Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo
umbhali: UFederico Antonio Valdes Toujague
Molweni zihlobo nabahlobo!
Ngeli nqaku ndithi ndlela-ntle kuLuntu DesdeLinux. Indlela ekhethekileyo yoLuntu oluKhethekileyo. Ukusukela ngoku ukuya phambili ndiza kuba kwiprojekthi yam yobuqu onokuyibona kuyo http://www.gigainside.com.
Eyona njongo iphambili yesithuba kukubonelela nge «Umfanekiso omkhulu»Malunga neeNkonzo zokuNgqinisisa kunye neSoftware yasimahla esinayo. Ubuncinci leyo yinjongo yethu. Ke ngoko kuya kuba lide, ngaphandle kokuba siyazi ukuba ichasene nemigaqo ngokubanzi yokubhalwa kwamanqaku. Siyathemba ukuba abaLawuli beNkqubo bayayixabisa.
Sifuna ukubonisa ukuba umthetho olandelwayo uninzi lweenkqubo zangoku zokungqinisisa yi I-LDAP, kwaye ayisiyonto ilize ukuyifunda ngocoselelo, kwizinto zokufunda esiza kuzifumana kwindawo esemthethweni http://www.openldap.org/.
Asizukunika zinkcazo zineenkcukacha- okanye amakhonkco- kwimiba ekusetyenzwe ngayo kumanqaku angaphambili, okanye kwabo inkcazo yabo inokufikeleleka ngokulula kwiWikipedia okanye kwezinye iisayithi okanye amanqaku kwi-Intanethi, ukuze singalahli injongo yomyalezo esiwufunayo ukunikeza. Siza kuphinda sisebenzise umxube osemthethweni wamagama esiNgesi naseSpanish, njengoko sijonga ukuba uninzi lweenkqubo zazalwa zinamagama esiNgesi kwaye kuluncedo kakhulu kwiSysadmin ukubabandakanya kulwimi lwabo lwantlandlolo..
- WFP: Imodyuli yokuNgqinisisa enokuCwangciswa.
- NIS: Inethiwekhi_Ingcaciso_Iinkonzo.
- I-LDAP: IProtokholi yokuFikelela kuLwazi olungenasiphelo.
- IKerberosUmgaqo wokhuseleko wokuqinisekisa abasebenzisi, iikhompyuter kunye neenkonzo ezisisiseko kwinethiwekhi, ukuqinisekisa ubungqina babo ngokuchasene nezinto esele zikho kwiziko ledatha laseKerberos
- DS: Umncedisi weefayili okanye iNkonzo yeenkcukacha
- I-AD-DC: Isikhokelo esisebenzayo-uMlawuli weDomain
WFP
Sinikezela uthotho oluncinci kolu hlobo lokuqinisekiswa kwendawo, oya kuthi uyibone kwimisebenzi yemihla ngemihla ukuba isetyenziswa ngokubanzi xa, umzekelo, sijoyina indawo yokusebenza kwi-Domain Controller okanye kwi-Active Directory; ukwenza imephu kubasebenzisi abagcinwe kwindawo yolwazi ye-LDAP yangaphandle ngokungathi ngabasebenzisi bendawo; ukwenza imephu kubasebenzisi abagcinwe kuMlawuli weDomain kuLawulo oluSebenzayo ngokungathi bangabasebenzisi bengingqi, njalo njalo.
- Ukuqinisekiswa kwe-squid + ye-PAM kwi-CentOS 7.
- Umsebenzisi wasekhaya kunye nolawulo lweqela
- Umncedisi we-NSD we-DNS Server + Shorewall
- Prosody IM kunye nabasebenzisi bendawo
- Postfix + Dovecot + squirrelmail kunye nabasebenzisi bendawo
NIS
De Wikipedia:
- INkqubo yoLwazi lweNethiwekhi (eyaziwa ngegama layo elibizwa ngokuba yi-NIS, ngesiSpanish lithetha iNkqubo yeNgcaciso yeNethiwekhi), ligama lenkqubo yolawulo lomncedisi womncedisi ophuhliswe yiSun Microsystems yokuthumela idatha yoqwalaselo kwiinkqubo ezisasaziweyo ezinje amagama abasebenzisi kunye nemikhosi phakathi kweekhompyuter kwinethiwekhi.I-NIS isekwe kwi-ONC RPC, kwaye ine-server, ilayibrari esecaleni labathengi, kunye nezixhobo ezahlukeneyo zolawulo.
