakanyanya zvaunoda │ │ zvaunoda. Configuration │ │ │ Hapana gadziriso: │ │ Inochengetedza iyo yazvino gadziriso isina kusimba Site │ Webhusaiti: │ │ Tsamba inotumirwa uye inogamuchirwa yakananga uchishandisa SMTP. │ │ Indaneti ine "smarthost": │ │ Tsamba inogamuchirwa yakananga uchishandisa SMTP kana nekumhanyisa a │ chishandiso senge "fetchmail". Tsamba dzinobuda dzinotumirwa uchishandisa │ │ a "smarthost". Mail │ Tsamba dzemuno chete: │ │ Tsamba chete inounzwa ndeyevashandisi vemuno. Kwete │ │ pane network. │ │ │ │ eric │ eric:::::: │ configuration configuration configuration configuration configuration configuration configuration configuration configuration configuration │ │ │ │ with sm sm │ │ │ │ │ │ │ │ │ │ │ Yemunharaunda tsamba chete │ │ │ │ │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── ─────┤ Postfix Kugadziriswa ├─────────────────────────┐ │ I "mail system zita" izita renzvimbo iyo │ │ inoshandiswa "kukodzera" _ALL_ kero dzeemail pasina zita rezita. Izvi zvinosanganisira tsamba kuenda uye kubva "mudzi": ndokumbira usaite machine │ muchina wako utumire maemail kubva mudzi@example.org kusvika │ │ zvishoma pane mudzi@example.org akabvunza. Programs │ │ │ Zvimwe zvirongwa zvinoshandisa zita iri. Inofanira kunge iri yakasarudzika │ │ inokwanisa domain zita (FQDN). │ │ │ │ Naizvozvo, kana kero yeemail pamushini wepanzvimbo iri │ │ chimwe chinhu@example.org, iyo chaiyo kukosha kweiyi sarudzo ichave example.org. │ │ │ │ Tsamba yezita rezita: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘
Isu tinosuka
midzi @ tenzi: ~ # aptitude purge ~ c midzi @ tenzi: ~ # aptitude yekuisa -f midzi @ tenzi: ~ # aptitude yakachena midzi @ tenzi: ~ # aptitude autoclean
Isu tinoisa zvinodiwa kuti tinyore Samba 4 uye mamwe mapakeji anodikanwa
midzi @ tenzi: ~ # kugona kuisa acl attr autoconf bison \
kuvaka-kwakakosha debhelper dnsutils docbook-xml docbook-xsl flex gdb \
krb5-mushandisi libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libjson-perl
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl\
libpopt-dev libreadline-dev perl perl-module pkg-gadziriso
Python-yese-dev python-dev python-dnspython python-crypto
xsltproc zlib1g-dev libgpgme11-dev python-gpgme python-m2crypto
libgnutls28-dbg nzungu-dev ldap-zvishandiso krb5-config
Kugadziridza Kerberos kuvimbiswa ├───────────────┐ ├───────────────┐ Kana vashandisi vaedza kushandisa Kerberos uye kudoma zita │ │ mukuru kana mushandisi pasina kujekesa kuti ndeupi manejimendi Kerberos dura iro chikuru │ │ ndere, sisitimu inotora iyo yakasarudzika │ │ nzvimbo Iyo yakasarudzika nzvimbo inogona zvakare kushandiswa seiyo │ │ nzvimbo yebasa reKerberos inomhanya pamushini wepanzvimbo. Kazhinji, iyo yekusarudzika nzvimbo izita rekumusoro reiyo yemuno DNS │ │ domeini. │ │ │ │ Kerberos vhezheni 5 default nzvimbo: │ │ │ │ SWL.FAN ______________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────┤ ┌───────────────┤ Kugadziridza kusimbiswa Kerberos Isa mazita emazita evaKerberos muSWL.FAN nzvimbo ye │ │ Kerberos, yakaparadzaniswa nenzvimbo. │ │ │ │ Kerberos maseva eumambo hwako: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── Kugadziridza kusimbiswa Kerberos │ Pinda Administrator server zita (password shanduko) │ │ yeKerberos SWL.FAN nzvimbo.
Maitiro ari pamusoro apa akatora nguva yakati nekuti hatina chero sevhisi yeDNS yakaiswa parizvino. Nekudaro, iwe wakasarudza domeini nenzira kwayo nefaira masetera / etc / maoko. Rangarira izvo mufaira /etc/resolv.conf isu tazivisa sedomain name server kune iyo IP 127.0.0.1.
