SWL Network (IV): Ubuntu Precise uye ClearOS. SSSD kuvimbiswa kunopesana neyekuzvarwa LDAP.

fico

7 maminitsi

Mhoro shamwari !. Yakananga kune iyo poindi, kwete usati waverenga chinyorwa «Nhanganyaya kune Network ine Mahara Software (I): Mharidzo yeClearOS»Uye dhawunirodha iyo clearOS Nhanho-nhanho yekuisa mifananidzo package (1,1 mega), kuti uzive zvatiri kutaura nezvazvo. Pasina kuverenga ikoko zvinenge zvakaoma kutitevera. Zvakanaka? Tsika yekupererwa.

Sisitimu Yekuchengetedza Service Daemon

Purogiramu SSD o Daemon yeiyo System Security Service, chirongwa che Fedora, iyo yakazvarwa kubva kune chimwe chirongwa - zvakare kubva kuna Fedora- inonzi YemaharaIPA. Zvinoenderana nevakagadziri vayo, tsananguro ipfupi uye yakasununguka inoshandurwa ichave iri:

SSSD ibasa rinopa mukana kune akasiyana eVatisi uye Vanopa vimbiso. Iyo inogona kugadzirirwa kune yemuno LDAP domeini (LDAP-yakavakirwa chitupa mupi ane LDAP kusimbiswa), kana kune yeLDAP chitupa mupi neKerberos kuvimbiswa. SSSD inopa iyo interface kune system kuburikidza SSN y PAM, uye inowoneka Kudzoka End kuti ubatanidze kune akawanda uye akasiyana nhoroondo mavambo.

Isu tinotenda kuti takatarisana nemhinduro yakakwana uye yakasimba yekusimbisa nekusimbiswa kwevashandisi vakanyoreswa muWorldLDAP, pane idzo dzakataurwa muzvinyorwa zvakapfuura, chinhu chakasiirwa kungwara kwevanhu vese uye nezviitiko zvavo.

Mhinduro yakatsanangurwa muchinyorwa chino ndiyo yakanyanya kukurudzirwa kumakomputa efoni uye malaptop, nekuti zvinotibvumidza kuti tishande zvisina kukamurwa, nekuti SSSD inochengetedza humbowo pakombuta yemuno.

Semuenzaniso network

  • Domain Dhairekita, DNS, DHCP: Bvisa Enterprise 5.2sp1.
  • Anodzora Zita: cents
  • Domain Name: shamwari.cu
  • Mutungamiriri IP: 10.10.10.60
  • ---------------
  • Ubuntu shanduro: Ubuntu Desktop 12.04.2 Zvakanyatsojeka.
  • Chikwata chechikwata: zvakananga
  • IP kero: Uchishandisa DHCP

Isu tinogadzirira yedu Ubuntu

Isu tinoshandura iyo faira /etc/lightdm/lightdm.conf kugamuchira bhuku rekupinda, uye tinokusiya uine zvinotevera zvirimo:

[SeatDefaults] kwaziso-musangano = kubatana-kwaziso mushandisi-musangano = ubuntu kwaziso-kuratidza-bhuku-rekupinda = chokwadi kwaziso-kuviga-vashandisi = chokwadi tendera-muenzi = manyepo

Mushure mekuchengetedza shanduko, isu tinotangazve iyo lightdm mune koni yakakumbirwa na Ctrl+Alt+F1 uye mairi tinoita, mushure mekupinda mukati, sudo service lightdm kutangazve.

Inokurudzirwa zvakare kugadzirisa iyo faira / etc / maoko ndokusiya iine zvirimo zvinotevera:

127.0.0.1 localhost 127.0.1.1 chaiyo.amigos.cu chaiyo [----]

Nenzira iyoyo tinowana mhinduro dzakakodzera kumirairo hostname y zita reimba -fqdn.