Ekuqaleni i-NIS yayibizwa ngokuba yiPhepha eliMthubi, okanye i-YP, esasetyenziselwa ukubhekisa kuyo. Ngelishwa, elo gama luphawu lokuthengisa lweBritane Telecom, olwalufuna ukuba iLanga lilahle elo gama. Nangona kunjalo i-YP ihlala isimaphambili kumagama uninzi lwemiyalelo enxulumene ne-NIS, njenge-ypserv kunye ne-ypbind.
I-DNS isebenzela uluhlu olulinganiselweyo lolwazi, eyona nto ibaluleke kakhulu kukunxibelelana phakathi kwegama lendawo kunye nedilesi ye-IP. Olunye uhlobo lolwazi, akukho nkonzo ikhethekileyo enjalo. Kwelinye icala, ukuba ulawula kuphela i-LAN encinci ngaphandle konxibelelwano lwe-Intanethi, kubonakala ngathi kufanelekile ukuseta i-DNS. Kungenxa yoko le nto iLanga liphuhlise iNkqubo yeNgcaciso yeNethiwekhi (NIS). I-NIS ibonelela ngokufikelela kwindawo yogcino lwedatha enokusetyenziselwa ukusasaza, umzekelo, ulwazi oluqulethwe kwi-passwd kunye namaqela eefayile kuzo zonke iindawo zenethiwekhi. Oku kwenza ukuba inethiwekhi ibonakale njengenkqubo enye, ineeakhawunti ezifanayo kuzo zonke iindawo. Kwangokunjalo, i-NIS inokusetyenziselwa ukusasaza ulwazi lwegama lendawo eliqulethwe kwi / njl / kwimikhosi kubo bonke oomatshini kwinethiwekhi.
Namhlanje i-NIS iyafumaneka phantse kulo lonke ulwabiwo lwe-Unix, kwaye kukho nolusetyenziso olusimahla. I-BSD yeNet-2 ipapashe enye efunyenwe kummiselo wolwazi wommandla woluntu onikelwe liLanga. Ikhowudi yethala lencwadi yomthengi wale nguqulo ibikho kwi-libc ye-GNU / Linux ixesha elide, kwaye iinkqubo zolawulo zazithunyelwa kwi-GNU / Linux nguSwel Thümmler. Nangona kunjalo, iseva ye-NIS ilahlekile njengophunyezo lwesalathiso.
UPeter Eriksson wenze into entsha ebizwa ngokuba yi-NYS. Ixhasa zombini i-NIS esisiseko kunye nohlobo oluphuculweyo lwe-Sun NIS +. [1] I-NYS ayiboneleli kuphela ngenani lezixhobo ze-NIS kunye neseva, kodwa ikongeza iseti entsha yemisebenzi yamathala eencwadi ekufuneka uyiqokelele kwi-libc yakho ukuba ufuna ukuyisebenzisa. Oku kubandakanya iskimu esitsha soqwalaselo lokusonjululwa kwegama lendawo ethatha indawo yesikimu sangoku esisetyenziswa yifayile ye "host.conf".
I-GNU libc, eyaziwa njenge-libc6 kuluntu lwe-GNU / Linux, ibandakanya uhlobo oluhlaziyiweyo lwenkxaso yemveli ye-NIS ephuhliswe nguThorsten Kukuk. Ixhasa yonke imisebenzi yethala leencwadi ebonelelwe yi-NYS, kwaye ikwasebenzisa iskimu sokumisela i-NYS esiphakamileyo. Izixhobo kunye neseva zisafuneka, kodwa ukusebenzisa i-libc ye-GNU kugcina ingxaki yokubamba kunye nokubuyisela ithala leencwadi
.