Isu tava kugadzirisa iyo / etc / ldap / ldap / conf file
midzi @ tenzi: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = fan URI ldap: //master.swl.fan
Zvemibvunzo uchishandisa rairo ldapsearch yakaitwa kubva pamudzi mushandisi ndeyeiyo mhando kudonhedza -x -W cn = xxxx, isu tinofanirwa kugadzira iyo faira /root/.ldapsearch ine zvinotevera zvirimo:
midzi @ tenzi: ~ # nano .ldaprc BINDDN CN = Administrator, CN = Vashandisi, DC = swl, DC = fan
Iyo faira sisitimu inofanirwa kutsigira ACL - Yekushandisa Kudzora Chinyorwa
midzi @ tenzi: ~ # nano / etc / fstab # / etc / fstab: static faira system ruzivo. # # Shandisa 'blkid' kupurinda yakasarudzika yakasarudzika chiziviso che # chishandiso; izvi zvinogona kushandiswa neUUID = senzira yakasimba yekutumidza mazita zvishandiso # zvinoshanda kunyangwe ma disks akawedzerwa uye akabviswa. Ona fstab (5). # # # / yaive pa / dev / sda1 panguva yekumisikidza UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 mushandisi_xattr, acl, chinodzivirira = 1, nguva yemasikati, zvikanganiso = remount-ro 0 1 # swap yaive pa / dev / sda5 panguva yekumisikidza UUID = cb73228a-615d-4804-9877-3ec225e3ae32 hapana chinja sw 0 0 / dev / sr0 / media / cdrom0 udf, iso9660 mushandisi, noauto 0 0 midzi @ tenzi: ~ # mount -a midzi @ tenzi: ~ # kubata kubata_acl.txt midzi @ tenzi: ~ # setfattr -n mushandisi.test -v bvunzo kuyedza_acl.txt midzi @ tenzi: ~ # setfattr -n chengetedzo.test -v test2 kuyedza_acl.txt midzi @ tenzi: ~ # Getfattr -d kuyedza_acl.txt # faira: kuyedza_acl.txt user.test = "test" midzi @ tenzi: ~ # getfattr -n chengetedzo.test -d kuyedza_acl.txt # faira: test_acl.txt security.test = "test2" midzi @ tenzi: ~ # setfacl -mg: adm: rwx kuyedza_acl.txt midzi @ tenzi: ~ # Getfacl kuyedza_acl.txt # faira: kuyedza_acl.txt # muridzi: mudzi # boka: mudzi mushandisi :: rw- boka :: r-- boka: Adm: rwx mask :: rwx zvimwe :: r--
Isu tinowana iyo Samba 4 sosi, tinosanganisa, uye kuiisa
Inokurudzirwa kwazvo kurodha vhezheni sosi faira Yakasimba kubva pawebhusaiti https://www.samba.org/. Mumuenzaniso wedu tinotora vhezheni yacho samba-4.5.1.tar.gz akananga kufolda / opt.
midzi @ tenzi: ~ # cd / opt
midzi @ tenzi: / opt # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
midzi @ tenzi: / opt # tar xvfz samba-4.5.1.tar.gz
midzi @ tenzi: / opt # cd samba-4.5.1 /
Sarudzo dzekugadzirisa
Kana isu tichida kugadzirisa sarudzo dzekumisikidza, isu tinoita:
midzi @ tenzi: /opt/samba-4.5.1# ./configure --help
uye nokungwarira sarudza dzatinoda. Zvinokurudzirwa kutarisa kana pasuru yakakoswa inogona kuiswa pane yekuparadzira kweLinux yatiri kushandisa, iyo kwatiri Debian 8.6 Jessie:
midzi @ tenzi: /opt/samba-4.5.1# ./configure discheck
Isu tinogadzirisa, Tinounganidza uye Isa samba-4.5.1
- Kubva pane zvanga zvichimbodiwa uye mafaera mazana masere (8604) (ayo anoumba compact samba-4.5.1.tar.gz) anorema anenge 101.7 megabyte - kusanganisira source3 uye source4 mafolda anorema angangoita 61.1 megabytes- tichawana chinotsiva Microsoft -style Anoshanda Dhairekitori, yemhando uye kugadzikana kupfuura zvinogamuchirwa kune chero nharaunda yekugadzira. Tinofanira kusimbisa basa reTimu Samba mukuendesa iyo Mahara Software Samba 4.
Mirairo iripazasi ndiyo yakasarudzika yekunyora nekuisa mapakeji kubva kwavanobva. Tinofanira kuva nemoyo murefu apo maitiro ese achiripo. Ndiyo chete nzira yekuwana mhedzisiro uye chaiyo mhedzisiro.
midzi @ tenzi: /opt/samba-4.5.1# ./configure - ne-systemd - inogona-makapu midzi @ tenzi: /opt/samba-4.5.1# kuita midzi @ tenzi: /opt/samba-4.5.1# make install
Munguva yekuraira maitiro kuita, tinogona kuona kuti iyo Samba 3 uye Samba 4 zvinyorwa zvakaunganidzwa.Ndosaka Team Samba ichisimbisa kuti yayo vhezheni yechina ndeye yakasikwa yekuvandudza vhezheni 4, zvese zveDomain Dhairekitori zvichibva paSamba 3 + OpenLDAP, uye mafaera faira, kana ekare shanduro dzeSamba 3.
