PAM, NIS, LDAP, Kerberos, DS iyo Samba 4 AD-DC - Shabakadaha SMB

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Waad salaaman tihiin asxaabta iyo asxaabta!

Maqaalkan waxaan ku leeyahay Nabadgelyo Beesha FromLinux. Sagootin gaar ah oo loogu talagalay Beel Gaara. Wixii hada ka dambeeya waxaan ku jiraa mashruucayga shaqsiyeed ee aad ku ogaan karto http://www.gigainside.com.

Ujeeddada ugu weyn ee boostada waa in la bixiyo «Sawirka Weyn»Ku saabsan Adeegyada Xaqiijinta ee leh Software-ka Bilaashka ah ee aan gacanta ku hayno. Uguyaraan taasi waa ujeedkeenna. Sidaa darteed way sii dheeraaneysaa, in kasta oo aan ognahay inay ka soo horjeeddo xeerarka guud ee qorista maqaallada. Waxaan rajeyneynaa in Maamulayaasha Nidaamku ay qadarin doonaan.

Waxaan dooneynaa inaan tilmaanno in nidaamka guud ee nidaamyada sugida casriga ahi ay yihiin LDAP, iyo in aysan caajis ahayn in si taxaddar leh loo barto, iyadoo lagu saleynayo maaddada daraasadda ee aan ka heli doonno goobta rasmiga ah http://www.openldap.org/.

Ma bixin doonno qeexitaanno faahfaahsan - ama xiriirinno - dhinacyada lagu wajahay maqaaladi hore, ama kuwa sharraxaaddooda si fudud looga heli karo Wikipedia ama bogagga kale ama qormooyinka internetka, si aan loo lumin ujeeddada farriinta aan dooneyno inaan bixino. Waxaan sidoo kale adeegsan doonnaa magacyo isku dhafan oo Ingiriis iyo Isbaanish ah, maaddaama aan tixgelinayno in nidaamyada badankood ay ku dhasheen magacyo ku qoran Ingiriisi waana wax aad u faa'iido badan Sysadmin inuu ku mideeyo afkooda asalka.

  • PAM: Module Aqoonsiga la Qaadan karo.
  • NIS: Adeeg_Sheekad_Bog-gaadhsiin.
  • LDAP: Habmaamuuska Galitaanka Buugga Khafiifka ah.
  • Kerberos: Borotokoolka amniga si loo xaqiijiyo isticmaaleyaasha, kombiyuutarada iyo adeegyada bartamaha shabakadda, iyadoo la xaqiijinayo aqoonsigooda ka soo horjeedka gelitaanka jira ee keydka Kerberos.
  • DS: Tusaha Adeega ama Adeegga Tusaha
  • AD-DC: Tusaha Firfircoon - Controler Domain

Index

PAM

Waxaan u hibeynay taxane yar noocan ah aqoonsiga maxalliga ah, kaas oo aad ku arki doonto hawl maalmeedka in si ballaaran loo adeegsado marka, tusaale ahaan, aan ku biirno xarun shaqo Goobta Maamulaha ama Tilmaamaha Firfircoon khariidaynta isticmaalayaasha ku kaydsan keydadka keydka ee LDAP sidii ay yihiin isticmaaleyaasha deegaanka; in khariidadeeyo adeegsadayaasha ku kaydsan Domain Controller ee Diiwaanka Firfircoon sida haddii ay yihiin isticmaaleyaasha maxalliga ah, iwm

NIS

De Wikipedia:

  • Nidaamka Macluumaadka Shabakadda (oo loo yaqaan magaceeda loo soo gaabiyo NIS, oo Isbaanish ahaan loola jeedo Nidaamka Macluumaadka Shabakadda), waa magaca qawaaniinta adeegyada tusaha adeegga hagaha macmiilka ee ay soo saartay Sun Microsystems si loogu diro xogta qaabeynta ee nidaamyada loo qaybiyey sida magacyada isticmaaleyaasha iyo martigaliyayaasha inta udhaxeysa kombiyuutarada shabakada.NIS waxay ku saleysan tahay ONC RPC, waxayna ka kooban tahay server, maktabad dhinac macaamiil ah, iyo qalab maamul oo kala duwan.

    Asal ahaan NIS waxaa loogu yeeri jiray Bogagga Yellow, ama YP, oo wali loo adeegsado tixraaceeda. Nasiib darrose, magacaasi waa astaan ​​ganacsi oo ay leedahay shirkadda British Telecom, oo looga baahan yahay Sun inay ka saarto magacaas. Si kastaba ha noqotee YP wuxuu weli horgale u yahay magacyada inta badan amarrada la xiriira NIS, sida ypserv iyo ypbind.

    DNS waxay u adeegtaa macluumaad kooban, tan ugu muhiimsanina waa iswaafajinta magaca noodhka iyo cinwaanka IP-ga. Noocyada kale ee macluumaadka, ma jiro adeeg khaas ah oo noocaas ah. Dhinaca kale, haddii aad kaliya maamusho LAN yar oo aan lahayn isku xirnaanta internetka, uma muuqato mid mudan in la sameeyo DNS. Tani waa sababta ay Sun u soo saartay Nidaamka Macluumaadka Shabakadda (NIS). NIS waxay bixisaa awooda helitaanka xogta guud ee loo adeegsan karo in lagu qaybiyo, tusaale ahaan, macluumaadka ku jira passwd iyo kooxaha faylasha dhamaan nodeyaasha shabakadaada Tani waxay ka dhigeysaa shabakadda inay u ekaato hal nidaam, oo leh isla xisaab isku mid ah dhammaan noodhadhka. Sidoo kale, NIS waxaa loo isticmaali karaa in loogu qaybiyo macluumaadka magaca node ee ku jira / iwm / martigeliyaha dhammaan mashiinnada shabakadda.

    Maanta NIS waxaa laga heli karaa ficil ahaan dhammaan qeybinta Unix, waxaana jira xitaa hirgelinno bilaash ah. BSD Net-2 ayaa soo daabacday mid laga soo dheegtay hirgelinta tixraaca domainka ee ay ugu deeqday Sun. Koodhka maktabadda ee qaybta macaamiisha qaybtan ayaa muddo dheer ka jiray GNU / Linux libc, barnaamijyada maamulka waxaa GNU / Linux u gudbiyay Swen Thümmler. Si kastaba ha noqotee, serverka NIS ayaa ka maqan hirgelinta tixraaca.

    Peter Eriksson wuxuu soosaaray hirgelin cusub oo loogu magac daray NYS. Waxay taageertaa labadaba NIS aasaasiga ah iyo nooca kor loo qaaday ee Sun NIS +. [1] NYS ma bixiso oo keliya dhowr qalab oo NIS ah iyo server, laakiin sidoo kale waxay ku dareysaa tiro cusub oo ah howlaha maktabadda oo aad u baahan tahay inaad ku soo ururiso libc-gaaga haddii aad rabto inaad isticmaasho. Tan waxaa ka mid ah qorshe qaabeyn cusub oo loogu talagalay xallinta magaca noodhka kaasoo beddelaya nidaamka hadda ay adeegsadaan faylka "host.conf".

    GNU libc, oo loo yaqaan libc6 ee bulshada GNU / Linux, waxaa ku jira nooc la cusbooneysiiyay oo ka mid ah taageerada dhaqameed ee NIS ee uu soo saaray Thorsten Kukuk. Waxay taageertaa dhammaan howlaha maktabadda ay bixiso NYS, waxayna sidoo kale adeegsataa nidaamka qaabeynta NYS ee horumarsan. Qalabyada iyo adeegaha wali waa loo baahan yahay, laakiin isticmaalka GNU libc wuxuu badbaadinayaa dhibaatada dhajinta iyo dib u soo celinta maktabadda

    .

Kombuyuutarka iyo magaca domain, isku xirka shabakada iyo xalliyaha

  • Waxaan ka bilaabaynaa rakibid nadiif ah - oo aan lahayn shaxanka garaafka- ee Debian 8 "Jessie". Cinwaanka swl.fan waxaa loola jeedaa "Taageerayaasha Barnaamijka Bilaashka ah." Maxaa ka wanaagsan magacan?.
xididka @ master: ~ # magaca martida
Master
xididka @ sayidka: ~ # magaca martida -f
sayid.swl.fan

xididka @ sayidka: ~ # ip addr 1: waa: mtu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 baaxada martida lo ansax_lft weligiis doorbidaa_lft weligiis inet6 :: 1/128 baaxada martigeliyaha ansax_lft weligiis doorbiday_lft weligiis 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 4c: 76: d9 brd ff: ff: ff: ff: ff: ff inet 192.168.10.5/24 brd 192.168.10.255 baaxad caalami ah eth0 ansax_lft weligiis doorbid_lft weligiis inet6 fe80 :: 20c: 29ff: fe4c: 76d9 / 64 iskuxirka baaxada ansax_lft weligiis doorbiday_lft weligiis

xididka @ sayidka: ~ # bisad /etc/resolv.conf 
raadi swl.fan magac-bixiyaha 127.0.0.1

Rakibaadda bind9, isc-dhcp-server iyo ntp

xidho9

xididka @ sayidka: ~ # aptitude rakibi bind9 xidh9-doc wacanp
xididka @ sayidka: ~ # systemctl status bind9

xididka @ sayidka: ~ # nano /etc/bind/named.conf
ku dar "/etc/bind/named.conf.options"; ku dar "/etc/bind/named.conf.local"; ka mid ah "/etc/bind/named.conf.default-zones";

xididka @ sayidka: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original

xididka @ sayidka: ~ # nano /etc/bind/named.conf.options
xulashooyinka {directory "/ var / cache / bind"; // Haddii ay jirto gidaar u dhexeeya adiga iyo magac-bixiyayaasha aad rabto // inaad la hadasho, waxaa laga yaabaa inaad u baahato hagaajinta gidaarka si aad ugu oggolaato dhowr // dekadood inay la hadlaan. Eeg http://www.kb.cert.org/vuls/id/800113

        // Haddii shirkaddaada ISP ay bixisay hal ama in ka badan cinwaanada IP-ga ee xasilloon // magac-bixiyeyaasha, waxaad u badan tahay inaad u isticmaasho inay u gudbiyaan ahaan. // Faahfaahin boodhka soo socda, oo geli cinwaannada beddelaya // meeleeyaha dhammaan-0. // gudbiyeyaasha {// 0.0.0.0; //}; // ============================================== ===================== $ // Haddii BIND uu qoro farriimo khalad ah oo ku saabsan furaha xididku uu dhacay, // waxaad u baahan doontaa inaad cusboonaysiiso furayaashaada. Eeg https://www.isc.org/bind-keys
        // ============================================== ====================== $ // Ma dooneyno DNSSEC
        dnssec-karti maya;
        // dnssec-ansixinta otomaatiga; auth-nxdomain maya; # u hoggaansanaato RFC1035 dhegeysi-on-v6 {mid kasta; }; // Jeegaga ka imanaya localhost iyo sysadmin // iyada oo loo marayo dig swl.fan axfr // Ma lihin Addoon DNS ah ... illaa hadda
        ogolaansho-wareejin {localhost; 192.168.10.1; };
}; xididka @ sayidka: ~ # magacaabay-jeegga

xididka @ sayidka: ~ # nano /etc/bind/zones.rfcFreeBSD
// Meesha Cinwaanka La Wadaago (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Link-local / APIPA (RFCs 3927, 5735 and 6303)
aagga "254.169.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// Meeleynta borotokoolka IETF (RFCs 5735 iyo 5736)
aagga "0.0.192.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// TEST-NET- [1-3] Dukumintiga (RFCs 5735, 5737 iyo 6303)
soone "2.0.192.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "100.51.198.in-addr.arpa" {type master; faylka "/etc/bind/db.empty"; }; aagga "113.0.203.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IPv6 Tusaale Range Dukumiintiyeed (RFCs 3849 iyo 6303)
soonaha "8.bd0.1.0.0.2.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// Magacyada Domain ee Dukumintiga iyo Imtixaanka (BCP 32)
soonaha "tijaabada" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "tusaale" {nooca sayidkiisa; faylka "/etc/bind/db.empty"; }; soonaha "aan ansax ahayn" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "example.com" {type master; faylka "/etc/bind/db.empty"; }; soonaha "example.net" {type master; faylka "/etc/bind/db.empty"; }; aagga "example.org" {type master; faylka "/etc/bind/db.empty"; };

// Tijaabinta Qaamuuska 'Router Benchmark' (RFCs 2544 iyo 5735)
soone "18.198.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "19.198.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IANA waa la keydiyay - Meesha Old Class E Space (RFC 5735)
aagga "240.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "241.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "242.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "243.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "244.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "245.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "246.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "247.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "248.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "249.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "250.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "251.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "252.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "253.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "254.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IPv6 Cinwaanada Aan Loo Qorneyn (RFC 4291)
soonaha "1.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "3.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "4.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "5.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "6.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "7.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "8.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "9.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "a.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "b.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "c.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "d.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "e.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "0.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "1.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "2.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; aagga "3.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "4.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "5.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "6.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "7.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "8.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "9.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soone "afip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "bfip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "0.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "1.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "2.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "3.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "4.efip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "5.efip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "6.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "7.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IPv6 ULA (RFCs 4193 iyo 6303)
soonaha "cfip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "dfip6.arpa" {type master; faylka "/etc/bind/db.empty"; };

// IPv6 Link Local (RFCs 4291 iyo 6303)
soonaha "8.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "9.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "aefip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "befip6.arpa" {type master; faylka "/etc/bind/db.empty"; };

// IPv6 Cinwaanada Goobta-Deegaanka ee Hoos udhaca (RFCs 3879 iyo 6303)
soone "cefip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "defip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "eefip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "fefip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IP6.INT waa Hoos u dhac (RFC 4159)
soonaha "ip6.int" {nooca sayidka; faylka "/etc/bind/db.empty"; };

xididka @ sayidka: ~ # nano /etc/bind/named.conf.local
// // Wax kasta oo qaabeynta deegaanka ah halkan ku samee // // Tixgeli inaad ku darto aagagga 1918 halkan, haddii aan loo isticmaalin hay'addaada // ku dar "/etc/bind/zones.rfc1918";
ku dar "/etc/bind/zones.rfcFreeBSD";