Ikhompyuter kunye negama lesizinda, ujongano lwenethiwekhi kunye nesisombululo
- Siqala kufakelo olucocekileyo -ngaphandle komzobo- we-Debian 8 "Jessie". I-domain swl.fan ithetha "abalandeli beSoftware yasimahla." Leliphi igama elingcono kuneli?.
ingcambu @ inkosi: ~ # igama lenginginya
inkosi
ingcambu @ inkosi: ~ # igama lenginginya -f
inkosi.swl.fan
(Imeyile ikhuselwe): ~ # ip addr 1: nantsi: umntu 65536 qdisc noqueue state UNKNOWN group default default / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 :: 1/128 umda wokubamba esebenzayo_lft ngonaphakade ukhetha_lft ngonaphakade 2: eth0: umntu 1500 qdisc pfifo_fast state UP iqela elingagqibekanga qlen 1000 link / ether 00: 0c: 29: 4c: 76: d9 brd ff: ff: ff: ff: ff: ff inet 192.168.10.5/24 brd 192.168.10.255 scope global eth0 valid_lft ngonaphakade ukhetha_lft ngonaphakade inet6 fe80 :: 20c: 29ff: fe4c: 76d9 / 64 scope link valid_lft forever preferred_lft forever
ingcambu @ inkosi: ~ # ikati /etc/resolv.conf
khangela swl.fan nameserver 127.0.0.1
Ukufakwa kwe-bind9, isc-dhcp-server kunye ne-ntp
bopha9
ingcambu @ master: ~ # aptitude fakela bind9 bind9-uxwebhu nmap
(Imeyile ikhuselwe): ~ # isimo se-systemctl bind9
ingcambu @ inkosi: ~ # nano /etc/bind/named.conf
zibandakanya "/etc/bind/named.conf.options"; zibandakanya "/etc/bind/named.conf.local"; zibandakanya "/etc/bind/named.conf.default-zones";
ingcambu @ inkosi: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original
ingcambu @ inkosi: ~ # nano /etc/bind/named.conf.options
ukhetho {lawulo "/ var / cache / bind"; // Ukuba kukho i-firewall phakathi kwakho kunye ne-nameservers ofuna // ukuthetha nayo, unokufuna ukulungisa i-firewall ukuvumela amaninzi // amazibuko ukuba athethe. Yabona http://www.kb.cert.org/vuls/id/800113
// Ukuba i-ISP yakho ibonelele ngedilesi enye okanye ezingaphezulu ze-IP kwizitayile ezizinzileyo zamagama, uyafuna ukuzisebenzisa njengabathumeli. // Uncomment kule bhloko ilandelayo, kwaye ufake iidilesi endaweni ka-i-0-isibambisi sonke. // abathumeli {// 0.0.0.0; //}; // ============================================== = ==================== $ // Ukuba BIND ungene kwimilayezo yemposiso malunga nesitshixo sengcambu siphelelwe lixesha, // kuyakufuneka uhlaziye amaqhosha akho. Yabona https://www.isc.org/bind-keys
// ============================================== = ===================== $ // Asifuni i-DNSSEC
dnssec-yenza hayi;
// dnssec-yokuqinisekisa ngokuzenzekelayo; Author-nxdomain akukho; # yangqinelana ne-RFC1035 mamela-kwi-v6 {nayiphi na; }; // Ukukhangela kwi-localhost kunye ne-sysadmin // ngokumba swl.fan axfr // Asinayo i-Slave DNS ... kude kube ngoku
vumela-ukudlulisa {indawo yangaphakathi; 192.168.10.1; };
}; (Imeyile ikhuselwe): ~ # ogama lingu-checkconf
ingcambu @ inkosi: ~ # nano /etc/bind/zones.rfcFreeBSD
// Indawo yeDilesi ekwaBelwana ngayo (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
// Ikhonkco-lendawo / i-APIPA (RFCs 3927, 5735 kunye ne-6303)
ummandla "254.169.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; };
// Izabelo ze-IETF protocol (RFCs 5735 kunye no-5736)
ummandla "0.0.192.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; };
// TEST-NET- [1-3] yamaXwebhu (RFCs 5735, 5737 kunye 6303)
ummandla "2.0.192.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "100.51.198.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "113.0.203.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IPv6 Umzekelo woRhwebo lwamaXwebhu (RFCs 3849 kunye 6303)
ummandla "8.bd0.1.0.0.2.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// Amagama eDomeyini amaXwebhu noVavanyo (BCP 32)
zone "test" {uhlobo inkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "umzekelo" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "ongasebenziyo" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "example.com" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "example.net" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "example.org" {type master; Ifayile "/etc/bind/db.empty"; };
// Uvavanyo lweBenchmark yoVavanyo (RFCs 2544 kunye no-5735)
ummandla "18.198.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "19.198.in-addr.arpa" {uhlobo inkosi; Ifayile "/etc/bind/db.empty"; };
// IANA igcinwe-indawo yakudala yeklasi e (RFC 5735)
ummandla "240.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "241.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "242.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "243.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "244.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "245.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "246.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "247.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "248.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "249.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "250.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "251.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "252.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "253.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "254.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; };