Kugovera Samba
Tichashandisa seDNS iyo SAMBA_INTERNAL. En https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End isu tichawana rumwe ruzivo. Kana vatibvunza isu password yemushandisi we Administrator, isu tinofanirwa kunyora imwe yehurefu hushoma hwemavara masere uyezve, nemavara - epamusoro uye ezasi kesi - nenhamba.
Usati waenderera mberi nekupihwa uye kuita kuti hupenyu huve nyore, isu tinowedzera iyo Nzira yeSamba inoitwa mufaira redu .bashrcTinobva tavhara topinda zvakare.
midzi @ tenzi: ~ # nano .bashrc
# ~ / .sh # Cherechedzo: PS1 uye umask zvakatomisikidzwa mu / etc / profile. Iwe haufanire # kuda izvi kunze kwekunge iwe uchida zvakasiyana zvisizvo zvemidzi. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 1 # Unogona kusunungura mitsara inotevera kana iwe uchida kuti `ls 'iiswe ruvara: # kutumira kunze LS_OPTIONS =' - color = auto '# eval "` dircolors` "# alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # Mamwe ma aliases kudzivirira kukanganisa: # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
zivisa -x PATH = "/ usr / yemuno / sbin: / usr / yemuno / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / yemuno / samba / bin "
midzi @ tenzi: ~ # kubuda logout Kubatanidza kune tenzi yakavharwa. xeon @ sysadmin: ~ $ ssh mudzi @ tenzi
midzi @ tenzi: ~ # samba-chishandiso dhata kupihwa --use-rfc2307 --interactive
Nyika [SWL.FAN]: SWL.FAN
Domain [SWL]: SWL
Basa reSeva (dc, nhengo, yakamira) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, HAPANA) [SAMBA_INTERNAL]: SAMBA_INTERNAL
DNS forwarder IP kero (nyora 'hapana' kuremadza kuendesa mberi) [192.168.10.5]: 8.8.8.8
Administrator pasiwedhi: YourPassword2017
Nyorazve pasiwedhi: YourPassword2017
Kutarisa kumusoro IPv4 kero Kutarisa kumusoro IPv6 kero Hapana IPv6 kero inozopihwa Kumisikidza share.ldb Kugadza zvakavanzika.ldb Kumisikidza registry Kugadzira ropafadzo dhatabhesi Kugadzira up idmap db Kugadza SAM db Kugadza sam.ldb partitions uye marongero Kugadzirisa kumusoro sam.ldb rootDSE Kutangisa-kurongedza iyo Samba 4 uye AD schema Kuwedzera DomainDN: DC = swl, DC = fan Kuwedzera yekumisikidza mudziyo Kugadzira sam.ldb schema Kugadzira sam.ldb yekumisikidza data Kugadzira ekuratidzira anotsanangudza Kugadziridza ekuratidzira anotsanangudza Kuwedzera vashandisi mudziyo Kugadzirisa vashandisi mudziyo Kuwedzera makomputa mudziyo Kugadzirisa makomputa mudziyo Kugadza sam.ldb dhata Kumisikidza vanozivikanwa vekuchengetedza vakuru Kugadzira sam.ldb vashandisi nemapoka Kumisikidza wega kujoina Kuwedzera DNS maakaundi Kugadzira CN = MicrosoftDNS, CN = System, DC = swl, DC = fan Kugadzira DomainDnsZones uye ForestDnsZones migove Kupopota DomainDnsZones uye ForestDnsZones migove Kugadzika sam.ldb rootDSE kutara seyakawiriraniswa Kugadziridza kupihwa maGIDZKugadziriswa kweKerberos kwakakodzera Samba 4 kwave kugadzirwa pa / usr/local/samba/private/krb5.conf Kumisikidza manyepo yp sevha masetera Kana mafaira ari pamusoro akaiswa, yako Samba4 server ichave yakagadzirira kushandisa Server Role: inoshanda dhairekitori controller Hostname: tenzi NetBIOS Domain: SWL DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556
Ngatirege kukanganwa kuteedzera iyo Kerberos yekumisikidza faira sekuratidzwa nekubuda kweiyo Kugadzirisa:
midzi @ tenzi: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Kuti usataure rairo samba-chombo nezita rako rizere, tinogadzira chinongedzo chine zita pfupi turusi:
midzi @ tenzi: ~ # ln -s / usr / yemuno / samba / bin / samba-chishandiso / usr / yemuno / samba / bin / chishandiso
Isu tinoisa iyo NTP
Chikamu chakakosha muA Active Directory ndiyo Network Nguva Sevhisi.Sezvo kuvimbiswa kunoitwa kuburikidza neKerberos nemaThikiti ayo, kuwiriraniswa kwenguva neiyo Samba 4 AD-DC kwakakosha.