// Bayaanka magaca, nooca, goobta, iyo cusboonaysiinta rukhsadda // ee aagagga Diiwaanada DNS // Labada aagagba waa aag MASTER ah "swl.fan" {type master; faylka "/var/lib/bind/db.swl.fan"; }; soonaha "10.168.192.in-addr.arpa" {type master; faylka "/var/lib/bind/db.10.168.192.in-addr.arpa"; };

xididka @ sayidka: ~ # magacaabay-jeegga

xididka @ sayidka: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ IN SOA master.swl.fan. xididka.master.swl.fan. (1; taxane 1D; qabooji 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha; @ IN NS master.swl.fan. @ IN MX 10 mail.swl.fan. @ IN 192.168.10.5 @ IN TXT "Loogu Talo Galay Taageerayaasha Barnaamijka Bilaashka ah"; sysadmin IN 192.168.10.1 fayl geeya A 192.168.10.4 master IN A 192.168.10.5 proxyweb IN a blog 192.168.10.6 IN a 192.168.10.7 ftpserver IN 192.168.10.8 mail IN A 192.168.10.9

xididka @ sayidka: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ IN SOA master.swl.fan. xididka.master.swl.fan. (1; taxane 1D; cusbooneysiin 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha; @ IN NS master.swl.fan. ; 1 IN PTR sysadmin.swl.fan. 4 Faylka faylka 'PTR' ee faylka.swl.fan. 5 gudaha PTR master.swl.fan. 6 INT wakiilka proxyweb.swl.fan. 7 INTER PTR blog.swl.fan. 8 Gudaha PTR ftpserver.swl.fan. 9 INTA LAGU SOO GALO boostada.swl.fan.

xididka @ sayidka: ~ # magacaabay-hubinta aag swl.fan /var/lib/bind/db.swl.fan
zone swl.fan/IN: taxane xamuul ah 1 Ok
xididka @ sayidka: ~ # magacaabay-jeeg 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
aagga 10.168.192.in-addr.arpa/IN: taxane xamuul ah 1 Ok

xididka @ sayidkiisa: ~ # magacaabay-jeegga -fanka -zp
xididka @ sayidka: ~ # systemctl dib u bilaabi bind9.service
xididka @ sayidka: ~ # systemctl status bind9.service

Jeegaanta Bind9

xididka @ master: ~ # qodo swl.fan axfr
xididka @ sayidka: ~ # qod 10.168.192.in-addr.arpa axfr
xididka @ ustaad: ~ # qodo SOA swl.fan
xididka @ ustaad: ~ # qodo NS swl.fan
xididka @ ustaad: ~ # qod MX swl.fan
xididka @ sayidka: ~ # proxyweb xididka martida ah @ ustaad: ~ # nping --tcp -p 53 -c 3 localhost
xididka @ sayidka: ~ # nping --udp -p 53 -c 3 localhost
xididka @ sayidka: ~ # nping --tcp -p 53 -c 3 master.swl.fan
xididka @ sayidka: ~ # nping --udp -p 53 -c 3 master.swl.fan
Laga bilaabo Nping 0.6.47 ( http://nmap.org/nping ) at 2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / Baakado cayriin ah oo la diray: 84 (0B) | Rcvd: 0 (3B) | Khasaaray: 100.00 (1%) Nping done: 3.01 Cinwaanka IP-ga ayaa lagu shubay XNUMX ilbidhiqsi 

isc-dhcp-server

xididka @ master: ~ # aptitude rakibi isc-dhcp-server
xididka @ sayidkiisa: ~ # nano / iwm / default / isc-dhcp-server
Waa kuwee weji intee le'eg ayuu adeegga DHCP (dhcpd) ugu adeegayaa codsiyada DHCP? # Kala sooc farabadan oo fara badan oo kala bannaan ah, tusaale "eth0 eth1".
ISGUDUB = "eth0"

xididka @ sayidka: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
xididka @ sayidka: ~ # bisad Kdhcp-key. +157 + 51777.private 
Qaab-furaha gaarka ah: v1.3 Algorithm: 157 (HMAC_MD5) Furaha: Ba9GVadq4vOCixjPN94dCQ == Gabdhaha: AAA = Abuurtay: 20170527133656 Daabac: 20170527133656 Dhaqdhaqaaq: 20170527133656

xididka @ master: ~ # nano dhcp.key
fure dhcp-key {
        algorithm hmac-md5;
        qarsoodi ahBa9GVadq4vOCixjPN94dCQ == ";
}; xididka @ sayidka: ~ # rakibi -o xididka -g xidho -m 0640 dhcp.key /etc/bind/dhcp.key xididka @ sayidka: ~ # rakib -o xididka -g xididka -m 0640 dhcp.key / iwm / dhcp /dhcp.key xididka @ sayidka: ~ # nano /etc/bind/named.conf.local
ka mid ah "/etc/bind/dhcp.key";

soonaha "swl.fan" {type master; faylka "/var/lib/bind/db.swl.fan";
        u oggolow-cusbooneysiin {fure dhcp-key; };
}; soonaha "10.168.192.in-addr.arpa" {type master; faylka "/var/lib/bind/db.10.168.192.in-addr.arpa";
        u oggolow-cusbooneysiin {fure dhcp-key; };
};

xididka @ sayidka: ~ # magacaabay-jeegga

xididka @ sayidka: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
xididka @ sayidka: ~ # nano /etc/dhcp/dhcpd.conf
ddns-cusbooneysiin-qaab kumeel gaar ah; ddns-cusbooneysiinta; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; iska indhatir cusboonaysiinta macmiilka; cusbooneysiin-cusbooneysiin been ah; # Waxaa looga baahan karaa amaahda Debian ikhtiyaarka ip-gudbinta; ikhtiyaar ikhtiyaar ah magac-domain "swl.fan"; ka mid ah "/etc/dhcp/dhcp.key"; aagga swl.fan. {aasaasiga 127.0.0.1; furaha dhcp-key; } aagga 10.168.192.in-addr.arpa. {aasaasiga 127.0.0.1; furaha dhcp-key; } wadajirka-shabakadda dib-u-cusboonaysiinta {subnet 192.168.10.0 netmask 255.255.255.0 {option router 192.168.10.1; ikhtiyaar hoosaadka-maaskaro 255.255.255.0; ikhtiyaarka baahinta-cinwaanka 192.168.10.255; ikhtiyaar ikhtiyaar ah magac-magac-server 192.168.10.5; xulashada netbios-magaca-server 192.168.10.5; xulashada ntp-server 192.168.10.5; xulashada waqtiga-server 192.168.10.5; baaxad 192.168.10.30 192.168.10.250; }}

xididka @ sayidka: ~ # dhcpd -t
Dalada Nidaamyada Internetka Serverka DHCP 4.3.1 Xuquuqda daabacaadda 2004-2014 Dalladda Nidaamyada Internetka. Xuquuqda daabacaadu way xifdisan. Faahfaahin, fadlan booqo https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf file Database: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid

xididka @ sayidka: ~ # systemctl dib u bilaabi bind9.service 
xididka @ sayidka: ~ # systemctl status bind9.service 

xididka @ master: ~ # systemctl bilaw isc-dhcp-server.service
xididka @ master: ~ # systemctl status isc-dhcp-server.service

ntp

xididka @ sayidka: ~ # aptitude rakib ntp ntpdate
xididka @ sayidka: ~ # cp /etc/ntp.conf /etc/ntp.conf.original
xididka @ sayidka: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable file filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable server 192.168.10.1 restrict -4 default kod notrap nomodify nopeer restert -6 asalka kod notrap nomodify nopeer noquery xaddidan 127.0.0.1 xaddidan :: 1 baahinta 192.168.10.255

xididka @ sayidka: ~ # systemctl dib u bilaabi ntp.service 
xididka @ sayidka: ~ # systemctl status ntp.service
xididka @ sayidka: ~ # ntpdate -u sysadmin.swl.fan
27 Meey 10:04:01 ntpdate [18769]: hagaaji waqtiga adeegaha 192.168.10.1 dejinta 0.369354 sec

Hubinta caalamiga ah ee ntp, bind9, iyo isc-dhcp-server

Laga soo bilaabo Linux, BSD, Mac OS, ama macmiilka Windows ka hubi in waqtiga si sax ah loo wada shaqeynayo. In ay hesho cinwaan IP firfircoon iyo in magaca martida loo xaliyo toos iyo dib u noqosho weydiimaha DNS. Beddel magaca macaamilka oo dib u samee dhammaan jeegagga. Ha sii wadin ilaa aad ka hubto in adeegyada ilaa hadda la rakibay ay si sax ah u shaqeynayaan. Wixii aan ku qornay dhammaan qodobbada ku saabsan DNS iyo DHCP Shabakadaha Kombiyuutarka ee loogu talagalay SMEs.

Rakibaadda NIS Server

xididka @ ustaad: ~ # muujinta kartida nis
Isku dhacyada: netstd (<= 1.26) Sharaxaad: macaamiisha iyo daemons ee Adeegga Macluumaadka Shabakadda (NIS) Baakadani waxay siisaa qalab loogu talagalay dejinta iyo dayactirka bogga NIS NIS, oo markii hore loo yaqaanay Yellow Pages (YP), waxaa badanaa loo isticmaalaa in lagu daayo dhowr mashiin oo shabakad wadaaga isla macluumaadka koontada, sida feylka sirta ah.

xididka @ sayidka: ~ # karti u rakib nis
Qaabeynta Xirmada Conf Nis Qaabeynta ├──────────────── │ Dooro NIS "magac domain" nidaamkan. Haddii aad rabto │ machine mishiinkaan inuu noqdo kaliya macaamil, waa inaad gashaa magaca domain │ NIS domain ee aad rabto inaad ku biirto. Ative │ │ │ Haddii kale, haddii mashiinkaan uu noqdo serverka NIS, waad "geli kartaa" magac "NIS cusub" ama "magaca" NIS │ │ domain jira. │ │ │ NIS Domain: │ │ │ │ swl.fan __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Waxay dib u dhigi doontaa taada maxaa yeelay qaabeynta adeegga uma jirto sida oo kale. Fadlan sug hawshu inay dhammaato.

xididka @ sayidkiisa: ~ # nano / iwm / default / nis
# Miyaynu nahay adeege NIS oo hadday sidaas tahay nooca (qiyamka: beenta, addoonka, sayidka)?
NISSERVER = sayid

root @ master: ~ # nano /etc/ypserv.securenets # safenets Faylkani wuxuu qeexayaa xuquuqda marin u helida adeegahaaga NIS # macaamiisha NIS (iyo adeegaha addoonta - ypxfrd sidoo kale wuxuu adeegsadaa # faylka). Faylkani wuxuu ka kooban yahay netmask / network labo. # Cinwaanka macaamiisha IP wuxuu u baahan yahay inuu la mid noqdo ugu yaraan mid ka mid ah kuwaas. # # Qof ayaa adeegsan kara erayga "host" halkii uu ka isticmaali lahaa shaashadda netka # 255.255.255.255. Kaliya cinwaanada IP ayaa loo oggol yahay faylkan # feyl, looma oggola magacyada martida loo yahay. # # Had iyo jeer u oggolow helitaanka localhost 255.0.0.0 127.0.0.0 # Khadkani wuxuu fursad u siinayaa qof walba. FADLAN SIXIR! # 0.0.0.0 0.0.0.0
255.255.255.0 192.168.10.0

xididka @ sayidka: ~ # nano / var / yp / Makefile # Miyay tahay inaan ku mideyno faylka passwd feylka hooska ah? # MERGE_PASSWD = run | been ah
MERGE_PASSWD = run

# Miyay tahay inaan ku milno faylka kooxda iyo gshadow file? # MERGE_GROUP = run | been ah
MERGE_GROUP = run

Waxaan dhiseynaa macluumaadka NIS

xididka @ sayidka: ~ # / usr / lib / yp / ypinit -m
Waqtigan xaadirka ah, waa inaan dhisnaa liistada martigaliyayaasha maamuli doona server-yada NIS. master.swl.fan wuxuu kujiraa liiska martigaliyayaasha serverka NIS. Fadlan sii wad inaad ku darto magacyada martida kale, midkiiba safkiiba. Markaad dhameyso liiska, qor a . martida xigta ee lagu daro: master.swl.fan martigeliyaha xiga ee lagu daro: Liiska hada ee server-yada NIS wuxuu u egyahay sidan: master.swl.fan Tani sax miyaa? [y / n: y] Waxaan u baahanahay daqiiqado yar si aan u dhisno keydka macluumaadka ... samee [1]: Ka tagida tusaha '/var/yp/swl.fan' master.swl.fan waxaa loo dejiyay inay noqoto server sare NIS . Hadda waxaad ku ordi kartaa ypinit -s master.swl.fan dhammaan serverka addoonta ah.

xididka @ master: ~ # systemctl dib u bilaabi nis
xididka @ master: ~ # systemctl status nis

Waxaan ku darnaa isticmaaleyaasha maxalliga ah

xididka @ sayidka: ~ # adduser bilbo
Ku darista isticmaalaha 'bilbo' ... Ku darista kooxda cusub 'bilbo' (1001) ... Ku darista isticmaale cusub 'bilbo' (1001) koox 'bilbo' ... Abuuritaanka galka guriga '/ home / bilbo' Ka guurinta feylasha `` / iwm / skel '' ... Gali lambarka sirta ah ee UNIX: Ku qor lambarka sirta ah ee cusub ee loo yaqaan 'UNIX': passwd: lambarka sirta ah oo si sax ah loo cusbooneysiiyey Beddelidda macluumaadka isticmaalaha bilbo Gali qiimaha cusub, ama riix ENTER si aad u isticmaasho default Magaca buuxa []: Bilbo Bacins Bag Number Number []: Telefoonka Shaqada []: Telefoonka Guriga []: Midkale []: Macluumaadku sax miyaa? [Y / n]

xididka @ sayidka: ~ # adduser wuu adkaynayaa xididka @ sayidka: ~ # adduser legolas

iyo wixii la mid ah.

xididka @ sayidka: ~ # farta legolas
Soo gal: legolas Magaca: Legolas Archer Directory: / home / legolas Shell: / bin / bash Weligaa ma soo galin. Boostada malahan Qorshe maleh.