Isu tinoongorora kuti seDVDAP iri kushanda

Isu tinoshandura iyo faira /etc/ldap/ldap.conf uye isa iyo package ldap-zvishandiso:

: ~ $ sudo nano /etc/ldap/ldap.conf
[----] BASE dc = shamwari, dc = cu URI ldap: //centos.amigos.cu [----]
: ~ $ sudo aptitude yekuisa ldap-zvishandiso: ~ $ ldapsearch -x -b 'dc = shamwari, dc = cu' '(objectclass = *)': ~ $ ldapsearch -x -b dc = shamwari, dc = cu 'uid = matanho '
: ~ $ ldapsearch -x -b dc = shamwari, dc = cu 'uid = legolas' cn gidNumber

Nemirairo miviri yekupedzisira, tinotarisa kuwanikwa kweiyo OpenLDAP server yeedu ClearOS. Ngatitarisei zvakanaka kubuda kwemirairo yapfuura.

Zvakakosha: isu takaongorora zvakare kuti iyo Chitupa Sevhisi mune yedu OpenLDAP server inoshanda nemazvo.

network-swl-04-vashandisi

Isu tinoisa iyo sssd package

Inokurudzirwa zvakare kuisa iyo package chigunwe kugadzira macheki anonwa kupfuura iyo ldapsearch:

: ~ $ sudo kukodzera kuisa sssd munwe

Pakupera kwekumisikidza, sevhisi ssd haitange nekuda kwekushaya faira /etc/sssd/sssd.conf. Kuburitswa kwekuisirwa kunoratidza izvi. Naizvozvo, isu tinofanirwa kugadzira iyo faira uye tisiye iyo ne chinotevera chidiki zvemukati:

: ~ $ sudo nano /etc/sssd/sssd.conf
[sssd] config_file_version = 2 services = nss, pam # SSSD haizotanga kana usinga gadzire chero domains. # Wedzera masisitimu matsva senge [domeini / ] zvikamu, uye # wobva wawedzera runyorwa rwemasimba (marongero aunoda kuti ivo vabvunzwe # kune "madomeni" hunhu pazasi uye wozorora. domains = amigos.cu [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 # LDAP domain [domain / amigos.cu] id_provider = ldap
munyori_provider = ldap
chpass_provider = ldap # ldap_schema inogona kuiswa ku "rfc2307", iyo inochengeta mazita enhengo dzeboka mu # "memberuid" hunhu, kana ku "rfc2307bis", iyo inochengetera nhengo yeboka reDNs mu # iyo "nhengo" Kana iwe usingazive kukosha uku, bvunza yako LDAP # maneja. # inoshanda neCryOS ldap_schema = rfc2307
ldap_uri = ldap: //centos.amigos.cu
ldap_search_base = dc = shamwari, dc = cu # Ziva kuti kugonesa kuverenga kuchave neyakaenzana mashandiro ekuita. # Nekudaro, iyo yekusarudzika kukosha kwekufungidzira ndeye FALSE. # Tarisa kune iyo sssd.conf peji remurume kuti uwane yakazara ruzivo. enumerate = false # Bvumira isingawanikwe malogi nekuno chengetedza password hashes (default: false). cache_credentials = ichokwadi
ldap_tls_reqcert = bvumira
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt

Kana iyo faira rave rakagadzirwa, isu tinopa iwo anoenderana mvumo uye kutangazve sevhisi:

: ~ $ sudo chmod 0600 /etc/sssd/sssd.conf
: ~ $ sudo service sssd kutanga

Kana isu tichida kufumisa zvirimo mufaira rapfuura, tinokurudzira kuitisa murume sssd.conf uye / kana kubvunza izvo zviripo zvinyorwa paInternet, kutanga nehukama pakutanga kwenyaya. Uyezve bvunza murume sssd-ldap. Iyo pasuru ssd inosanganisira muenzaniso mu /usr/share/doc/sssd/examples/sssd-example.conf, iyo inogona kushandiswa kuratidza ichipesana neMicrosoft Active Directory.

Zvino isu tinogona kushandisa inonyanya kunwa mirairo chigunwe y getent:

: ~ $ zvigunwe zvemunwe
Kupinda: inofamba Zita: Inotora El Rey Dhairekitori: / imba / inokamba Shell: / bin / bash Haana kumbopinda mukati. Hapana tsamba. Kwete Chirongwa.