midzi @ tenzi: ~ # kugona kuisa ntp midzi @ tenzi: ~ # mv /etc/ntp.conf /etc/ntp.conf.original midzi @ tenzi: ~ # nano /etc/ntp.conf driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd statistics loopstats peerstats mawatchstats filegen loopstats faira loopstats mhando zuva rinogonesa filegen peerstats faira peerstats mhando zuva rinogonesa filegenstats faira mawatchstats wachi rudzi zuva gonesa server 192.168.10.1 pedza -4 default kod notrap sarudza nopeer noquery gadzirisa -6 default kod notrap nomodify nopeer noquery rambidza default mssntp rambidza 127.0.0.1 rambidza :: 1 nhepfenyuro 192.168.10.255 midzi @ tenzi: ~ # sevhisi ntp kutangazve midzi @ tenzi: ~ # sevhisi ntp chinzvimbo midzi @ tenzi: ~ # muswe -f / var / log / syslog
Kana uchiongorora iyo syslog uchishandisa rairo iri pamusoro kana kushandisa chinyorwa -f tinowana meseji:
Jun 19 12:13:21 master ntpd_intres [1498]: mubereki akafa tisati tapedza, achibuda
isu tinofanirwa kutangazve sevhisi uye edza zvakare. Iye zvino tinogadzira iyo folda ntp_signd:
midzi @ tenzi: ~ # ls -ld / usr / yemuno / samba / var / lib / ntp_signd
ls: / usr / yemuno / samba / var / lib / ntp_signd haigone kuwanikwa: Faira kana dhairekitori haripo
midzi @ tenzi: ~ # mkdir / usr / yemuno / samba / var / lib / ntp_signd
midzi @ tenzi: ~ # chown mudzi: ntp / usr / yemuno / samba / var / lib / ntp_signd /
midzi @ tenzi: ~ # chmod 750 / usr / yemuno / samba / var / lib / ntp_signd / mudzi @ tenzi: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /
# Sekukumbirwa pa samba.wiki.org
midzi @ tenzi: ~ # ls -ld / usr / yemuno / samba / var / lib / ntp_signd
drwxr-x --- 2 mudzi ntp 4096 Jun 19 12: 21 / usr / yemuno / samba / var / lib / ntp_signd
Isu tinogadzirisa iyo Samba kutanga kushandisa systemd
midzi @ tenzi: ~ # nano /lib/systemd/system/samba-ad-dc.service [Sevhisi] Type = forking PIDFile = / usr / yemuno / samba / var / run / samba.pid LimitNOFILE = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / kuuraya -HUP $ MAINPID [Isa] WantedBy = multi-user.target midzi @ tenzi: ~ # systemctl inogonesa samba-ad-dc midzi @ tenzi: ~ # reboot midzi @ tenzi: ~ # systemctl chimiro samba-ad-dc midzi @ tenzi: ~ # systemctl chimiro ntp
Samba 4 AD-DC faira nzvimbo
ALL -kubvisa iyo ichangogadzirwa samba-ad-dc.service- mafaera ari mu:
midzi @ tenzi: ~ # ls -l / usr / yemuno / samba / Yakazara 32 drwxr-sr-x 2 midzi vashandi 4096 Jun 19 11:55 ndiri drwxr-sr-x 2 midzi vashandi 4096 Jun 19 11:50 nezvimwewo drwxr-sr-x 7 midzi vashandi 4096 Jun 19 11:30 inosanganisira drwxr-sr-x 15 midzi vashandi 4096 Jun 19 11:33 lib drwxr-sr-x 7 midzi vashandi 4096 Jun 19 12:40 voga drwxr-sr-x 2 midzi vashandi 4096 Jun 19 11:33 sbin drwxr-sr-x 5 midzi vashandi 4096 Jun 19 11:33 mugove drwxr-sr-x 8 midzi vashandi 4096 Jun 19 12:28 aiva
mune yakanakisa UNIX maitiro. Zvinogara zvichikurudzirwa kuti utarise mumafaira akasiyana uye ongorora zvirimo.