Waxaan cusbooneysiineynaa macluumaadka NIS

xididka @ master: / var / yp # samee
samee [1]: Gelitaanka buugga '/var/yp/swl.fan' Cusbooneysiinta passwd.byname ... Cusbooneysiinta passwd.byuid ... Cusbooneysiinta kooxda.byname ... Cusbooneysiinta kooxda.byg ... Cusbooneysiinta netid.byname. .. Cusbooneysiinta shadow.byname ... La iska indhatiray -> ku milmay passwd samee [1]: Ka tagida tusaha '/var/yp/swl.fan'

Waxaan ku darnaa xulashooyinka NIS isc-dhcp-server

xididka @ sayidka: ~ # nano /etc/dhcp/dhcpd.conf
ddns-cusbooneysiin-qaab kumeel gaar ah; ddns-cusbooneysiinta; ddns-domainname "swl.fan."; ddns-rev-domainname "in-addr.arpa."; iska indhatir cusboonaysiinta macmiilka; cusbooneysiin-cusbooneysiin been ah; awood leh; ikhtiyaarka ip-gudbinta; ikhtiyaar ikhtiyaar ah magac-domain "swl.fan"; ka mid ah "/etc/dhcp/dhcp.key"; aagga swl.fan. {aasaasiga 127.0.0.1; furaha dhcp-key; } aagga 10.168.192.in-addr.arpa. {aasaasiga 127.0.0.1; furaha dhcp-key; } wadajirka-shabakadda dib-u-cusboonaysiinta {subnet 192.168.10.0 netmask 255.255.255.0 {option router 192.168.10.1; ikhtiyaar hoosaadka-maaskaro 255.255.255.0; ikhtiyaarka baahinta-cinwaanka 192.168.10.255; ikhtiyaar ikhtiyaar ah magac-magac-server 192.168.10.5; xulashada netbios-magaca-server 192.168.10.5; xulashada ntp-server 192.168.10.5; xulashada waqtiga-server 192.168.10.5;
                ikhtiyaarka nis-domain "swl.fan";
                ikhtiyaarka nis-server 192.168.10.5;
                baaxad 192.168.10.30 192.168.10.250; }}

xididka @ sayidka: ~ # dhcpd -t
xididka @ master: ~ # systemctl dib u bilaabi isc-dhcp-server.service

Rakibaadda Macmiilka NIS

  • Waxaan ka bilaabaynaa rakibid nadiif ah - oo aan lahayn shaxanka garaafka- ee Debian 8 "Jessie".
xidid @ mail: ~ # hostname -f
boostada.swl.fan

xididka @ mail: ~ # ip addr
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.9/24 brd 192.168.10.255 baaxadda qiyaasta caalamiga ah0

xididka @ mail: ~ # karti u rakib nis
xididka @ mail: ~ # nano /etc/yp.conf # # yp.conf Faahfaahinta faylka qaabsocodka ypbind. Waxaad ku qeexi kartaa halkaan # NIS server halkan gacanta haddii lagu heli waayo # baahinta shabaqa maxalliga ah (taas oo ah tan caadiga ah). # # Eeg bogga gacanta ee ypbind qaabeynta faylkaan. # # MUHIIM AH: "ypserver", isticmaal cinwaanada IP, ama hubi in # martida loo yahay ay ku jiraan / iwm / martigaliyayaasha. Faylkaan waxaa kaliya loo tarjumay # hal mar, hadii DNS uusan gaari karin wali ypserver # lama xalin karo ypbind waligiis kuma xirnaan doono serverka. # ypserver ypserver.network.com ypserver master.swl.fan domain swl.fan

xididka @ mail: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Qaabeynta tusaalaha ee GNU Magaca Adeegga Beddelka shaqeynta. # Haddii aad haysato xirmooyinka `` glibc-doc-reference '' iyo 'info' oo la rakibay, iskuday: # 'info libc "Magaca Adeeg Beddelashada' 'wixii macluumaad ah ee ku saabsan feylkaan. passwd: komishan nis group: kompreska nis shadow: kompanis nis gshadow: faylasha martida: faylasha dns shabakadaha nis: faylalka borotokoollada: db faylasha adeegyada: db faylasha ethers: db faylasha rpc: db faylasha netgroup: nis

xididka @ mail: ~ # nano /etc/pam.d/common-session
# pam-auth-update (8) wixii faahfaahin ah.
fadhiga ikhtiyaari pam_mkhomedir.so skel = / iwm / skel umask = 077
# waa kuwan modules-per xirmo ("Primary" block)

xididka @ mail: ~ # systemctl status nis
xididka @ mail: ~ # systemctl dib u bilaabi nis

Waxaan xireynaa fadhiga oo dib ayaan u bilaabi doonaa laakiin isticmaale ka diiwaan gashan diiwaanka NIS ee sayid.swl.fan.

xididka @ mail: ~ # bixitaanka
Ka bixida Xiriirinta boostada waa la xiray

buzz @ sysadmin: ~ $ ssh legolas @ mail
legolas @ mail's password: Abuurista buugga '/ home / legolas'. Barnaamijyada lagu soo daray nidaamka Debian GNU / Linux waa barnaamij bilaash ah; shuruudaha qaybinta saxda ah ee barnaamij kasta waxaa lagu sharaxay feylasha shaqsiyeed ee / usr / share / doc / * / copyright. Debian GNU / Linux waxay la imaanaysaa ABSOLUTELY NO WARRANTY, illaa inta uu oggol yahay sharciga khuseeya.
legolas @ mail: ~ $ pwd
/ guriga / legolas
legolas @ mail: ~ $ 

Waxaan bedeleynaa erayga sirta ah ee isticmaale legolas waana hubinaynaa

legolas @ mail: ~ $ yppasswd 
U badalida macluumaadka koontada NIS ee legolas on master.swl.fan. Fadlan qor lambarka sirta ah ee hore: legolas Beddelidda lambarka sirta ee NIS ee legolas ee ku yaal master.swl.fan. Fadlan gali furaha cusub: qaansada Fadlan qor lambarka sirta ah: Arquero2017 Fadlan dib u qor lambarka sirta ah: Arquero2017 Furaha sirta ah ee NIS ayaa lagu beddelay master.swl.fan.

legolas @ mail: ~ $ bixitaan
Ka bixida Xiriirinta boostada waa la xiray

buzz @ sysadmin: ~ $ ssh legolas @ mail
legolas @ lambarka sirta ah: Arquero2017

Barnaamijyada lagu soo daray nidaamka Debian GNU / Linux waa barnaamij bilaash ah; shuruudaha qaybinta saxda ah ee barnaamij kasta waxaa lagu sharaxay feylasha shaqsiyeed ee / usr / share / doc / * / copyright. Debian GNU / Linux waxay la imaanaysaa ABSOLUTELY NO WARRANTY, illaa inta uu oggol yahay sharciga khuseeya. Soo galitaankii ugu dambeeyay: Sabti May 27 12:51:50 2017 from sysadmin.swl.fan
legolas @ mail: ~ $

Adeegga NIS ee laga hirgeliyey serverka iyo heerka macmiilka si sax ah ayuu u shaqeeyaa.

LDAP

Ka yimid Wikipedia:

  • LDAP waa soo gaabinta loo yaqaan 'Protocol Protocol Protocol' ee loo yaqaan 'Lightweight Directory Access Protocol' oo loola jeedo borotokool heer-codsi ah oo u oggolaanaya helitaanka adeeg tusaha la dalbaday lana qaybiyey si looga raadiyo macluumaad kala duwan shabakadda deegaanka. LDAP sidoo kale waxaa loo tixgeliyaa xog-ururin (in kasta oo nidaam keydkeedu ka duwanaan karo) oo la weydiin karo.Tilmaamuhu waa shey go'an oo leh astaamo u habaysan qaab macquul ah iyo kala sarayn. Tusaalaha ugu caansan waa tusaha taleefanka, oo ka kooban magacyo taxane ah (dad ama ururo) oo qaab alifba leh loo kala habeeyey, iyadoo magac kasta cinwaankiisu ku yaallo iyo lambar taleefan oo ku lifaaqan. Si si fiican loo fahmo, waa buug ama fayl, oo dadka magacyadooda, lambarrada taleefannadooda iyo cinwaanadooda lagu qoro, loona kala habeeyo qaab alif ah.

    Geedka diiwaanka LDAP wuxuu mararka qaar ka tarjumaa xuduudaha siyaasadeed, juqraafi, ama urureed ee kala duwan, iyadoo kuxiran qaabka la xushay. Meelaynta LDAP ee hadda waxay u egtahay inay adeegsato magacyada Magaca Magaca Nidaamka (DNS) si ay u qaabeeyaan heerarka sare ee kala sarreynta. Markaad hoos u degto galka, galitaannada ayaa soo muuqan kara oo matalaya dadka, unugyada ururada, daabacayaasha, dukumiintiyada, kooxaha dadka, ama wax kasta oo matalaya gelitaan la siiyay geedka (ama galitaanno badan).

    Badanaa, waxay kaydisaa macluumaadka sugida (adeegsadaha iyo erayga sirta ah) waxaana loo isticmaalaa in lagu xaqiijiyo, in kasta oo ay suurtagal tahay in lagu kaydiyo macluumaad kale (xogta xiriirka isticmaalaha, meesha kheyraadka shabakadaha kala duwan, rukhsadaha, shahaadooyinka, iwm) Isku soo wada duuboo, LDAP waa borotokool mideysan oo marin loo heli karo oo ah nooc macluumaad ah oo shabakad ah.

    Nooca hadda jira waa LDAPv3, waxaana lagu qeexay RFCs RFC 2251 iyo RFC 2256 (dukumintiga saldhigga LDAP), RFC 2829 (habka xaqiijinta ee LDAP), RFC 2830 (kordhinta loogu talagalay TLS), iyo RFC 3377 (qeexitaan farsamo)

    .

Muddo dheer, borotokoolka 'LDAP' -iyo keydkiisa keydka ah ee la jaan qaadi kara ama aan la soconayn OpenLDAP- ayaa ah tan ugu badan ee laga isticmaalo inta badan nidaamyada aqoonsiga maanta. Tusaale ahaan bayaanka hore, waxaan hoos kuugusoo gudbineynaa qaar ka mid ah magacyada nidaamyada -Free ama kuwa Gaarka ah- ee u adeegsada keydka macluumaadka LDAP gadaal u dhigida shaygooda oo dhan:

  • OpenLDAP
  • Server Kaydka Apache
  • Diiwaanka Koofiyadaha Koofiyadaha Cas - 389 DS
  • Adeegyada Tusaha Novell - eDirectory
  • SUN Microsystem Furan DS
  • Maareeyaha Aqoonsiga Koofiyad Cas
  • FreeIPA
  • Samba NT4 Classic Domain maamusha.
    Waxaan dooneynaa inaan cadeeyno in nidaamkan uu ahaa mid horumarineed oo ay sameysay Kooxda Samba oo leh Samba 3.xxx + OpenLDAP sida backend. Microsoft waligeed ma hirgelin wax lamid ah. Waxaa laga soo booday NT 4 Maamulayaasha Domain-ka oo tagaya Diiwaanadooda Firfircoon
  • Samba 4 Tusaha Firfircoon - qandaraasle Domain
  • ClearOS
  • Zentyal
  • Macaamiisha Shirkadaha ee UCS Uninvention Corporate
  • Microsoft Directory Tusaha

Hirgelinta kasta waxay leedahay astaamo u gaar ah, tan ugu caansan uguna habboon waa OpenLDAP.

Tusaha firfircoon, ha ahaado asalka Microsoft ama midka ka socda Samba 4, wuxuu ka kooban yahay urur dhowr qaybood oo waaweyn oo kala ah:

Waa inaanan isku qaldin a Adeegga Tusaha o Adeegga Tusaha oo leh a Tusaha Hawl-galka o Diiwaanka Firfircoon. Midda hore ayaa martigelin karta ama martigelin karta aqoonsiga Kerberos, laakiin ma bixiyaan adeegga Microsoft Network ee Windows Domain uu bixiyo, sidoo kalena ma laha Windows Domain Controller sida oo kale.

Adeegga Tusaha ama Adeegga Diiwaanka waxaa loo isticmaali karaa in lagu xaqiijiyo adeegsadayaasha shabakad isku dhafan oo leh macaamiisha UNIX / Linux iyo Windows. Tan dambe, barnaamij waa in lagu rakibaa macmiil kasta oo u shaqeeya sida dhex dhexaadiyaha Adeegga Diiwaanka iyo macmiilka Windows laftiisa, sida Software Free. bogga.

Adeegga Tusaha leh OpenLDAP

  • Waxaan ka bilaabaynaa rakibid nadiif ah - oo aan lahayn shaxanka garaafka- ee Debian 8 "Jessie", isla magaca mashiinka "master" ee loo isticmaalo rakibida NIS, iyo sidoo kale qaabeynta isku xirnaanta shabakadeeda iyo faylka /etc/resolv.conf. Serverkan cusub waxaan ku rakibnay 'ntp', bind9 iyo isc-dhcp-server, adigoon ilaawin jeegaga caalamiga ah ee hawlgalka saxda ah ee seddexdii adeeg ee hore..
xididka @ sayidka: ~ # aptitude rakibi slapd ldap-utils

Qaabeynta xirmada

──────────── Qaabeynta Slapd Gali lambarka sirta ah ee gelitaanka maamulka ee galkaaga LDAP │ │. Password │ │ password Furaha maamulka: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘

Waxaan hubinnaa qaabeynta bilowga ah

xididka @ sayidka: ~ # dharbaaxo
dn: dc = swl, dc = taageere
Ujeeddo: cn = admin, dc = swl, dc = gelitaanka taageere abuurTimestamp8510708: 8 Magaca: cn = admin, dc = swl, dc = taageere wax ka bedel T #Testestamp: 1036Z

dn: cn = maamulka, dc = swl, dc = taageere
objectClass: simpleSecurityObject objectClass: organizationalRole CN: description admin: maamulka LDAP userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e-da8fe1036e-entrySw8d-2-dm71c-022-entrySw16904e-da20170531205219fe-20170531205219.834422-entry-000000-fancimes-c000emp000000a20170531205219-entrySwXNUMX -cXNUMXempXNUMXeXNUMXpmTmlYOVhKSUXNUMX-galitaanka-XNUMXc-XNUMX-f-XNUMX-galid-XNUMX-c-XNUMX-fcf-XNUMX-galid-XNUMX-cXNUMX-daXNUMXfe-XNUMX-galid-XNUMX-xilliyada-gelitaanka-XNUMX-gal-ufr-ole -entry: XNUMXZ # XNUMX # XNUMX # XNUMX modifiersName: cn = admin, dc = swl, dc = fan modifyTimestamp: XNUMXZ

Waxaan wax ka badalnaa faylka /etc/ldap/ldap.conf

xididka @ sayidka: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = fan URI    ldap: // localhost