// Iidilesi ezingasetyenziswanga ze-IPv6 (RFC 4291)
ummandla "1.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "3.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "4.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "5.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "6.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "7.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "8.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "9.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "a.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "b.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "c.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "d.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "e.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "0.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "1.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "2.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "3.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "4.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "5.f.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "6.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "7.f.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "8.f.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "9.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "afip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "bfip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "0.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "1.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "2.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "3.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "4.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "5.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "6.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "7.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IPv6 ULA (RFCs 4193 kunye 6303)
ummandla "cfip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "dfip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IPv6 Ikhonkco laseKhaya (RFCs 4291 kunye 6303)
ummandla "8.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "9.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "aefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "befip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// Iidilesi eziShiyekileyo zeNdawo ye-IPv6 (ii-RFCs 3879 kunye ne6303)
ummandla "cefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "defip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "eefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "fefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IP6.INT isusiwe (RFC 4159)
ummandla "ip6.int" {type master; Ifayile "/etc/bind/db.empty"; };
ingcambu @ inkosi: ~ # nano /etc/bind/named.conf.local
// // Yenza naluphi na ulungelelwaniso lwasekhaya apha // // Cinga ukongeza imimandla ye-1918 apha, ukuba ayisetyenziswanga kumbutho wakho // kubandakanya "/etc/bind/zones.rfc1918";
zibandakanya "/etc/bind/zones.rfcFreeBSD";
// Isibhengezo segama, uhlobo, indawo, kunye nemvume yokuhlaziya // yeeNdawo zeeRekhodi zeDNS // Zombini iZowuni ziMASTER zone "swl.fan" {type master; Ifayile "/var/lib/bind/db.swl.fan"; }; ummandla "10.168.192.in-addr.arpa" {type master; Ifayile "/var/lib/bind/db.10.168.192.in-addr.arpa"; };
(Imeyile ikhuselwe): ~ # ogama lingu-checkconf
ingcambu @ inkosi: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ KWI-SOA master.swl.fan. ingcambu.master.swl.fan. (1; serial 1D; hlaziya i-1H; phinda uzame i-1W; phelisa i-3H) ubuncinci okanye; Ixesha elingalunganga lokugcina ixesha lokuphila; @ IN NS inkosi.swl.fan. @ KWI-MX 10 imeyile.swl.fan. @ KWI-192.168.10.5 @ KWI-TXT "Yabalandeli beSoftware yasimahla"; sysadmin KWI-192.168.10.1 iseva yefayile KWI-192.168.10.4 master IN A 192.168.10.5 proxyweb KWI-192.168.10.6 blog KWI-192.168.10.7 ftpserver KWI-192.168.10.8 imeyile KWI-192.168.10.9
ingcambu @ inkosi: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ KWI-SOA master.swl.fan. ingcambu.master.swl.fan. (1; serial 1D; hlaziya i-1H; phinda uzame i-1W; phelisa i-3H); ubuncinci okanye; Ixesha elingalunganga lokugcina ixesha lokuphila; @ IN NS inkosi.swl.fan. ; 1 KWI-PTR sysadmin.swl.fan. 4 KWIPR fileserver.swl.fan. 5 KWIPTR master.swl.fan. 6 KWI-PTR proxyweb.swl.fan. 7 KWIPR blog.swl.fan. 8 KWI-PTR ftpserver.swl.fan. 9 KWI-PTR imeyile.swl.fan.