/Usr/local/samba/etc/smb.conf faira
midzi @ tenzi: ~ # nano /usr/local/samba/etc/smb.conf # Global parameter [yepasi rose] netbios zita = MASTER realm = SWL.FAN workgroup = SWL dns forwarder = 8.8.8.8 server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns server role = inoshanda dhairekitori dhairekitori inobvumira dns inogadziridza = chengetedza chete idmap_ldb: shandisa rfc2307 = hongu idmap gadziriro *: backend = tdb idmap gadziriro *: renji = 1000000-1999999 ldap server inoda yakasimba auth = hapana printcap zita = / dev / null [netlogon] nzira = / usr/local/samba/var/locks/sysvol/swl.fan/scripts verenga chete = Kwete [sysvol] nzira = / usr / yemuno / samba / var / kukiya / sysvol verenga chete = Kwete midzi @ tenzi: ~ # testparm Load smb gadzira mafaera kubva /usr/local/samba/etc/smb.conf Chikamu chekugadzirisa "[netlogon]" Chikamu chekugadzirisa "[sysvol]" Yakachengetwa faira faira OK. Basa reSeva: ROLE_ACTIVE_DIRECTORY_DC Dzvanya pinda kuti uone dutu rerondedzero dzebasa rako # Global parameter [global] realm = SWL.FAN workgroup = SWL dns forwarder = 192.168.10.1 ldap server inoda yakasimba auth = Hapana passdb backend = samba_dsdb server basa = inoshanda dhairekitori domain controller rpc_server: tcpip = no rpc_daemon: yakanamirwa rpc_server: spoolss = yakadzamidzirwa rpc_server: winreg = yakadzamidzirwa rpc_server: ntsvcs = yakadzamidzirwa rpc_server: : ekunze mapaipi = ichokwadi idmap gadziriro *: danga = 1000000-1999999 idmap_ldb: shandisa rfc2307 = hongu idmap gadziriro *: backend = tdb mepu yekuchengetedza = Hapana mepu readonly = hapana chitoro dos hunhu = Hongu vfs zvinhu = dfs_samba4 acl_xattr [netlogon] nzira = / usr / local / samba / var / locks / sysvol / swl.fan / scripts verenga chete = Kwete [sysvol] path = / usr / local / samba / var / locks / sysvol read only = No
Minimal macheki
midzi @ tenzi: ~ # chishandiso dura renzvimbo showa Domain uye masango anoshanda padanho reruzivo 'DC = swl, DC = fan' Musango mashandiro enzvimbo: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Yakaderera basa chikamu cheDC: (Windows) 2008 R2 midzi @ tenzi: ~ # ldapsearch -x -W midzi @ tenzi: ~ # chishandiso dbcheck Kuongorora zvinhu makumi maviri nezviviri zvakatarisa zvinhu makumi maviri nemaviri midzi @ tenzi: ~ # kinit Administrator Pasiwedhi ye Administrator@SWL.FAN: midzi @ tenzi: ~ # klist -f Tikiti cache: FILE: / tmp / krb5cc_0 Kutanga default: Administrator@SWL.FAN Yakakodzera kutanga Inopera Service main 19/06/17 12:53:24 19/06/17 22:53:24 krbtgt/SWL.FAN@SWL.FAN kuvandudza kusvika 20/06/17 12:53:18 PM, Mireza: RIA midzi @ tenzi: ~ # kdestroy midzi @ tenzi: ~ # klist -f klist: Credentials cache file '/ tmp / krb5cc_0' haina kuwanikwa midzi @ tenzi: ~ # smbclient -L yemunohost -U% Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Sevhisi (Samba 4.5.1) Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Server Koment ------- ------- Workgroup Master ---- ----- ------- midzi @ tenzi: ~ # smbclient // localhost / netlogon -UAdministrator -c 'ls' Pinda password ya Administrator: Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 mabhuroko ehukuru 1024. 16198044 mabhuroko aripo midzi @ tenzi: ~ # chishandiso dns serverinfo tenzi -U maneja midzi @ tenzi: ~ # inomiririra -t SRV _ldap._tcp.swl.fan _ldap._tcp.swl.fan ine SRV rekodhi 0 100 389 master.swl.fan. midzi @ tenzi: ~ # inomiririra -t SRV _kerberos._udp.swl.fan _kerberos._udp.swl.fan ine SRV rekodhi 0 100 88 master.swl.fan. midzi @ tenzi: ~ # inomiririra -t Tenzi.swl.fan master.swl.fan ine kero 192.168.10.5 midzi @ tenzi: ~ # inomiririra -t SOA swl.fan swl.fan ine SOA rekodhi tenzi.swl.fan. hostmaster.swl.fan. 1 900 600 86400 3600 midzi @ tenzi: ~ # inomiririra -t NS swl.fan swl.fan zita server master.swl.fan. midzi @ tenzi: ~ # inomiririra -t MX swl.fan swl.fan haina MX rekodhi midzi @ tenzi: ~ # samba_dnsupdate --verbose midzi @ tenzi: ~ # chishandiso mushandisi runyorwa Administrator krbtgt Muenzi midzi @ tenzi: ~ # chishandiso cheboka runyorwa # Zvinobuda iboka remapoka. ;-)