Unugyada Abaabulka iyo guud ahaan kooxda «adeegsadayaasha»

Waxaan ku darnaa ugu yaraan Unugyada Aasaasiga ah ee lagama maarmaanka ah, iyo sidoo kale kooxda 'Posix group' isticmaaleyaasha '' oo aan ka wada dhigi doonno dhammaan xubnayaasha, iyadoo la raacayo tusaalayaasha nidaamyo badan oo leh kooxda «users«. Waxaan ku magacawnay magaca «adeegsadayaasha» si aysan u gelin khilaafyada suurtagalka ah ee kooxda «user"ee nidaamka.

xididka @ sayidka: ~ # nano base.ldif
dn: ou = dadka, dc = swl, dc = fan objectClass: ururUnit ou: dadka dn: ou = kooxaha, dc = swl, dc = fan objectClass: ururUnit ou: kooxaha dn: cn = isticmaaleyaasha, ou = kooxaha, dc = swl, dc = fan fanClass: posixGroup cn: isticmaaleyaasha gidNumber: 10000

xididka @ sayidka: ~ # ldapadd -x -D cn = admin, dc = swl, dc = taageere -W -f base.ldif
Gali LDAP Password: adoo kudaraya gelitaan cusub "ou = dadka, dc = swl, dc = fan" kudaritaanka gelitaanka cusub "ou = groups, dc = swl, dc = fan"

Waxaan hubineynaa waxyaabaha lagu daray

xididka @ master: ~ # ldapsearch -x ou = dadka
# dadka, swl.fan dn: ou = dadka, dc = swl, dc = fan shayga Fasalka: abaabulkaUnit ou: dadka

xididka @ sayidka: ~ # ldapsearch -x ou = kooxo
# kooxaha, swl.fan dn: ou = kooxaha, dc = swl, dc = fan shayga Fasalka: abaabulkaUnit ou: kooxaha

xididka @ master: ~ # ldapsearch -x cn = isticmaaleyaasha
# isticmaalayaasha, kooxaha, swl.fan dn: cn = isticmaaleyaasha, ou = kooxaha, dc = swl, dc = fan shay Fasalka: posixGroup cn: isticmaaleyaasha gidNumber: 10000

Waxaan ku darnaa dhowr isticmaale

Furaha sirta ah ee ay tahay inaan ku caddeynno LDAP waa in lagu helaa amarka dharbaaxid, kaas oo soo celiya furaha sirta ah ee SSHA.

Furaha sirta ah ee isticmaalahu wuu dhacaa:

xididka @ sayidka: ~ # slappasswd 
Furaha cusub: Dib-u-qor lambarka sirta ah: 
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp

Furaha sirta ah ee legolas isticmaale

xididka @ sayidka: ~ # slappasswd 
Furaha cusub: Dib-u-qor lambarka sirta ah: 
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD

Furaha sirta ah ee isticmaalaha gandalf

xididka @ sayidka: ~ # slappasswd 
Furaha cusub: Dib-u-qor lambarka sirta ah: 
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u

xididka @ master: ~ # nano users.ldif
dn: uid = strides, ou = dadka, dc = swl, dc = fan fanClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides givenName: Strides sn: El Rey userPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
uidNumber: 10000 gidNumber: 10000 mail: trancos@swl.fan
gecos: Login Strider El ReyShell: / bin / bash homeDirectory: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cname : Legolas sn: Isticmaalaha Qaansada {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
uidNumber: 10001 gidNumber: 10000 mail: legolas@swl.fan
gecos: Login Legolas LoginShell: / bin / bash homeDirectory: / home / legolas dn: uid = gandalf, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: ojijiAccount uid: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname Gandalf sn: Isticmaalaha saaxirPassword: {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
uidNumber: 10002 gidNumber: 10000 mail: gandalf@swl.fan
gecos: Gandalf The Wizard loginShell: / bin / bash homeTilmaamaha: / guriga / gandalf

xididka @ master: ~ # ldapadd -x -D cn = maamulka, dc = swl, dc = taageere -W -f isticmaalayaasha.ldif
Gali LDAP Password: adoo kudaraya gelitaan cusub "uid = strides, ou = dadka, dc = swl, dc = fan" kudaritaanka gelitaanka cusub "uid = legolas, ou = dadka, dc = swl, dc = fan" kudarista gelitaanka cusub "uid = gandalf, ou = dadka, dc = swl, dc = taageere "

Waxaan hubineynaa waxyaabaha lagu daray

xididka @ sayidka: ~ # ldapsearch -x cn = tillaabooyin
xididka @ sayidka: ~ # ldapsearch -x uid = tillaabooyin

Waxaan ku maareynaa keydka xogta loo yaqaan 'slpad database' koronto-qabatada

Waxaan dooranaa xirmada qoraallada hawshan oo kale. Nidaamka rakibidda iyo qaabeynta waa sida soo socota:

xididka @ sayidka: ~ # aptitude rakibi ldapscripts
 
xididka @ sayidka: ~ # mv /etc/ldapscripts/ldapscripts.conf \
/etc/ldapscripts/ldapscripts.conf.original
 
xididka @ Master: ~ # nano /etc/ldapscripts/ldapscripts.conf
SERVER = localhost BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = kooxo' USUFFIX = 'ou = dadka' # MSUFFIX = 'ou = Computers' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # Macaamiilka OpenLDAP wuxuu amra LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELE / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixGroup = "/ iwm iwm" /ldapadduser.template "PASSWORDGEN =" echo% u "

Ogsoonow in qoraallada ay adeegsanayaan amarrada xirmada ldap-maacuunta. Orod dpkg -L ldap-utils | saliid / bin si loo ogaado waxa ay yihiin.

xididka @ sayidka: ~ # sh -c "echo -n 'admin-password'> \
/etc/ldapscripts/ldapscripts.passwd "
 
xididka @ sayidka: ~ # chmod 400 /etc/ldapscripts/ldapscripts.passwd
 
xididka @ sayidka: ~ # cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \
/etc/ldapscripts/ldapadduser.template
 
xididka @ sayidka: ~ # nano /etc/ldapscripts/ldapadduser.template
dn: uid = , , shay: fasalka: inetOrgPerson shay: fasalka: posix cn: Magac: sn: Magaca: Tirada: gidNumber: 10000 guri Shell: boostada: @ abdisalamismaXNUMX sharaxaad: Account Account
 
xididka @ Master: ~ # nano /etc/ldapscripts/ldapscripts.conf
## waxaan ka saareynaa faallada UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"

Waxaan ku darnaa isticmaalaha "bilbo" waxaanan ka dhigeynaa xubin ka mid ah kooxda "isticmaaleyaasha"

xididka @ sayidka: ~ # ldapadduser isticmaalayaasha bilbo
[dn: uid = bilbo, ou = dadka, dc = swl, dc = fan] Gali qiimaha "la siiyayName": Bilbo [dn: uid = bilbo, ou = dadka, dc = swl, dc = fan] Gali qiimaha " sn ": Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Gali qiimaha" displayName ": Bilbo Bagins waxay si guul leh ugu dartay isticmaalaha bilbo LDAP Si habsami leh ayaa loo dejiyay erayga sirta ah ee isticmaala bilbo

xididka @ sayidka: ~ # ldapsearch -x uid = bilbo
# bilbo, dadka, swl.fan dn: uid = bilbo, ou = dadka, dc = swl, dc = fan waxClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins ShowName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / home / bilbo loginShell: / bin / bash mail: bilbo@swl.fan
gecos: bilbo description: Koontada isticmaalaha

Si aad u aragto hashka erayga sirta ah ee isticmaalaha bilbo, waxaa lagama maarmaan ah in la sameeyo weydiinta iyadoo la adeegsanayo xaqiijin:

xididka @ sayidka: ~ # ldapsearch -x -D cn = maamulka, dc = swl, dc = taageer -W uid = bilbo

Si loo tirtiro isticmaale bilbo waxaan fulinaa:

xididka @ master: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = taageer -W uid = bilbo, ou = dadka, dc = swl, dc = taageere
Gali LDAP Password:

xididka @ sayidka: ~ # ldapsearch -x uid = bilbo

Waxaan ku maareynaa keydka macluumaadka ee loo yaqaan 'slapd database' iyada oo loo marayo interface interface

Waxaan leenahay Adeeg Tusaha Waxqabadka, waxaanan dooneynaa inaan si fudud u maamulno. Waxaa jira barnaamijyo badan oo loogu talagalay hawshan, sida phpldapadmin, Maamulaha ldap-account, iwm, kuwaas oo si toos ah looga heli karo keydadka. Waxaan sidoo kale ku maamuli karnaa Adeegga Diiwaanka iyada oo loo marayo Hagaha Apache Studio, oo ay tahay inaan ka soo dejino internetka.

Wixii macluumaad dheeraad ah, fadlan booqo https://blog.desdelinux.net/ldap-introduccion/, iyo 6da qodob ee soo socda.

Macaamiisha LDAP

Marxalad:

Waxaad dhahdaa waxaan leenahay kooxda boostada.swl.fan sidii adeegaha boostada loo hirgeliyey sidii aan ku aragnay maqaalka Postfix + Dovecot + Squirrelmail iyo isticmaaleyaasha maxalliga ah, oo inkasta oo lagu horumariyey CentOS, haddana waxay u noqon kartaa tilmaan Debian iyo Linux distros kale oo badan. Waxaan rabnaa taas, marka lagu daro isticmaaleyaasha maxalliga ah ee aan horay u soo sheegnay, isticmaalayaasha ku keydsan xogta OpenLDAP ee jira sayid.swl.fan. Si loo gaaro waxa kor ku xusan waa inaan «khariidada ka bax»Ku socota isticmaalayaasha LDAP ee isticmaalayaasha maxalliga ah ee serverka ah boostada.swl.fan. Xalkani wuxuu sidoo kale ansax u yahay adeeg kasta oo ku saleysan xaqiijinta PAM. Nidaamka guud ee loogu talagalay Debian, waa kuwan soo socda:

root @ mail: ~ # aptitude rakibi libnss-ldap libpam-ldap ldap-utils

  ┌────────────────────┤ Qaabeynta libnss-ldap │ Gali URI ("Aqoonsiga Aqoonsiga Midaysan", ama │ │ Uniform Resource Aqoonsiga) ee serverka LDAP. Xarigaani wuxuu lamid yahay │ │ «ldap: //: / ». Sidoo kale waad isticmaali kartaa «ldaps: // » ama "ldapi: //". Lambarka dekedda waa ikhtiyaari. │ │ │ │ Waxaa lagugula talinayaa inaad isticmaasho cinwaan IP ah si looga fogaado guuldarada marka adeegyada magaca domain estén │ aan la heli karin. │ │ │ server LDAP URI: │ │ │ │ ldap: //master.swl.fan__________________________________________________ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────────── ┤ Qaabeynta libnss-ldap Gali magaca caanka ah (DN) ee saldhiga raadinta LDAP. Bogag badan ayaa u adeegsada magacyada qaybaha magac ujeedadan. Tusaale ahaan, cinwaanka "example.net" wuxuu u isticmaali lahaa │ │ "dc = tusaale, dc = net" inuu yahay magaca caanka ah ee saldhiga raadinta. │ │ │ │ Magaca caanka ah (DN) ee saldhiga raadinta: │ │ │ │ dc = swl, dc = fan ____________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libnss-ldap Gali nooca borotokoolka LDAP ee ldapns ay tahay inuu isticmaalo. Waxaa lagu talinayaa │ │ in la isticmaalo nambarka nooca ugu sareeya ee la heli karo. Version │ │ │ LDAP nooca loo isticmaalo: │ │ │ │                                     3                                     2 XNUMX │ │ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libnss-ldap │ Xulo koontada loo isticmaali doono nss weydiimaha leh with privile mudnaanta xididka. │ │ │ Fiiro gaar ah: Doorashadan si ay u shaqeyso, koontadu waxay u baahan tahay rukhsad si 'ay u awoodo inay gasho sifooyinka LDAP ee laxiriira gelitaanka isticmaalaha' shadow hooska 'iyo sidoo kale furaha ereyada isticmaaleyaasha iyo kooxaha' │ . DA │ │ │ LDAP xisaabteeda xididka: │ │ │ │ cn = admin, dc = swl, dc = fan ___________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libnss-ldap │ Gali lambarka sirta ah ee la adeegsanayo marka libnss-ldap uu isku dayo inuu │ │ u xaqiijiyo galka LDAP oo leh koontada LDAP ee xididka. │ │ │ │ Furaha sirta ah waxaa lagu keydin doonaa feyl gooni ah │ │ ("/etc/libnss-ldap.secret") oo kaliya xididka uu gali karo. │ │ │ Haddii aad gasho eray sir ah oo faaruq ah, ereygii hore ayaa dib loo isticmaali doonaa. │ │ │ Furaha erayga xididka LDAP: │ │ │ │ ******** **** │ │ │ │ │ │ └────────────────────────────────────────────── ┌──────────────────── ─┤ Qaabeynta libnss-ldap Ss │ │ │ nsswitch.conf si otomaatig ah looma maamulin │ │ │ │ Waa inaad wax ka bedeshaa feylkaaga "/etc/nsswitch.conf" si aad u isticmaasho xogta LDAP haddii aad rabto xirmada libnss-ldap inay shaqeyso. │ │ Waxaad u isticmaali kartaa faylka muunada ah │ │ ee "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" tusaale ahaan qaabka qaabeynta nsswitch ama │ │ waad ku koobiyeyn kartaa qaabka aad hada u shaqeyso. │ │ │ │ Ogsoonow ka hor intaadan ka bixin xirmadan inay habboon tahay in "laga saaro" ldap "galka faylka nsswitch.conf si adeegyada aasaasiga ah │ │ ay usii shaqeeyaan. │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libpam-ldap Option │ │ │ Ikhtiyaarkani wuxuu u oggolaanayaa aaladda sirta ah adoo adeegsanaya PAM inay beddelaan furayaasha maxalliga ah. │ │ │ │ Furaha erayga koontada maareeyaha LDAP waxaa lagu kaydinayaa │ │ fayl gooni ah oo uu akhrin karo maamulka oo keliya. │ │ │ Ikhtiyaarigani waa inuu naafo yahay, haddii uu sii kordhayo "/ iwm" iyada oo loo marayo NFS. You │ │ │ Ma rabtaa inaad u oggolaato koontada maamulka LDAP inay u dhaqanto sidii administ administ maamulka deegaanka? │ │ │                                            │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libpam-ldap │ │ │ Xulo haddii serverka LDAP uu ku qasbo aqoonsi kahor intaadan helin gelinta entradas. │ │ setting Dejintani waa dhif in loo baahdo. User │ │ │ Isticmaalaha ma looga baahan yahay inuu marin u helo macluumaadka LDAP? │ │ │                                               │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libpam-ldap │ Gali magaca koontada maamulka LDAP. Account │ │ │ Koontadan waxaa si otomaatig ah loogu isticmaali doonaa maareynta keydka macluumaadka, │ │ waa inay lahaataa mudnaanta maamul ee ku habboon. Account │ │ │ Xisaabta maamulka LDAP: │ │ │ │ cn = admin, dc = swl, dc = fan ___________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Qaabeynta libpam-ldap Gali lambarka sirta ah ee xisaabta maamulka. │ │ │ │ Furaha sirta ah waxaa lagu keydin doonaa feylka "/etc/pam_ldap.secret". Maamulaha │ │ ayaa ah kan kaliya ee aqrin kara feylkaan, wuxuuna u ogolaan doonaa │ │ libpam-ldap inuu si otomaatig ah u xakameeyo maareynta isku xirnaanta keydka │ │. │ │ │ Hadaad ka tagto goobtan maran, furaha hore ee la keydiyey │ │ markale ayaa la isticmaali doonaa. Password │ │ │ Furaha maamulka LDAP: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

xididka @ mail: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Qaabeynta tusaalaha ee GNU Magaca Adeegga Beddelka shaqeynta. # Haddii aad haysatid xirmooyinka `` glibc-doc-reference '' iyo 'info' oo la rakibay, iskuday: # 'info libc "Magaca Adeeg Beddelashada' 'wixii macluumaad ah ee ku saabsan feylkaan. passwd: isbarbar dhig ldp
koox: iswaafajin ldp
hooska: iswaafajinta ldp
gshadow: faylasha martigaliyayaasha: faylasha ds shabakadaha: faylalka maamuuska: db faylasha adeegyada: db faylasha ethers: db faylasha rpc: db faylasha netgroup: nis