ingcambu @ inkosi: ~ # igama-lokujonga indawo swl.fan /var/lib/bind/db.swl.fan
zone swl.fan/IN: ilayishwe uthotho 1 Kulungile
(Imeyile ikhuselwe): ~ # ogama lingu-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
ummandla 10.168.192.in-addr.arpa/IN: ilayishwe uthotho 1 Kulungile
ingcambu @ inkosi: ~ # ogama lingu-checkconf -zp
ingcambu @ master: ~ # systemctl qala kwakhona bind9.service
ingcambu @ master: ~ # systemctl ubume bind9.service
Iibhendi ezi-9
ingcambu @ inkosi: ~ # dig swl.fan axfr ingcambu @ master: ~ # dig 10.168.192.in-addr.arpa axfr ingcambu @ master: ~ # dig IN SOA swl.fan ingcambu @ inkosi: ~ # dig IN NS swl.fan ingcambu @ master: ~ # dig IN MX swl.fan ingcambu @ master: ~ # proxyweb host root @ master: ~ # nping -tcp -p 53 -c 3 localhost ingcambu @ inkosi: ~ # nping -udp -p 53 -c 3 yangaphakathi ingcambu @ inkosi: ~ # nping -tcp -p 53 -c 3 master.swl.fan ingcambu @ inkosi: ~ # nping -udp -p 53 -c 3 master.swl.fan Ukuqala i-Nping 0.6.47 ( http://nmap.org/nping ) ngo-2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / A iipakethi eziluhlaza zithunyelwe: 84 (0B) | I-Rcvd: 0 (3B) | Ilahlekile: 100.00 (1%) Ukuphelisa: i-3.01 idilesi ye-IP icinezelwe kwimizuzwana eyi-XNUMX
Isc-dhcp-umncedisi
ingcambu @ inkosi: ~ # ubuchule bokufaka isc-dhcp-server ingcambu @ inkosi: ~ # nano / njl / emiselweyo / isc-dhcp-server # Kukuphi konxibelelwano ekufuneka umncedisi we-DHCP (dhcpd) azise izicelo ze-DHCP? # Yahlulahlula ujongano lwezithuba, umz. "Eth0 eth1" IINKCUKACHA = "eth0" ingcambu @ inkosi: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key ingcambu @ inkosi: ~ # ikati Kdhcp-isitshixo. +157 + 51777 Ifomathi yesitshixo sangasese: v1.3 Algorithm: 157 (HMAC_MD5) Isitshixo: Ba9GVadq4vOCixjPN94dCQ == Iibhithi: AAA = Yenziwe: 20170527133656 Papasha: 20170527133656 Yenza okusebenzayo: 20170527133656 ingcambu @ inkosi: ~ # nano dhcp.key Isitshixo se-dhcp-key { I-algorithm hmac-md5; imfihloIBa9GVadq4vOCixjPN94dCQ == "; }; ingcambu @ inkosi: ~ # faka -o ingcambu -g bopha -m 0640 dhcp.key /etc/bind/dhcp.key (Imeyile ikhuselwe): ~ # faka -o ingcambu -g ingcambu -m 0640 dhcp.key / njl / dhcp /dhcp.key ingcambu @ master: ~ # nano /etc/bind/named.conf.local kubandakanya "/etc/bind/dhcp.key"; ummandla "swl.fan" {uhlobo lwenkosi; Ifayile "/var/lib/bind/db.swl.fan"; vumela uhlaziyo {lweqhosha le-dhcp-isitshixo; }; }; ummandla "10.168.192.in-addr.arpa" {type master; Ifayile "/var/lib/bind/db.10.168.192.in-addr.arpa"; vumela uhlaziyo {lweqhosha le-dhcp-isitshixo; }; }; ingcambu @ inkosi: ~ # igama-lokujonga i -conconf ingcambu @ inkosi: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original ingcambu @ inkosi: ~ # nano /etc/dhcp/dhcpd.conf