Isu tinotungamira iyo ichangobva kuiswa Samba 4 AD-DC
Kana isu tichida kugadzirisa kupera kupera mumazuva e Administrator password. kuomarara kwemaphasiwedi; hushoma hurefu hwepassword; hushoma uye hwakareba hurefu - mumazuva- ephasiwedi; uye chinja Administrator password yakaziviswa panguva ye Kugadzirisa, isu tinofanirwa kuteedzera inotevera mirairo ne tsika dzakagadziridzwa kune zvaunoda:
midzi @ tenzi: ~ # chishandiso
Usage: samba-chishandiso Main samba manejimendi manejimendi. Sarudzo: -h, --help ratidza urwu rubatsiro meseji uye buda Shanduro Sarudzo: -V, --version Ratidza vhezheni yenhamba Inowanikwa subcommands: dbcheck - Tarisa renzvimbo yeAD dhatabhesi kuti uwane zvikanganiso. kutumwa - Kutumirwa kwevatumwa. dns - Domain Name Service (DNS) manejimendi. domain - Domain management. drs - Dhairekitori Yekudzokorora Services (DRS) manejimendi. dsacl - DS ACLs kudzvinyirira. fsmo - Flexible Imwe Tenzi Mashandiro (FSMO) manejimendi manejimendi. gpo - Boka Rezvematongerwo enyika Chinongedzo (GPO) manejimendi. boka - Boka manejimendi. ldapcmp - Enzanisa maviri ldap dhatabhesi. ntacl - NT ACLs kumanikidza. maitiro - Rondedzesa maitiro (kubatsira kukanganisa pamatanho pasina setproctitle). rodc - Verenga-Chete Domain Dhairekita (RODC) manejimendi. nzvimbo - Sites manejimendi. spn - Sevhisi Mukuru Webasa (SPN) manejimendi. testparm - Syntax tarisa iyo yekumisikidza faira. nguva - Dzosera iyo nguva pane server. mushandisi - Mushandisi manejimendi. Kuti uwane rumwe rubatsiro pane yakatarwa subcommand, ndapota nyora: samba-chishandiso (-h | --help)
midzi @ tenzi: ~ # chishandiso mushandisi setexpiry manejimendi --noexpiry
mudzi @ tenzi: ~ # chishandiso domain passwordsetset set --min-pwd-length = 7
midzi @ tenzi: ~ # chishandiso domain passwordsetset set --min-pwd-age = 0
midzi @ tenzi: ~ # chishandiso domain passwordsetset set --max-pwd-age = 60
midzi @ tenzi: ~ # chishandiso mushandisi setassword --filter = samaccountname = Administrator --newpassword = Passw0rD
Isu tinowedzera akati wandei DNS marekodhi
midzi @ tenzi: ~ # chishandiso dns
Kushandisa: samba-chishandiso dns Domain Name Service (DNS) manejimendi. Sarudzo: -h, --help ratidza urwu rubatsiro meseji uye buda Inowanikwa subcommands: wedzera - Wedzera DNS rekodhi kudzima - Bvisa DNS rekodhi query - Bvunza zita. roothints - Query midzi mazano. serverinfo - Query yeSeva ruzivo. gadziridza - Gadziridza DNS rekodhi zonerere - Gadzira nzvimbo. zonedelete - Delete a zone. zoneinfo - Query yeruzivo ruzivo. zonelist - Query yenzvimbo. Kuti uwane rumwe rubatsiro pane chaiyo subcommand, ndapota nyora: samba-chishandiso dns (-h | --help)
Tsamba server
midzi @ tenzi: ~ # chishandiso dns wedzera master swl.fan tsamba A 192.168.10.9 -U maneja midzi @ tenzi: ~ # chishandiso dns wedzera master swl.fan swl.fan MX "mail.swl.fan 10" -U maneja
Yakagadziriswa IP yemamwe maseva
midzi @ tenzi: ~ # chishandiso dns wedzera master swl.fan sysadmin A 192.168.10.1 -U maneja midzi @ tenzi: ~ # chishandiso dns wedzera master swl.fan fileserver A 192.168.10.10 -U maneja midzi @ tenzi: ~ # chishandiso dns wedzera master swl.fan proxy A 192.168.10.11 -U maneja midzi @ tenzi: ~ # chishandiso dns wedzera master swl.fan chat A 192.168.10.12 -U maneja
Reverse Zone