Aynu wax ka bedelno feylka /etc/pam.d/ kommon-password, waxaan aadeynaa sadarka 26 oo aan baabi'ineynaa qiimaha «adeegso_authtok":

xididka @ mail: ~ # nano /etc/pam.d/common-password
# # /etc/pam.d/common-password - modullada laxiriira ereyada sirta ah ee guud ahaan adeegyada oo dhan # # Faylkan waxaa lagu soo daray faylalka kale ee gaarka u ah adeegyada PAM, # oo waa inuu kujiraa liistada modululada qeexaya adeegyada inay yihiin # loo isticmaali jiray in lagu beddelo lambarka sirta ah ee isticmaalaha. Asalku waa pam_unix. # Sharaxa xulashooyinka pam_unix: # # Xulashada "sha512" waxay awood u siineysaa furayaasha sirta ah ee SHA512. Ikhtiyaar la'aan, # asalka waa Unix crypt. Sii-deynta hore waxay isticmaaleen xulashada "md5". # # Xulashada "dahsoon" ayaa badalaysa ikhtiyaartii hore ee '' OBSCURE_CHECKS_ENAB 'ee # login.defs. # # Eeg bogga pam_unix ee xulashooyinka kale. # Laga bilaabo pam 1.0.1-6, feylkaan waxaa maareeya pam-auth-update asal ahaan. # Si aad uga faa'iideysato tan, waxaa lagugula talinayaa inaad qaabeysid wax kasta oo # astaamaha deegaanka ah kahor ama ka dib dabaqadda hore, isticmaalna # pam-auth-update si aad u maamusho xulashada qaybaha kale. Ka eeg # pam-auth-update (8) wixii faahfaahin ah. # waa kuwan modules-per xirmo ("Primary" block) password [guul = 2 default = iska indha] pam_unix.so mugdi sha512
ereyga sirta ah [guusha = 1 user_unknown = iska indhatir default = dhinto] pam_ldap.so try_first_pass
# waa kan dib u dhaca haddii qaybna uusan ku guuleysan lambarka sirta ah ee loo baahan yahay pam_deny.so # ra'iisul ku xirnaanta qiime celin wanaagsan haddii aysan jirin mid horay u jirtay; # tani waxay naga ilaalinaysaa inaan soo celino qaladka maxaa yeelay waxba ma dejinayaan nambarka guusha # maxaa yeelay modullada kor ku xusan mid walba wuxuu ku boodayaa lambarka sirta ah ee loo baahan yahay pam_permit.so # waxaana halkan ku jira qaybo badan oo xirmo xirmo ah ("Dheeraad ah" block) # dhamaadka pam- isku xidhka auth-update

Haddii aan u baahanahay Soo-galinta Maxalliga ah ee isticmaalayaasha ku kaydsan LDAP, waxaanan dooneynaa in faylkooda si otomaatig ah loo abuuro guriga, waa inaan tafatirnaa feylka /etc/pam.d/ kulan-caadi ah oo kudar sadarka soo socda dhamaadka feylka:

fadhiga ikhtiyaari pam_mkhomedir.so skel = / iwm / skel umask = 077

Tusaalaha Adeegga Tusaha Furan ee OpenLDAP ayaa horay loo soo saaray, isticmaalaha kaliya ee deegaanka ee la abuuray ayaa ahaa isticmaalaha buzz, inta aan ku jirno LDAP waxaan abuureynaa isticmaaleyaasha tallaabo, Legolas, gandalfiyo bilbo. Haddii qaabeynta ilaa hadda la sameeyay ay sax tahay, markaa waa inaan awoodnaa inaan liis garaynno adeegsadayaasha maxalliga ah iyo kuwa khariidaysan sida kuwa maxalliga ah laakiin ku kaydsan serverka fog ee LDAP:

xididka @ mail: ~ # passwd 
buzz: x: 1001: 1001: Buzz Debian First OS ,,,: / guriga / buzz: / bin / bash
Strides: x: 10000: 10000: Strides El Rey: / guri / strides: / bin / bash
legolas: x: 10001: 10000: Legolas Qaansada: / guriga / legolas: / bin / bash
gandalf: x: 10002: 10000: Gandalf Wizard: / guri / gandalf: / bin / bash
bilbo: x: 10003: 10000: bilbo: / home / bilbo: / bin / bash

Ka dib isbeddelada ku saabsan aqoonsiga nidaamka, waa ansax in dib loo bilaabo serverka haddii kale waxaan la kulannaa adeeg muhiim ah:

xididka @ mail: ~ # reboot

Goor dambe ayaannu bilaabaneynaa kalfadhi maxalli ah oo ku saabsan serverka boostada.swl.fan leh aqoonsiga isticmaale ee ku kaydsan xogta LDAP ee sayid.swl.fan. Waxaan sidoo kale isku dayi karnaa inaan ka galno dhanka SSH.

 

buzz @ sysadmin: ~ $ ssh gandalf @ mail
gandalf @ mail's password: Abuurista buugga '/ home / gandalf'. Barnaamijyada lagu soo daray nidaamka Debian GNU / Linux waa barnaamij bilaash ah; shuruudaha qaybinta saxda ah ee barnaamij kasta waxaa lagu sharaxay feylasha shaqsiyeed ee / usr / share / doc / * / copyright. Debian GNU / Linux waxay la imaanaysaa ABSOLUTELY NO WARRANTY, illaa inta uu oggol yahay sharciga khuseeya.
gandalf @ mail: ~ $ su
Contraseña:

xididka @ mail: / guriga / gandalf # kooxda gunta
buzz: x: 1001: isticmaaleyaasha: *: 10000:

xididka @ mail: / guriga / gandalf # bixitaanka
bixitaanka

gandalf @ mail: ~ $ ls -l / guri /
wadarta 8 drwxr-xr-x 2 guux buzz     4096 Jun 17 12:25 buzz drwx ------ 2 isticmaalayaasha gandalf 4096 Jun 17 13:05 gandalf

Adeegga Tusaha ee laga hirgeliyey serverka iyo heerka macmiilka, wuxuu u shaqeeyaa si sax ah.

Kerberos

Ka yimid Wikipedia:

  • Kerberos waa borotokool xaqiijin shabakad kumbuyuutar oo ay abuurtay MIT taas oo u oggolaanaysa laba kombuyuutar shabakad amni-darro ah inay si ammaan ah isu caddeeyaan midba midka kale. Naqshadeeyayaasheeda waxay markii hore diirada saareen qaabka macmiilka iyo serverka, waxayna siisaa xaqiijin wadaag ah: macmiilka iyo serverkuba waxay xaqiijinayaan aqoonsiga midba midka kale. Fariimaha xaqiijinta waa la ilaaliyaa si looga hortago gogoldhig y weerarada ku celiska ah.

    Kerberos wuxuu ku saleysan yahay asturnaanta muuqaalka muuqaalka muuqaalka oo wuxuu u baahan yahay dhinac saddexaad oo lagu kalsoon yahay. Intaa waxaa sii dheer, waxaa jira kordhin loo sameeyo borotokoolka si loo awoodo in loo isticmaalo asturnaanta furaha asymmetric.

    Kerberos wuxuu ku saleysan yahay Borotokoolka Needham-Schroeder. Waxay adeegsaneysaa dhinac saddexaad oo lagu kalsoon yahay, oo loo yaqaan "Xarun Qaybinta Key" (KDC), oo ka kooban laba qaybood oo macquul ah: "Server Xaqiijinta" (AS ama Server Xaqiijin) iyo a «server soo saaraya tigidhada» (TGS ama Adeegga Bixinta Tigidhada) ). Kerberos wuxuu ku shaqeeyaa saldhigga "tigidhada", oo u adeegaya in lagu caddeeyo aqoonsiga dadka isticmaala.

    Kerberos wuxuu hayaa xog ururin furayaasha sirta ah; Hay'ad kasta oo shabakadda ka mid ah - ha noqoto macmiil ama adeege - waxay la wadaagtaa fure sir ah oo keligiis iyo Kerberos og yihiin. Aqoonta furahan waxay u adeegtaa si loo caddeeyo aqoonsiga cidda. Xiriirka labada dhinac, Kerberos wuxuu abuuraa fure kulan, oo ay ugu adeegsan karaan inay ku hubiyaan dhibaatooyinkooda.

Faa'iido darrooyinka Kerberos

De La soo saaray:

In kastoo Kerberos wuxuu meesha ka saaraa halista guud ee amniga, way adkaan kartaa in la fuliyo sababo kala duwan awgood:

  • Ka guurista ereyada sirta ah ee isticmaalaha xogta caadiga ah ee sirta ah UNIX, sida / iwm / passwd ama / iwm / hooska, keydka keydka sirta ah ee Kerberos, ayaa noqon kara mid caajis badan mana jiro farsamo dhaqso leh oo lagu fuliyo howshan.
  • Kerberos wuxuu u maleynayaa in isticmaale kasta lagu kalsoon yahay, laakiin wuxuu adeegsanayaa mashiin aan aaminin oo ku saabsan shabakad aan la aaminin. Ujeeddadeeda ugu weyni waa in laga hortago furayaasha sirta ah ee aan la qarin in laga diro shabakadda. Si kastaba ha noqotee, haddii isticmaale kale, marka laga reebo isticmaalaha ku habboon, uu marin u heli karo mashiinka tikidhada (KDC) si loo xaqiijiyo, Kerberos wuxuu ku jiraa Khatar.
  • Codsiga loo adeegsanayo Kerberos, nambarka waa in wax laga beddelaa si loogu yeero wicitaannada maktabadaha Kerberos. Codsiyada qaabkan wax looga beddelay waxaa loo tixgeliyaa inay yihiin kuwo khariban. Codsiyada qaarkood, tani waxay noqon kartaa dadaal barnaamij xad-dhaaf ah, oo ay ugu wacan tahay cabirka arjiga ama Naqshaddiisa. Codsiyada kale ee aan is-qaadan karin, waa in isbeddelo lagu sameeyaa habka server network-ka iyo macaamiishiisu u wada xiriiraan; mar labaad, tani waxay qaadan kartaa xoogaa barnaamij ah. Guud ahaan, codsiyada isha laga xiro ee aan haysan taageerada Kerberos badanaa waa kuwa ugu dhibaatada badan.
  • Ugu dambeyntiina, haddii aad go'aansato inaad ku isticmaasho Kerberos shabakaddaada, waa inaad ogaataa inay tahay wax la doorto ama aan waxba ahayn. Haddii aad go'aansato inaad ku isticmaasho Kerberos shabakaddaada, waa inaad xusuusnaataa in haddii lambarro sir ah loo gudbiyo adeeg aan adeegsanayn Kerberos si loo xaqiijiyo, waxaad khatar ugu jirtaa in baakadka laga hortago. Marka, shabakadaadu wax faa iido ah kama heli doonto adeegsiga Kerberos. Si loo hubiyo shabakaddaada Kerberos, waa inaad isticmaashaa oo keliya noocyada kerberized ee dhammaan macaamiisha / barnaamijyada server-ka ee soo diro furaha sirta ah ee aan la qarin ama aan loo isticmaalin mid ka mid ah barnaamijyadan shabakadda..

Gacan ku qabashada iyo isku habeynta OpenLDAP sida Kerberos Back-End ma ahan hawl fudud. Si kastaba ha noqotee, mar dambe waxaan arki doonnaa in Samba 4 Tusaha Firfircoon - Xakameynta Domain ay ku milmaan qaab hufan oo loogu talagalay Sysadmin, server-ka DNS, Shabakadda Microsoft iyo Maamulaha Domain-ka, LDAP server-ka oo ah Dhamaadka Dhammaan waxyaalaheeda, iyo adeegga xaqiijinta ee ku saleysan Kerberos oo ah qaybaha aasaasiga ah ee Tilmaamaha Firfircoon ee Microsoft-style.

Ilaa maanta uma baahnin baahi loo qabo in aan hirgalino "Shabakad Kerberized ah". Tani waa sababta aynaan wax uga qorin sida loo fuliyo Kerberos.