I-ddns-uhlaziyo-lwendlela yethutyana; uhlaziyo lwe-ddns kwi; ddns-igama lesizinda "swl.fan."; ddns-rev-domainname "in-addr.arpa."; ungaluhoyi uhlaziyo lwabaxhasi; uhlaziyo-ulungiso lobuxoki; # Isenokufuneka kwigunya likaDebian; Ukudlulisa ukhetho kwi-ip; igama lesizinda-igama "swl.fan"; kubandakanya "/etc/dhcp/dhcp.key"; indawo swl.fan. {ephambili 127.0.0.1; Isitshixo se-dhcp-isitshixo; } indawo ye-10.168.192.in-addr.arpa. {ephambili 127.0.0.1; Isitshixo se-dhcp-isitshixo; } ulwabelwano lwenethiwekhi ekwabelwana ngayo {subnet 192.168.10.0 netmask 255.255.255.0 {ukhetho lwee-192.168.10.1; ukhetho lwe-subnet-mask 255.255.255.0; ukhetho losasazo-idilesi 192.168.10.255; ukhetho lwegama ledomain-server-192.168.10.5; ukhetho lwe-netbios-name-server 192.168.10.5; ukhetho ntp-server 192.168.10.5; ukhetho-iiseva zexesha 192.168.10.5; Uluhlu 192.168.10.30 192.168.10.250; }} ingcambu @ inkosi: ~ # dhcpd -t IiNkqubo zeIntanethi I-Consortium DHCP Server 4.3.1 Ilungelo lokushicilela 2004-2014 IiNkqubo zeIntanethi zeKhonkco. Onke amalungelo agciniwe. Ngolwazi, nceda undwendwele https://www.isc.org/software/dhcp/ Qwalasela ifayile: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid ingcambu @ master: ~ # systemctl qala kwakhona bind9.service ingcambu @ master: ~ # systemctl ubume bind9.service ingcambu @ inkosi: ~ # systemctl qala isc-dhcp-server.service ingcambu @ inkosi: ~ # isimo se-systemctl isc-dhcp-server.service
ntp
ingcambu @ inkosi: ~ # aptitude ukufaka ntp ntate ingcambu @ inkosi: ~ # cp /etc/ntp.conf /etc/ntp.conf. ingcambu @ inkosi: ~ # nano /etc/ntp.conf driftfile /var/lib/ntp/ntp.drift statist loopstats peerstats clockstats filegen loopstats file loopstats type day make filegen peerstats file peerstats type day make filegen mawashi -192.168.10.1 engagqibekanga kod notrap chonga nopeer noquery isithintelo 4 isithintelo :: 6 usasazo 127.0.0.1 ingcambu @ master: ~ # systemctl qala kwakhona ntp ingcambu @ inkosi: ~ # systemctl ubume ntp ingcambu @ inkosi: ~ # ntpdate -u sysadmin.swl.fan 27 Meyi 10:04:01 ntpdate [18769]: lungisa ixesha leseva 192.168.10.1 iseti 0.369354 sec
Ukuhlolwa kwehlabathi kwe-ntp, bind9, kunye ne-isc-dhcp-server
Ukusuka kwiLinux, i-BSD, iMac OS, okanye umxhasi weWindows ujonge ukuba ixesha lilungelelaniswe ngokuchanekileyo. Ukufumana idilesi ye-IP eguqukayo kunye nokuba igama lomphathi lisonjululwe ngokuthe ngqo nangokubuyela umva kwimibuzo ye-DNS. Guqula igama lomthengi kwaye uphinde wenze zonke iitshekhi. Musa ukuqhubeka de uqiniseke ukuba iinkonzo ezifakiweyo ukuza kuthi ga ngoku zisebenza ngokuchanekileyo. Kwinto ethile sabhala onke amanqaku malunga ne-DNS kunye ne-DHCP kwi Iinethiwekhi zekhompyuter zee-SMEs.