midzi @ tenzi: ~ # chishandiso dns zonecreate master 10.168.192.in-addr.arpa -U maneja Pasiwedhi ye [SWL \ maneja]: Zone 10.168.192.in-addr.arpa yakagadzirwa zvinobudirira midzi @ tenzi: ~ # chishandiso dns wedzera tenzi 10.168.192.in-addr.arpa 5 PTR master.swl.fan. -Mutungamiriri midzi @ tenzi: ~ # chishandiso dns wedzera tenzi 10.168.192.in-addr.arpa 9 PTR mail.swl.fan. -Mutungamiriri midzi @ tenzi: ~ # chishandiso dns wedzera tenzi 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. -Mutungamiriri midzi @ tenzi: ~ # chishandiso dns wedzera tenzi 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. -Mutungamiriri midzi @ tenzi: ~ # chishandiso dns wedzera tenzi 10.168.192.in-addr.arpa 11 PTR proxy.swl.fan. -Mutungamiriri midzi @ tenzi: ~ # chishandiso dns wedzera tenzi 10.168.192.in-addr.arpa 12 PTR chat.swl.fan. -Mutungamiriri
Macheki
midzi @ tenzi: ~ # chishandiso dns query master swl.fan tsamba ALL -U maneja Pasiwedhi ye [SWL \ maneja]: Zita =, Rekodhi = 1, Vana = 0 A: 192.168.10.9 (mireza = f0, serial = 2, ttl = 900) midzi @ tenzi: ~ # inomiririra tenzi master.swl.fan ine kero 192.168.10.5 midzi @ tenzi: ~ # inomiririra sysadmin sysadmin.swl.fan ine kero 192.168.10.1 midzi @ tenzi: ~ # inomiririra tsamba mail.swl.fan ine kero 192.168.10.9 midzi @ tenzi: ~ # host chat chat.swl.fan ine kero 192.168.10.12 midzi @ tenzi: ~ # proxy inomiririra proxy.swl.fan ine kero 192.168.10.11 midzi @ tenzi: ~ # inomiririra fileserver fileserver.swl.fan ine kero 192.168.10.10 root @ master: ~ # inomiririra 192.168.10.1 1.10.168.192.in-addr.arpa domain name pointer sysadmin.swl.fan. root @ master: ~ # inomiririra 192.168.10.5 5.10.168.192.in-addr. root @ master: ~ # inomiririra 192.168.10.9 9.10.168.192.in-addr.arpa domain name pointer mail.swl.fan. root @ master: ~ # inomiririra 192.168.10.10 10.10.168.192.in-addr.arpa domain name pointer fileserver.swl.fan. root @ master: ~ # inomiririra 192.168.10.11 11.10.168.192.in-addr.arpa domain name pointer proxy.swl.fan. root @ master: ~ # inomiririra 192.168.10.12 12.10.168.192.in-addr.arpa domain name pointer chat.swl.fan.
Kune vanoda kuziva
midzi @ tenzi: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/ DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | grep dn:
Tinowedzera vashandisi
midzi @ tenzi: ~ # chishandiso mushandisi
Kushandisa: samba-chishandiso mushandisi Mushandisi manejimendi. Sarudzo: -h, --help ratidza urwu rubatsiro meseji uye buda Inowanikwa subcommands: wedzera - Gadzira mushandisi mutsva. gadzira - Gadzira mushandisi mutsva. bvisa - Delete mushandisi. Disable - Disable mushandisi. ita - Bvumira mushandisi. getpassword - Tora iyo password minda yemushandisi / komputa account. rondedzero - Nyora vese vashandisi. password - Chinja password yeiyo mushandisi account (iyo yakapihwa mune yechokwadi). setexpiry - Seta kupera kweakaundi account. setpassword - Gadza kana kuseta pasiwedhi yeakaundi account. syncpasswords - Sync iyo password yeakaundi account. Kuti uwane rumwe rubatsiro pane chaiyo subcommand, ndapota nyora: samba-chishandiso mushandisi (-h | --help)
midzi @ tenzi: ~ # chishandiso mushandisi gadzira matanho Trancos01
Mushandisi 'trancos' akagadzirwa zvinobudirira
midzi @ tenzi: ~ # chishandiso mushandisi gadzira gandalf Gandalf01
Mushandisi 'gandalf' akagadzirwa zvinobudirira
midzi @ tenzi: ~ # chishandiso mushandisi gadzira legolas Legolas01
Mushandisi 'legolas' akagadzirwa zvinobudirira
midzi @ tenzi: ~ # chishandiso mushandisi runyorwa
Administrator gandalf legolas anotora krbtgt Guest
Administration kuburikidza graphical interface kana kuburikidza newebhu mutengi
Shanyira wiki.samba.org kuti uwane ruzivo rwakadzama nezve maitiro ekuisa iyo Microsoft RSAT o Remote Server Dhairekitori Zvishandiso. Kana iwe usiri kuda echinyakare marongero akapihwa neMicrosoft Active Directory, unogona kuisa iyo package ldap-account-maneja iyo inopa iri nyore interface yekutungamira kuburikidza newebhu browser.