Samba 4 Tusaha Firfircoon - Maamulaha Domain

Muhiim:

Ma jiro dukumiinti ka fiican goobta wiki.samba.org. Sysadmin waxay u qalantaa milixdeeda inay booqato goobtaas - oo Ingiriis ah- oo ay baaraan bogagga tirada badan ee gebi ahaanba loogu talagalay Samba 4, oo ay qortay Team Samba laftiisa. Ma aaminsani inay jiraan dukumiintiyo laga heli karo internetka si loogu beddelo. By habka, u fiirso tirada booqashooyinka ka muuqda hoose ee bog kasta. Tusaale ahaan tan ayaa ah in boggaaga weyn ama «Main Page» la booqday 276,183 jeer illaa maanta oo ay taariikhdu tahay Juun 20, 2017 saacadda 10:10 Waqtiga Bariga. Intaas waxaa sii dheer, dukumintiyada waxaa loo hayaa si aad u casriyeysan, maadaama boggaas wax laga beddelay Juun 6.

Ka yimid Wikipedia:

Samba waa hirgelin bilaash ah Microsoft Windows File Sharing Protocol (horey loo oran jiray SMB, oo dhawaan loo bixiyay CIFS) nidaamyada u eg UNIX. Sidan oo kale, waxaa suurtagal ah in kombiyuutarada leh GNU / Linux, Mac OS X ama Unix guud ahaan ay u egyihiin server ama u macaamilaan macaamiil ahaan shabakadaha Windows. Samba sidoo kale waxay u oggolaaneysaa dadka isticmaala inay u ansixiyaan inay yihiin Maamulaha Aasaasiga ah ee Aasaasiga ah (PDC), xubin xubin ahaan iyo xitaa sida cinwaan firfircoon ee shabakadaha Windows-ku saleysan; marka laga reebo inay awood u leedahay inay u adeegto safafka daabacan, tusaha la wadaago oo lagu xaqiijiyo keydkeeda isticmaale.

Nidaamyada Unix-u eg ee Samba lagu maamuli karo waxaa ka mid ah qeybinta GNU / Linux, Solaris iyo noocyada kala duwan ee BSD in aan ka heli karno Apple's Mac OS X Server.

Samba 4 AD-DC oo leh DNS Gudaha ah

  • Waxaan ka bilaabaynaa rakibid nadiif ah - oo aan lahayn shaxanka garaafka- ee Debian 8 "Jessie".

Jeegaga hore

xididka @ master: ~ # magaca martida
Master
xididka @ master: ~ # magaca martida --fqdn
sayid.swl.fan
xididka @ sayidka: ~ # ip addr
1: waa maxay: mtu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 baaxada martida lo ansax_lft weligiis doorbidaa_lft weligiis inet6 :: 1/128 baaxada martigeliyaha ansax_lft weligiis doorbiday_lft weligiis 2: eth0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link / ether 00: 0c: 29: 80: 3b: 3f brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.5/24 brd 192.168.10.255 baaxadda qiyaasta caalamiga ah0
       ansax_lft weligiis doorbidaa_lft weligiis inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 iskuxirka baaxada saxan_lft weligiis doorbida_lft weligiis
xididka @ sayidka: ~ # bisad /etc/resolv.conf
raadi swl.fan magac-bixiyaha 127.0.0.1
  • Taas oo aan ku dhawaaqeyno laanta ugu weyn ee kaliya, waa in ka badan oo ku filan ujeeddooyinkeenna.
xididka @ sayidka: ~ # bisad /etc/apt/sources.list
deb http://192.168.10.1/repos/jessie-8.6/debian/ jessie ugu weyn ee
deb http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / cusbooneysiin ugu weyn ee

Postfix-ka Exim iyo yutiilitida

xididka @ master: ~ # aptitude rakibi postfix htop mc deborphan

  Ig Qaabeynta Postfix fi │ Xullo nooca isku-duwidda adeegaha boostada ee sida ugu fiican ugu habboon baahidaada │ │. Configuration │ │ │ Qaabeynta maya: │ │ Waxay haysaa qaabeynta hadda. Site site Barta Internetka: │ │ Boostada waxaa loo diraa oo toos loo helaa iyadoo la adeegsanayo SMTP. │ │ Internetka leh "smarthost": │ │ Boostada waxaa si toos ah looga helaa iyadoo la adeegsanayo SMTP ama iyadoo la adeegsanayo aalad │ like sida "fetchmail". Fariimaha baxaya ayaa la diraa iyadoo la adeegsanayo smart │ a "smarthost". Mail Boostada maxaliga ah oo keliya: │ │ Boostada kaliya ee la geeyo waxaa loogu talagalay isticmaaleyaasha deegaanka. Maya │ │ waxaa jira shabakad. │ │ │ Nooca guud ee qaabeynta qaabeynta: │ │ │ configuration Ma jiro qaabeyn site Bogga Internetka │ Internet leh "smarthost" system Nidaamka Satelite-ka │ │                         Boostada maxaliga ah oo keliya                                │ │ │ │ │                                     │ │ └────────────────────────────────────────────── ┌──────────────────── Ig Qaab dhismeedka Postfix ├─────────────────────────┐ "Magaca nidaamka boostada" waa magaca bogga that │ waxaa loo isticmaalaa in lagu "qalmo" cinwaanada emaylka _ALL_ oo aan lahayn magac domain. Tan waxaa ku jira warqad loo dirayo ama laga keenayo "xididka": fadlan ha ka samayn máquina │ mashiinkaagu ha u diro emayllada root@example.org in │ │ kayar root@example.org ayaa la waydiiyey. Programs │ │ │ Barnaamijyada kale waxay isticmaali doonaan magacan. Waa inuu noqdaa mid magac domain oo u gaar ah (FQDN). │ │ │ │ Sidaa darteed, haddii cinwaanka emaylka ee mashiinka maxalliga ah uu yahay │ │ wax@example.org, qiimaha saxda ah ee doorashadan wuxuu noqon doonaa example.org. System │ │ │ Magaca nidaamka boostada: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Waan nadiifinaynaa

xididka @ sayidka: ~ # nadiifinta aptitude ~ c
xididka @ sayidka: ~ # aptitude rakibi -f
xididka @ sayidka: ~ # caqli nadiif ah
xididka @ sayidka: ~ # aptitude autoclean

Waxaan rakibnaa shuruudo si loo soo ururiyo Samba 4 iyo xirmooyinka kale ee lagama maarmaanka ah

xididka @ sayidka: ~ # aptitude rakib acl attr autoconf bison \
dhisida-lagama maarmaanka u ah qashin dnsutils docbook-xml docbook-xsl flex gdb \
krb5-isticmaale libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libarfeis-yapp-perl \
libpopt-dev libreadline-dev perl-perl-modules pkg-config \
Python-all-dev Python-dev Python-dnspython Python-crypto \ Python-all-dev Python-dev Python-dnspython Python-crypto \ Python-all-dev Python-dev Python-dnspython Python-crypto \ Python-Dhambaal Python-dev Python-dnspython Python-crypto \
xsltproc zlib1g-dev libgpgme11-dev python-gpgme Python-m2crypto \
libgnutls28-dbg gnutls-dev ldap-utils krb5-isku xir

 ┌───────────────┤ Dib u habeynta aqoonsiga Kerberos │ Marka dadka isticmaala ay isku dayaan inay isticmaalaan Kerberos oo ay magaca sheegaan │ │ Maamulaha ama isticmaalaha iyada oo aan la cadeynin maamulka Kerberos maamul ee maamule │ │ iska leeyahay, nidaamku wuxuu qaataa xukunka │ │.  Boqortooyada caadiga ah sidoo kale waxaa loo isticmaali karaa inay tahay │ │ adeegga Kerberos ee ku shaqeeya mishiinka maxalliga ah.  │ Caadi ahaan, boqortooyada aasaasiga ah waa magaca sare ee magaca DNS │ │ domain.  │ │ │ Kerberos version 5 boqortooyada caadiga ah: │ │ │ │ SWL.FAN __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────┤ ┌───────────────┤ Qeybinta aqoonsiga Kerberos │ │ Gali magacyada server-yada Kerberos ee SWL.FAN boqortooyada │ │ Kerberos, oo loo kala saaray meelo banaan.  │ │ │ Adeegyada Kerberos ee gobolkaaga: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── Ig ┌───────────────┤ Habaynta aqoonsiga Kerberos │ │ Gali magaca maamulka maamulka (beddelka ereyga) │ │ ee gobolka Kerberos SWL.FAN.   

Hawsha kor ku xusan waxay qaadatay wakhti yar maxaa yeelay wali ma hayno wax adeegyo ah oo DNS ah oo la rakibay. Si kastaba ha noqotee, waxaad ku dooratay domainka si sax ah goobaha faylka / iwm. Xusuusnow taas feylka /etc/resolv.conf waxaan ku dhawaaqnay sidii server magac domain ah IP 127.0.0.1.

Hadda waxaan u qaabeynaa faylka / iwm / ldap / ldap / conf

xididka @ sayidka: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = fan URI ldap: //master.swl.fan

Su'aalaha la adeegsanayo amarka ldapsearch laga sameeyay isticmaalaha asalka ah waa nooca ldapsearch -x -W cn = xxxx, waa inaan abuurnaa feylka / xidid /.ldapsearc oo leh waxyaabaha soo socda:

xididka @ sayidka: ~ # nano .ldaprc
BINDDN CN = Maamulaha, CN = Isticmaalayaasha, DC = swl, DC = taageere

Nidaamka faylka waa inuu taageeraa ACL - Liiska Xakamaynta Helitaanka

xididka @ sayidka: ~ # nano / iwm / fstab
# / iwm / fstab: macluumaadka nidaamka faylka ee joogtada ah. # # Adeegso 'blkid' si aad u daabacdo aqoonsi caalami ah oo u gaar ah aaladda # tan waxaa loo isticmaali karaa UUID = sidii dariiq adag oo loogu magac daro aalado # shaqeeya xitaa haddii diskiyada lagu daro lana saaro. Fiiri fstab (5). # # # / wuxuu ahaa / dev / sda1 intii lagu gudajiray rakibida UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 user_xattr, acl, carrier = 1, wakhti go'an, khaladaad = remount-ro 0 1
# swap wuxuu ahaa / dev / sda5 inta lagu gudajiray rakibida UUID = cb73228a-615d-4804-9877-3ec225e3ae32 ma jiro isweydaarsi sw 0 0 / dev / sr0 / media / cdrom0 udf, iso9660 isticmaale, noauto 0 0

xididka @ sayidka: ~ # Mount -a

xididka @ sayidka: ~ # taabashada_cl_txt taabashada
xididka @ master: ~ # setfattr -n user.test -v tijaabada imtixaanka_acl.txt
xididka @ sayidka: ~ # setfattr -n security.test -v test2 testing_acl.txt
xididka @ sayidka: ~ # getfattr -d testing_acl.txt
# feyl: testing_acl.txt user.test = "tijaabo"

xididka @ sayidka: ~ # getfattr -n security.test -d testing_acl.txt
# faylka: imtixaanka_acl.txt security.test = "test2"

xididka @ sayidka: ~ # setfacl -mg: adm: rwx testing_acl.txt

xididka @ sayidka: ~ # getfacl testing_acl.txt
# faylka: baaritaanka_acl.txt # milkiilaha: xididka # koox: isticmaalaha xididka :: rw- koox :: r-- koox: adm: rwx mask :: rwx kale :: r--

Waxaan helnaa isha Samba 4, waan soo ururineynaa, waana rakibnaa

Waxaa si aad ah loogu talinayaa inaad soo dejiso faylka ilaha nooca Deggan ka socota goobta https://www.samba.org/. Tusaalaheena waxaan kala soo baxnaa nooca samba-4.5.1.tar.gz dhanka galka / doorashada.

xididka @ sayidka: ~ # cd / opt
xididka @ sayidka: / opt # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
xididka @ sayidka: / opt # tar xvfz samba-4.5.1.tar.gz
xididka @ sayidka: / opt # cd samba-4.5.1 /

Fursadaha qaabeynta

Haddii aan dooneyno inaan u habeyno xulashooyinka qaabeynta, waxaan fulinnaa:

xididka @ sayidka: /opt/samba-4.5.1# ./configure --help

oo si taxaddar leh u xulan kuwa aan u baahan nahay. Waxaa lagugula talinayaa inaad hubiso haddii xirmada la soo dejiyey lagu dhejin karo qaybinta Linux ee aan isticmaaleyno, taas oo kiiskeenu yahay Debian 8.6 Jessie:

xididka @ sayidka: /opt/samba-4.5.1# ./configure fiiro gaar ah

Waxaan isku hagaajineynaa, Sammeyneynaa oo rakibnaa samba-4.5.1

  • Laga bilaabo shuruudihii horey loo rakibey iyo feylasha 8604 (oo ka kooban isukeenka samba-4.5.1.tar.gz) oo culeyskoodu yahay 101.7 megabytes - oo ay kujiraan isha 3 iyo fol4 source61.1 ee culeyskoodu yahay XNUMX megabytes - waxaan heleynaa bedel Tusaha Firfircoon ee qaabka Microsoft, oo tayo iyo xasilooni ka badan inta la aqbali karo jawi wax soo saar kasta Waa inaan iftiimino shaqada Kooxda Samba ee gudbinta Barnaamijka Bilaashka ah ee Samba 4.

Amarada hoose waa kuwa caadiga ah ee uruurinta iyo rakibidda xirmooyinka laga helo ilohooda. Waa inaan samirnaa inta hawshu socoto oo dhan. Waa habka kaliya ee lagu helo natiijooyin sax ah oo sax ah.

xididka @ sayidka: /opt/samba-4.5.1# . / qaabeyn-leh-systemd - koobab
xididka @ sayidka: /opt/samba-4.5.1# dhigi
xididka @ sayidka: /opt/samba-4.5.1# samee rakibo

Inta lagu guda jiro hawsha taliska dhigi, Waan arki karnaa in Samba 3 iyo Samba 4. ilaha la soo uruuriyay.Taas ayaa ah sababta Kooxda Samba u xaqiijineyso in nooca 4 uu yahay cusbooneysiinta dabiiciga ah ee nooca 3, labadaba Maamulayaasha Domain ee ku saleysan Samba 3 + OpenLDAP, iyo faylalka faylalka, ama noocyada Samba 4.

Samba bixinta

Waxaan u adeegsan doonnaa sida DNS ah SAMBA_INTERNAL. in https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End waxaan heli doonaa macluumaad dheeri ah. Markay na weydiiyaan lambarka sirta isticmaalaha Maamulaha, waa inaan qornaa mid ka mid ah dhererka ugu yar ee 8 xarfood iyo waliba xarfaha - kan kore iyo kan hoose - iyo lambarrada.