: ~ $ sudo inopinda passwd legolas
legolas: *: 1004: 63000: Legolas The Elf: / home / legolas: / bin / bash

Hatichakwanise kumhanya uye kuyedza kuratidza semushandisi pane server yeLDAP. Tisati tashandura iyo faira /etc/pam.d/common-session, kuitira kuti dhairekitori remushandisi rikwanise kugadzirwa paunotanga chikamu chako, kana chisipo, wobva watangazve sisitimu:

[----]
chikamu chinodiwa pam_mkhomedir.so skel = / etc / skel / umask = 0022

### Mutsara uri pamusoro unofanirwa kusanganisirwa PASI
# heano ma-package mapakeji (iyo "Yekutanga" block) [----]

Zvino kana isu tikazotangazve:

: ~ $ sudo reboot

Mushure mekupinda mukati, bvisa network uchishandisa Connection Manager uye pinda kunze uye dzokera mukati. Faster hapana. Mhanya mune imwe terminal ifconfig uye ivo vachaona kuti iyo eth0 haina kugadziridzwa zvachose.

Shandisa network. Ndokumbira upinde uye upinde zvakare. Tarisa zvakare ne ifconfig.

Ehezve, kuti ushande pasiri pamhepo, zvakafanira kutanga chikamu kanokwana kamwe apo OpenLDAP iri online, kuitira kuti humbowo huponeswe pakombuta yedu.

Ngatirege kukanganwa kuita wekunze mushandisi akanyoreswa muOldLDAP nhengo yemapoka anodikanwa, achigara achiteerera mushandisi akagadzirwa panguva yekumisikidzwa

Kana iyo michina isingade kudzimwa ne applet zvinoenderana, wobva wamhanya mukoni sudo simbaoff kudzima, uye sudo reboot kutangazve. Inosara kuti uone kuti nei zviri pamusoro dzimwe nguva zvichiitika.

chitsamba:

Dudzira sarudzo ldap_tls_reqcert = never, mufaira /etc/sssd/sssd.conf, Inoita njodzi yekuchengetedza sezvakataurwa papeji SSSD - MIBVUNZO. Iko kusakosha kukosha kuri «chinodikanwa«. Maona murume sssd-ldap. Zvisinei, muchitsauko 8.2.5 Kugadziridza Domains Kubva kuFedora zvinyorwa, zvinotevera zvinotaurwa:

SSSD haitsigire chokwadi pamusoro peiyo isina kunyorwa chiteshi. Nekudaro, kana iwe uchida kuratidza uchipesana ne server yeLDAP, chero TLS/SSL or LDAPS inoda.

SSD haina kutsigira kusimbiswa pamusoro pekodhi isina kunyorwa. Naizvozvo, kana iwe uchida kuratidza uchipesana ne server yeLDAP, zvichave zvakakodzera WDC / SLL o LDAP.

Isu pachedu tinofunga kuti mhinduro yagadziriswa inokwana Enterprise LAN, kubva kunzvimbo yekuchengetedza yekutarisa. Kuburikidza neWWW Village, tinokurudzira kushandisa nzira yakavharidzirwa uchishandisa TLS kana «Yekutakura Yekuchengetedza Layer », Pakati pekombuta yekombuta uye sevha.

Isu tinoedza kuzadzisa izvi kubva pachizvarwa chakakodzera cheSeti Signed zvitupa kana «Kuzvisainira "Pane iyo ClearOS server, asi isu hatina kukwanisa. Iri iri nyaya yakamirira. Kana chero muverengi achiziva kuzviita, gamuchira kuti utsanangure!

matanho-akabviswa


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   ichit akadaro
    inoita 10 makore

    Chimwe chinyorwa kuMabhukumaki 😀

    Pindura kuna elav
    1.    federico akadaro
      inoita 10 makore

      Ndatenda nekupindura uye Kwaziso !!!

      Pindura kuna federico
  2.   Joel akadaro
    inoita 10 makore

    Mhoro. Ndiri kuyedza kuti iite iishande neye server server uye imwe ubuntu sevatengi, uye zvakabatana zvese zvinoshanda nemazvo, asi pandinomisa sevha kana kukatanura network, haigamuchire mapassword evashandisi. Ini handina zano rekuti ndingave ndichitadzei. Zvingave zvakadaro nekuti ini handina ldap server yakagadzirirwa kushandisa chengetedzo (ssl)?

    Pindura joel
    1.    braybaut akadaro
      inoita 9 makore

      Ndicho chaizvo chikonzero, sezvo iwe usina nzira yakavharidzirwa, haigamuchire password yako.

      Pindura braybaut