- Windows 10, XNUMX, XNUMX: https://www.microsoft.com/en-us/download/details.aspx?id=45520
- Windows 8.1, XNUMX, XNUMX: http://www.microsoft.com/en-us/download/details.aspx?id=39296
- Windows 8, XNUMX, XNUMX: http://www.microsoft.com/en-us/download/details.aspx?id=28972
- Windows 7, XNUMX, XNUMX: http://www.microsoft.com/en-us/download/details.aspx?id=7887
Iyo Microsoft Remote Server Administration Zvishandiso (RSAT) purogiramu package inosanganisirwa pane Windows Server anoshanda masystem
Isu tinojoina duraini kune Windows 7 mutengi anonzi "nomwe"
Sezvo isu tisina DHCP server mune network, chinhu chekutanga chatinofanira kuita kugadzirisa kadhi yemutengi kadhi ine IP yakatarwa, kuzivisa kuti iyo yekutanga DNS ichave iyo IP yeiyo samba-ad-dc, uye tarisa kuti sarudzo "Nyora kero yekubatanidza iyi muDNS" yakaitwa. Hazvina simbe kutarisa kuti zita «nomwe»Haisati yanyoreswa muSamba Yemukati DNS.
Mushure mekunge tabatana nekombuta kune ino dome uye woitangazve, ngatiedzei kupinda nemushandisi «matanho«. Tichaongorora kuti zvese zvinoshanda zvakanaka. Izvo zvinokurudzirwawo kutarisa maWindows Client matanda uye kutarisa kuti nguva yacho yakanyatsoenderana sei.
Ma Administrator ane ruzivo rweWindows vanozoona kuti chero cheki dzavanoita pane mutengi dzinozopa zvinogutsa.
Resumen
Ndinovimba chinyorwa chinobatsira kune vaverengi veCommunity. DesdeLinux.
Sara mushe!
Yakareba asi yakadzama chinyorwa, yakanaka kwazvo nhanho nhanho pamaitiro ekuita zvese.
Ini ndinosimbisa NIS, chokwadi ndechekuti kunyangwe ndichiziva nezve kuvapo kwayo, handina kumbobvira ndanyatso kuziva mashandiro ayo, nekuti kutaura chokwadi zvaigara zvichindipa fungidziro yekuti yaive yakafa padhuze neLDAP neSamba 4
PS: Makorokoto pabasa rako nyowani! Zvinonzwisa tsitsi kuti hausi kuzoramba uchinyora pano, asi zvirinani pane nzvimbo yekutevera.
Huge Tutorial senguva dzose kune vandinoda, Kwaziso Fico.
Makorokoto pachirongwa.
Chikamu cheNIS chakakura, ndinonzwira tsitsi Gonzalo Martinez, ndaizviziva muchidimbu asi ndakanga ndisingazive maitiro ekuishandisa uye mune mamiriro api ayo anoshandiswa.
Ndatenda kamwechete kune rakakura "trunk" yedzidziso uye inoshanda chinyorwa.
Pakupedzisira kubudirira kutsva muchirongwa chako chitsva «gigainide».
Ndatenda zvikuru munhu wese wekutaura !!!.
Reply with quote
iyo smb.conf yaunoratidza haina kana chinongedzo neLDAP, ndizvo here nechinangwa kana kuti ndakasiya chimwe chinhu?
mussol: Iyi iSamba 4 Inoshanda Domain Dhairekita iyo inotova neyakavakirwa-mukati LDAP server.
Unogona here kutaura maitiro ekubatanidza mac (apple) kune samba 4 AD-DC?
Ndinokutendai.
Makadii;
Kutenda bhuku remanyorero, rakanaka. Ndine mubvunzo nezve meseji inoratidzika kwandiri.
midzi @ AD: ~ # nping -tcp -p 53 -c 3 ad.rjsolucionessac.com
Yakundikana kugadzirisa yakapihwa hostname / IP: ad.rjsolucionessac.com. Ziva kuti haugone kushandisa '/ mask' Uye '1-4,7,100-' dhizaini IP maseru
Haugone kuwana chakakodzera chinangwa. Ndokumbirawo muve nechokwadi chekuti yakatarwa inomisikidzwa ingave IP kero mune yakajairwa notation kana mazita emahara anogona kugadziriswa neDNS
midzi @ AD: ~ #