Kahor intaadan bilaabin bixinta iyo in nolosha loo fududeeyo, waxaan ku darnaa wadada ee Samba la fulin karo faylkeena .bashrcKadibna waan xirnaa oo mar kale ayaan galnaa.

xididka @ sayidka: ~ # nano .bashrc
# ~ / .bashrc: waxaa ku fuliya bash (1) qolofka aan soo galin. # Xusuusin: PS1 iyo umask horeyba ayaa loogu dhigay / iwm / astaan. Waa inaadan # u baahnayn tan inaad ka rabto cillad kala duwan oo xidid ah mooyee. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # Waxaad ka xumaan kartaa khadadka soo socda haddii aad rabto `` ls '' in la midabeeyo: # dhoofinta LS_OPTIONS = '- color = auto '# eval "` dircolor` "# alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # Qaar kale oo magac xumo ah si looga fogaado khaladaadka: # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
ku dhawaaq -x PATH = "/ usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / local / samba / bin "

xididka @ sayidka: ~ # bixitaanka bixitaanka Xiriirka si uu ustaad u xiro. xeon @ sysadmin: ~ $ ssh xididka @ master

xididka @ sayidka: ~ # samba-tool bixinta rukunka --use-rfc2307 -qalgal
Boqortooyada [SWL.FAN]: SWL.FAN
 Domain [SWL]: SWL
 Doorka Adeega (dc, xubin, kaligiis ah) [dc]: dc
 Difaaca DNS (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, MIDNA) [SAMBA_INTERNAL]: SAMBA_INTERNAL
 Cinwaanka IP gudbiyaha IP (qor 'midna' si aad u joojiso gudbinta) [192.168.10.5]: 8.8.8.8
Furaha maamulka: Passwordkaaga2017
Dib u qor ereyga sirta ah: Passwordkaaga2017
Raadinta cinwaanada IPv4 Raadinta cinwaanada IPv6 No cinwaanka IPv6 looma qoondeyn doono Dejinta share.ldb Dejinta asiri.ldb Dejinta diiwaanka Aasaasidda mudnaanta macluumaadka Dejinta idmap db Dejinta SAM db Dejinta sam.ldb qeybaha iyo dejinta root sam.ldb rootDSE Horaad usameyneysa Samba 4 iyo AD schema Ku darida DomainDN: DC = swl, DC = fan Ku darida weelka qaabeynta Dejinta sam.ldb schema Dejinta xogta qaabeynta sam.ldb Dejinta shaandheeyeyaasha muujinta Wax ka beddelka muujiyeyaasha muujinta Ku darida isticmaalayaasha weelka Wax ka beddelka isticmaaleyaasha weelka Ku darista kumbuyuutarrada Weelka Wax ka beddelka weelka Dejinta sam.ldb Dejinta maamuleyaal ammaan oo caan ah Dejinta dadka isticmaala sam.ldb iyo kooxaha Aasaasid iskiis ah Ku darista koontooyinka DNS Abuuritaanka CN = MicrosoftDNS, CN = Nidaamka, DC = swl, DC = fan Abuurista Qaybaha DomainDnsZones iyo ForestDnsZones Qeybinta Dadweynaha DomainDnsZones iyo ForestDnsZones Qaybaha Dejinta sam.ldb rootDSE calaamadeynta sida iskudhafan hagaajinta GUIDsQaab dhismeedka Kerberos ee ku habboon Samba 4 ayaa laga soo saaray /usr/local/samba/private/krb5.conf Dejinta nidaamyo server yp ah oo been abuur ah Marka faylasha kor ku xusan la rakibo, server-kaaga Samba4 wuxuu diyaar u noqon doonaa inuu adeegsado Doorka Adeegga: domain galka firfircoon maamusha Magaca martida: master NetBIOS Domain: SWL DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556

Ha iloobin nuqul ka sameynta feylka qaabeynta Kerberos sida ku cad wax soo saarka Bixinta:

xididka @ sayidka: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

Inaad qorin amarka samba-qalab magacaaga oo buuxa, waxaan ku abuureynaa xiriir astaan ​​leh magaca gaaban qalab:

xididka @ sayidka: ~ # ln -s / usr / local / samba / bin / samba-tool / usr / local / samba / bin / tool

Waxaan rakibnaa NTP

Qeyb aasaasi ah oo ku jirta Diiwaanka Firfircoon waa Adeegga Waqtiga Shabakadda Maaddaama xaqiijinta lagu sameeyo Kerberos iyo Tigidhada, iswaafajinta waqtiga ee Samba 4 AD-DC waa muhiim.

xididka @ sayidka: ~ # aptitude rakib ntp
xididka @ sayidka: ~ # mv /etc/ntp.conf /etc/ntp.conf.original

xididka @ sayidka: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd statistics loopstats peerstats clockstats saacadaha filegen loopstats file loopstats nooca maalinta awood u filegen peerstats file peerstats nooca maalinta awood u filegenstats file saacadaha saacadaha nooca maalintii awood server 192.168.10.1 xaddid -4 asalka ah kod notrap nomodify nopeer noquery xaddid -6 ​​default kod notrap nomodify nopeer noquery xaddid default mssntp xaddidan 127.0.0.1 xaddidan :: 1 baahinta 192.168.10.255

root @ master: ~ # adeeg ntp dib u bilaw
xididka @ master: ~ # xaaladda ntp adeegga

xididka @ sayidka: ~ # dabada -f / var / log / syslog

Haddii marka la baarayo syslog adoo adeegsanaya amarka kore ama adeegsiga joornaall-f waxaan helay farriinta:

Jun 19 12:13:21 master ntpd_intres [1498]: waalidku wuxuu dhintay intaanan dhamayn, kabax

waa inaan dib u bilownaa adeegga oo aan mar labaad isku daynaa. Hadda waxaan abuuraynaa galka xikmad:

xididka @ sayidka: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
ls: / usr / local / samba / var / lib / ntp_signd lama heli karo: Faylka ama galka ma jiro

xididka @ sayidka: ~ # mkdir / usr / local / samba / var / lib / ntp_signd
xididka @ sayidka: ~ # xididka la jarjaray: ntp / usr / local / samba / var / lib / ntp_signd /
xididka @ sayidka: ~ # chmod 750 / usr / local / samba / var / lib / ntp_signd / root @ master: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /

# Sida lagu codsaday samba.wiki.org
xididka @ sayidka: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
drwxr-x --- 2 xididka ntp 4096 Juun 19 12:21 / usr / maxalli / samba / var / lib / ntp_signd

Waxaan u qaabeyneynaa bilawga Samba isticmaalka systemd

xididka @ master: ~ # nano /lib/systemd/system/samba-ad-dc.service
[Adeeg] Nooca = fargeeto PIDFile = / usr / local / samba / var / run / samba.pid LimitNOFILE = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / dil -HUP $ MAINPID [Ku rakib] WantedBy = multi-user.target

xididka @ master: ~ # systemctl karti u yeelo samba-ad-dc
xididka @ sayidka: ~ # reboot

xididka @ master: ~ # systemctl xaaladda samba-ad-dc
xididka @ master: ~ # systemctl status ntp

Goobaha Samba 4 AD-DC

ALL -laga jaray adeegii samba-ad-dc.- faylasha waxay kujiraan:

xididka @ sayidka: ~ # ls -l / usr / local / samba /
wadarta 32 drwxr-sr-x 2 shaqaalaha xididka 4096 Jun 19 11:55 waxaan ahay
drwxr-sr-x 2 shaqaalaha xididka 4096 Jun 19 11:50 iwm
drwxr-sr-x 7 shaqaalaha xididka 4096 Jun 19 11:30 waxaa ka mid ah
drwxr-sr-x 15 shaqaalaha xididka 4096 Jun 19 11:33 lib
drwxr-sr-x 7 shaqaalaha xididka 4096 Jun 19 12:40 gaarka ah
drwxr-sr-x 2 shaqaalaha xididka 4096 Jun 19 11:33 sbin
drwxr-sr-x 5 shaqaalaha xididka 4096 Jun 19 11:33 share
drwxr-sr-x 8 shaqaalaha xididka 4096 Jun 19 12:28 waxaa jira

qaabka ugu fiican UNIX. Had iyo jeer waa lagugula talinayaa inaad ka dhex baahato galka kala duwan oo aad eegto waxyaabaha ku jira.

Faylka /usr/local/samba/etc/smb.conf

xididka @ sayidka: ~ # nano /usr/local/samba/etc/smb.conf 
# Halbeegyada caalamiga ah [global] netbios name = MASTER realm = SWL.FAN workgroup = SWL dns forwarder = 8.8.8.8 adeegyada server = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns server door = Tilmaamaha firfircoon diiwaanka domainka ayaa u oggolaanaya cusbooneysiinta dns = kalsoonaan kaliya idmap_ldb: isticmaal rfc2307 = haa idmap config *: backend = tdb idmap config *: range = 1000000-1999999 ldap server waxay u baahan yihiin auth = ma jiro magac daabacid = null [netlogon] path = /usr/local/samba/var/locks/sysvol/swl.fan/scripts akhri oo keliya = Maya [sysvol] wadada = / usr / local / samba / var / quful / sysvol akhri kaliya = Maya

xididka @ master: ~ # testparm
Ku shub faylasha isku xidhka smb ka /usr/local/samba/etc/smb.conf Qaybta wax-qabadka "[netlogon]" qaybta wax-qabadka "[sysvol]" Adeegyada la soo rogay faylka waa caadi. Doorka adeegaha: ROLE_ACTIVE_DIRECTORY_DC Press geli si aad u aragto daadinta qeexitaankaaga adeegga # Global parameters [global] realm = SWL.FAN workgroup = SWL dns forwarder = 192.168.10.1 ldap server waxay u baahan tahay auth = No passdb backend = samba_dsdb server server door = galka firfircoon domain xakamaysada rpc_server: tcpip = no rpc_daemon: spoolssd = gundhig rpc_server: spoolss = rpc_server gundhig: winreg = gundhig rpc_server: ntsvcs = rpc_server gundhig: eventlog = rpc_server gundhig: = srvsvc gundhig = rvcct_server isticmaali = rvcct_server dibadda isticmaali = rvcct_server dibadda isticmaali rvcct_server dibadda: tuubooyin dibadeed = config idmap config *: range = 1000000-1999999 idmap_ldb: use rfc2307 = haa idmap config *: backend = tdb map archive = Khariidad lama aqrin karo = ma jiro sifooyin dukaan oo lagu kaydiyo = Haa vfs ash = dfs_samba4 acl_xattr [netlogon] path = / usr / local / samba / var / quful / sysvol / swl.fan / scripts akhriso oo keliya = Maya [sysvol] path = / usr / local / samba / var / quful / sysvol akhri kaliya = Maya

Jeegaga ugu yar

xididka @ sayidkiisa: ~ # show heer domain qalab
Heerka waxqabadka Domain iyo kaynta ee domain 'DC = swl, DC = fan' Heerka waxqabadka kaynta: (Windows) 2008 R2 Heerka shaqada Domain: (Windows) 2008 R2 Heerka ugu hooseeya ee shaqada DC: (Windows) 2008 R2

xididka @ sayidka: ~ # ldapsearch -x -W

xididka @ sayidkiisa: ~ # qalab dbcheck
Hubinta 262 walxaha Hubiyay 262 walx (0 qalad)

root @ master: ~ # Maamulaha kinit
Password for Maamulaha@SWL.FAN: 
xididka @ sayidka: ~ # klist -f
Kaydka tigidhada: FILE: / tmp / krb5cc_0
Bixinta aasaasiga ah: Maamulaha@SWL.FAN

Bilowga ansaxnimada wuxuu dhacayaa Adeegga guud 19/06/17 12:53:24 19/06/17 22:53:24  krbtgt/SWL.FAN@SWL.FAN
    cusbooneysii illaa 20/06/17 12:53:18 PM, Calanka: RIA

xididka @ sayidka: ~ # kdestroy
xididka @ sayidka: ~ # klist -f
klist: Faylasha aqoonsiga ee aqoonsiga '/ tmp / krb5cc_0' lama helin

xididka @ sayidka: ~ # smbclient -L localhost -U%
Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Adeeg (Samba 4.5.1) Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Server Comment --------- ------- Mastergroup Master ---- ----- -------

xididka @ sayidka: ~ # smbclient // localhost / netlogon -UAdministrator -c 'ls'
Gali furaha maamulka: Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 blocks oo cabirkoodu yahay 1024. 16198044 blocks ayaa la heli karaa

root @ master: ~ # tool dns serverinfo master -U maamule

xididka @ sayidka: ~ # host -t SRV _ldap._tcp.swl.fan
_ldap._tcp.swl.fan wuxuu leeyahay rikoor SRV 0 100 389 master.swl.fan.

xididka @ master: ~ # host -t SRV _kerberos._udp.swl.fan
_kerberos._udp.swl.fan wuxuu leeyahay rikoor SRV 0 100 88 master.swl.fan.

xididka @ master: ~ # host -t A master.swl.fan
master.swl.fan wuxuu leeyahay cinwaan 192.168.10.5

xididka @ sayidka: ~ # martigeliyaha -t SOA swl.fan
swl.fan wuxuu leeyahay SOA record master.swl.fan. hostmaster.swl.fan. 1 900 600 86400 3600

xididka @ sayidka: ~ # martigeliyaha -t NS swl.fan
swl.fan magaca server server.swl.fan.

xididka @ sayidka: ~ # martigeliyaha -t MX swl.fan
swl.fan malahan diiwaan MX ah

xididka @ sayidka: ~ # samba_dnsupdate --verbose

xididka @ sayidkiisa: ~ # liiska qalabka isticmaalaha
Maamulaha krbtgt Martida

xididka @ sayidkiisa: ~ # liiska qalabka kooxda
# Wax soo saarku waa kooxo farabadan. ;-)

Waxaan maamulnaa Samba 4 AD-DC oo dhowaan la rakibay

Haddii aan rabno inaan wax ka beddelno dhicitaanka maalmaha sirta Maamulaha; kakanaanta ereyada sirta ah; dhererka ugu yar ee lambarka sirta ah; muddada ugu yar iyo ugu badnaan - maalmood gudahood- ee lambarka sirta ah; oo beddel lambarka sirta ah ee Maamulaha oo lagu dhawaaqay intii lagu jiray Bixinta, waa inaan ku fulino amarradan soo socda qiyamka ku habboon baahiyahaaga:

xididka @ sayidkiisa: ~ # qalab
Isticmaalka: samba-tool Qalabka maamulka samba-weyne. Ikhtiyaariyada: -h, --caawimaad muuji farriintan caawimaadda iyo bixitaanka Noocyada Ikhtiyaariyada: -V, --version Tusaha nambarka muuqaalka Waxaa laga heli karaa amarro hoosaadyo: dbcheck - Hubi keydka macluumaadka deegaanka ee AD wixii qalad ah ergada - Maamulka wafdiga. dns - Maareynta Magaca Magaca (DNS) Maareynta. domain - Maareynta Domain. drs - Maareynta Adeegyada Gudbinta Hagaha (DRS). dsacl - khalkhalgelinta DS ACLs. fsmo - Maareynta doorarka Maareynta Hal-abuurka Hal-abuurka leh (FSMO). gpo - Maareynta Ujeeddada Siyaasadda Kooxda (GPO). koox - Maamul kooxeed. ldapcmp - Isbarbar dhig laba xog-ururin ldap. ntacl - NT ACLs khalkhalgelinta. geedi socodka - Liistada habsocodka (si looga caawiyo khaladka nidaamyada iyada oo aan la dejinin). rodc - Maareynta Kumbuyuutarka Maaraynta (RODC). goobaha - Maareynta goobaha. spn - Maareeyaha Adeegga Magaca (SPN) maaraynta. testparm - Caasima hubi faylka qaabeynta. waqtiga - Ka soo cesho waqtiga serverka. isticmaale - Maareynta isticmaale. Caawinaad dheeraad ah oo ku saabsan amarka gaarka ah, fadlan ku qor: samba-tool (-h | - caawimaad)

root @ master: ~ # qalab maamul maamul dejiyaha --noexpiry
root @ master: ~ # Qalab sirta ah ee aaladda aaladda dejiso --min-pwd-length = 7
xididka @ sayidka: ~ # Qalabaynta sirta ah ee aaladda aaladda dejinta --min-pwd-age = 0
xididka @ ustaad: ~ # qalabaynta lambarrada sirta ah ee aaladda dejinta --max-pwd-age = 60
xididka @ sayidka: ~ # qalab adeegiyaha setpassword --filter = samaccountname = Maamulaha --newpassword = Passw0rD

Waxaan ku darnaa dhowr diiwaan oo DNS ah

xididka @ sayidka: ~ # tool dns
Isticmaalka: samba-tool dns Maareynta Magaca Magaca (DNS) Maareynta. Ikhtiyaariyada: -h, --caawim tus farriintan caawimaadda iyo bixitaanka Amarada la heli karo ee daryeelaha ah: ku dar - Ku dar diiwaanka diiwaanka DNS tirtir - Tirtir weydiinta diiwaanka DNS - Weydii magac. roothints - Su'aalaha tilmaamaha xididka. serverinfo - Weydii macluumaadka Server. cusboonaysiinta - Cusboonaysii aagga diiwaanka diiwaanka 'DNS' abuur - Abuur aag. aag - tirtir aag. zoneinfo - Weydii macluumaadka aaga. zonelist - Weydiinta aagagga. Caawinaad dheeraad ah oo ku saabsan amarka gaarka ah, fadlan ku qor: samba-tool dns (-h | - caawimaad)

Server mail

root @ master: ~ # tool dns add master swl.fan mail A 192.168.10.9 -U maamule
xididka @ master: ~ # tool dns add master swl.fan swl.fan MX "mail.swl.fan 10" -U maamule

IP go'an ee server kale

root @ master: ~ # tool dns add master swl.fan sysadmin A 192.168.10.1 -U maareeyaha
root @ master: ~ # tool dns add master swl.fan fileserver A 192.168.10.10 -U maamule
xididka @ master: ~ # tool dns add master swl.fan wakiil A 192.168.10.11 -U maamule
xididka @ ustaad: ~ # tool dns add master swl.fan chat A 192.168.10.12 -U maamule

Aagga gadaal

root @ master: ~ # tool dns zonecreate master 10.168.192.in-addr.arpa -U maareeyaha
Erayga sirta ah ee loogu talagalay [SWL \ maamulaha]: Aagga 10.168.192.in-addr.arpa ayaa si guul leh loo abuuray

root @ master: ~ # tool dns add master 10.168.192.in-addr.arpa 5 PTR master.swl.fan. -Qoraa-yaqaan
xididka @ sayidka: ~ # tool dns add master 10.168.192.in-addr.arpa 9 PTR mail.swl.fan. -Qoraa-yaqaan
xididka @ sayidka: ~ # tool dns add master 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. -Qoraa-yaqaan
xididka @ sayidka: ~ # tool dns add master 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. -Qoraa-yaqaan
root @ master: ~ # tool dns add master 10.168.192.in-addr.arpa 11 PTR proxy.swl.fan. -Qoraa-yaqaan
xididka @ sayidka: ~ # tool dns add master 10.168.192.in-addr.arpa 12 PTR chat.swl.fan. -Qoraa-yaqaan

Hubinta

xididka @ ustaad: ~ # tool dns su'aal sayid swl.fan mail ALL -U maamule
Furaha sirta ah ee loogu talagalay [SWL \ maamule]: Magaca =, Diiwaanada = 1, Carruurta = 0 A: 192.168.10.9 (calammo = f0, serial = 2, ttl = 900)

xididka @ sayidka: ~ # martigeliye martigaliye
master.swl.fan wuxuu leeyahay cinwaan 192.168.10.5
xididka @ sayidka: ~ # martigeliyaha sysadmin
sysadmin.swl.fan wuxuu leeyahay cinwaan 192.168.10.1
xididka @ sayidka: ~ # boostada martida loo yahay
mail.swl.fan wuxuu leeyahay cinwaan 192.168.10.9
xididka @ sayidka: ~ # wada sheekaysiga martigeliyaha
chat.swl.fan wuxuu leeyahay cinwaan 192.168.10.12
xididka @ master: ~ # wakiilka wakiilka
proxy.swl.fan wuxuu leeyahay cinwaan 192.168.10.11
xididka @ sayidkiisa: ~ # martigeliyaha faylka
fileserver.swl.fan wuxuu leeyahay cinwaan 192.168.10.10
xididka @ sayidkiisa: ~ # martigeliyaha 192.168.10.1
1.10.168.192.in-addr.arpa magaca domain tilmaamaha tilmaamaha sysadmin.swl.fan.
xididka @ sayidkiisa: ~ # martigeliyaha 192.168.10.5
5.10.168.192.in-addr.arpa magaca domain tilmaamaha tilmaamaha master.swl.fan.
xididka @ sayidkiisa: ~ # martigeliyaha 192.168.10.9
9.10.168.192.in-addr.arpa magaca domain tilmaamaha tilmaamaha mail.swl.fan.
xididka @ sayidkiisa: ~ # martigeliyaha 192.168.10.10
10.10.168.192.in-addr.arpa magaca domain tilmaamaha tilmaamaha faylasha faylka.swl.fan.
xididka @ sayidkiisa: ~ # martigeliyaha 192.168.10.11
11.10.168.192.in-addr.arpa magaca domain tilmaame tilmaame wakiil.swl.fan.
xididka @ sayidkiisa: ~ # martigeliyaha 192.168.10.12
12.10.168.192.in-addr.arpa magac domain tilmaame tilmaame chat.swl.fan.

Wixii xiisaha leh

xididka @ sayidka: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/ \
DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | salaax dn:

Waxaan ku darnaa isticmaaleyaasha

xididka @ sayidkiisa: ~ # adeegsade qalab
Isticmaalka: isticmaalaha samba-tool Maareynta isticmaalaha. Ikhtiyaariyada: -h, --caawimaad muuji farriintan caawimaadda iyo bixitaanka Amarada la heli karo: ku dar - Abuur isticmaale cusub abuur - Abuur isticmaale cusub. tirtir - Tirtir isticmaale. gab - Disable user ah. karti u yeelo - U oggolow adeegsade. helitaanka ereyga - Hel aagagga sirta ah ee koontada isticmaalaha / kombiyuutarka. liiska - Qor dhammaan isticmaaleyaasha. lambarka sirta ah - Badal erayga sirta ah ee koontada isticmaalaha (midka lagu bixiyay xaqiijinta). setexpiry - Calan dhicitaanka akoonka isticmaalaha. setpassword - Deji ama dib u dhig furaha koontada isticmaale. syncpasswords - Nidaaminta ereyga sirta ah ee xisaabaadka isticmaalaha. Caawinaad dheeraad ah oo ku saabsan amarka gaarka ah, fadlan ku qor: isticmaalaha samba-tool (-h | - caawimaad)

xididka @ sayidka: ~ # isticmaale qalab wuxuu abuuraa trancos Trancos01
Isticmaalaha 'trancos' ayaa si guul leh loo abuuray
xididka @ sayidka: ~ # isticmaale adeegsade abuur gandalf Gandalf01
Isticmaalaha 'gandalf' ayaa si guul leh loo abuuray
xididka @ sayidkiisa: ~ # isticmaale qalab wuxuu abuuraa legolas Legolas01
Isticmaalaha 'legolas' ayaa si guul leh loo abuuray
xididka @ sayidkiisa: ~ # liiska qalabka isticmaalaha
Maamulaha gandalf legolas strides krbtgt Guest

Maamulka iyada oo loo marayo interface interface ama iyada oo loo marayo macaamiisha websaydhka

Booqo wiki.samba.org si aad u hesho macluumaad faahfaahsan oo ku saabsan sida loo rakibo Microsoft RSAT o Qalabka Maamulka Serverka fog. Haddii aadan u baahnayn siyaasadaha caadiga ah ee ay bixiso Microsoft Active Directory, waad rakibi kartaa xirmada Maamulaha ldap-account kaas oo bixiya is-dhexgal fudud oo loogu talagalay maamulka iyada oo loo marayo shabakadda shabakadda.

Xirmooyinka barnaamijka maamulka kumbuyuutarka ee kumbuyuutarka ee Microsoft (RSAT) waxaa ku jira nidaamyada hawlgalka Windows Server.

Waxaan ku biirnaa domainka macmiil Windows 7 ah oo lagu magacaabo "toddobo"

Maaddaama aanan ku haysan server-ka DHCP shabakadda, waxa ugu horreeya ee ay tahay inaan sameyno waa inaan ku hagaajino kaarka shabakadda macmiilka IP-ga go'an, caddeynno in DNS-ka aasaasiga ahi uu noqon doono IP-ka samba-ad-dc, oo hubi in ikhtiyaarka "Diiwaangeli cinwaanka xiriirkan ee DNS" uu shaqeynayo. Maaha caajis in la hubiyo in magaca «toddobada»Aan wali ka diiwaan gashanayn Samba Gudaha DNS.

Ka dib markaan kumbuyuutarka ku biirno qaybta oo aan dib u bilowno, aan isku dayno inaan la galno isticmaaleha «tallaabo«. Waxaan hubin doonaa in wax waliba shaqeeyaan. Waxaa sidoo kale lagugula talinayaa inaad hubiso diiwaanka Macmiilka Windows-ka oo aad hubiso sida waqtiga loogu saxo.

Maamulayaasha leh khibrad Windows-ka ah qaarkood waxay ogaan doonaan in jeeg kasta oo ay ku sameeyaan macmiilka ay ka dhalan doonaan natiijooyin lagu qanco.

Resumen

Waxaan rajeynayaa in maqaalka uu anfacayo akhristayaasha Bulshada FromLinux.

Nabadeey!


Nuxurka maqaalka wuxuu u hogaansamayaa mabaadi'deena anshaxa tifaftirka. Si aad u soo sheegto khalad guji Halkan.

8 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa.

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   Gonzalo Martinez dijo

    Maqaal dheer laakiin faahfaahsan, tallaabo aad u wanaagsan oo tallaabo tallaabo ah oo ku saabsan sida wax walba loo sameeyo.

    Waxaan ku nuuxnuuxsaday NIS, runtu waxay tahay inkasta oo aan wax ka aqaanno jiritaankeeda, haddana runtii ma aanan ogeyn sida ay u shaqeyso, maadaama si daacadnimo leh ay marwalba ii siisay aragti ah inay ficil ahaan u dhimatay LDAP iyo Samba 4.

    PS: Waxaan kuugu hambalyeynayaa mashruucaaga cusub ee shaqsiyeed! Nasiib darro inaadan sii wadi doonin qorista halkan, laakiin ugu yaraan waxaa jira meel lagaa raaco

  2.   HO2Gi dijo

    Casharbar weyn sida had iyo jeer kuwa ugu cadcad, Salaan Fico.
    Hambalyo mashruuca.

  3.   IWO dijo

    Qeybta NIS waa weyn tahay, waan la murugeysanahay Gonzalo Martinez, waan ogaa si kooban laakiin ma aanan ogeyn sida loo dhaqan geliyo iyo xaaladaha loo adeegsado.
    Waad ku mahadsan tahay hal mar "jir" aad u weyn oo maqaal aragti iyo wax ku ool ah leh.
    Ugu dambeyntii guulaha cusub ee mashruucaaga cusub «gigainside».

  4.   federico dijo

    Aad baad ugu mahadsan tihiin qof walba faallooyinkiisa !!!.
    Salaan

  5.   mussol dijo

    smb.conf-ka aad muujisay wax xiriir ah lama lahan LDAP, ma sidaas baa ula kac ah mise wax baan uga tagay?

  6.   phico dijo

    mussol: Kani waa Samba 4 Active Directory Domain Controler oo horeyba u laheyd server-keeda LDAP.

  7.   Vincent dijo

    Miyaad faallo ka bixin kartaa sida loogu biiro mac (tufaax) ilaa samba 4 AD-DC?
    Waad ku mahadsan tahay.

  8.   xikmad dijo

    Sidee tahay;

    Waad ku mahadsantahay buugan, waa wax weyn. Waxaan su’aal ka qabaa farriin ii muuqata.

    xididka @ AD: ~ # nping –tcp -p 53 -c 3 ad.rjsolucionessac.com
    Waa lagu guuldareystay in la xaliyo magaca martida la siiyay / IP: ad.rjsolucionessac.com. Ogsoonow inaadan adeegsan karin '/ mask' iyo '1-4,7,100-' oo ah noocyada IP-ga
    Ma heli karo bartilmaameed sax ah. Fadlan hubso in marti-geliyeyaasha la cayimay ay yihiin cinwaannada IP-ga ee qaabka caadiga ah ama magacyada martida ee lagu xallin karo DNS
    xididka @ AD: ~ #