Ukufakwa kweseva yeNIS
ingcambu @ inkosi: ~ # ubuchule bokubonisa nis Ungqubano ne: netstd (<= 1.26) Inkcazo: abathengi kunye needemem zeNkonzo yeNgcaciso yeNethiwekhi (i-NIS) Le phakheji ibonelela ngezixhobo zokumisela kunye nokugcina indawo ye-NIS. I-NIS, eyaziwa njenge-Yellow Pages (YP), isetyenziselwa ukuvumela oomatshini abaninzi kwinethiwekhi babelane ngolwazi olufanayo lweakhawunti, njengefayile yephasiwedi. ingcambu @ inkosi: ~ # ukufaneleka ukufaka nis Uqwalaselo lwephakheji ig Uqwalaselo lweNis ├──────────────── ── │ │ Khetha i-NIS "igama lesizinda" sale nkqubo. Ukuba ufuna lo matshini │ │ ukuba ube nje ngumxhasi, kufuneka ufake igama lethambeka │ │ NIS ofuna ukujoyina. │ │ │ │ Kungenjalo, ukuba lo matshini uza kuba ngumncedisi we-NIS, unga │ │ ngenisa igama elitsha le-NIS "igama lommandla" okanye igama lendawo ekhoyo ye-NIS │ │. IS │ │ │ I-NIS Domain: │ │ │ │ swl.fan __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘
Iyakulibazisa eyakho kuba ubumbeko lwenkonzo alunjalo. Nceda linda inkqubo igqibe.
ingcambu @ inkosi: ~ # nano / etc / default / nis
# Singumncedisi we-NIS kwaye ukuba kunjalo luhlobo luni (amaxabiso: bubuxoki, ikhoboka, inkosi)?
NISSERVER = inkosi
ingcambu @ master: ~ # nano /etc/ypserv.securenets # safenets Le fayile ichaza amalungelo okufikelela kwiseva yakho ye-NIS # kubaxhasi be-NIS (kunye neeseva zamakhoboka- ypxfrd isebenzisa le # fayile nayo) Le fayile iqulethe i-netmask / network pair. # Idilesi ye-IP yabathengi kufuneka idibanise ubuncinci # enye yezo. # # Umntu unokusebenzisa igama "umphathi" endaweni yomnatha we- # 255.255.255.255. Kuphela ziidilesi ze-IP ezivunyelweyo kule fayile #, hayi amagama ehostele. # # Soloko uvumela ukufikelela kwendawo yangoku 255.0.0.0 127.0.0.0 # Lo mgca unika ukufikelela kuwo wonke umntu. NCEDA LUNGISELELE! # 0.0.0.0 0.0.0.0
Ngo-255.255.255.0 192.168.10.0
ingcambu @ master: ~ # nano / var / yp / Makefile # Ngaba kufuneka sidibanise ifayile yokupasa kunye nefayile yesithunzi? # MERGE_PASSWD = yinyani | bubuxoki
MERGE_PASSWD = yinyani
# Ngaba kufuneka sidibanise ifayile yeqela kunye negshadow ifayile? # MERGE_GROUP = yinyani | bubuxoki
MERGE_GROUP = yinyani
Sakha isiseko sedatha seNIS
ingcambu @ inkosi: ~ # / usr / lib / yp / ypinit -m Okwangoku, kufuneka sakhe uluhlu lwemikhosi eya kuqhuba iiseva ze-NIS. master.swl.fan ikuluhlu lweeseva zeNIS. Nceda uqhubeke ukongeza amagama eminye imikhosi, umgca omnye. Xa ugqibile ngoluhlu, chwetheza a . Umncedisi olandelayo ukongeza: master.swl.fan umncedisi olandelayo ukongeza: Uluhlu lwangoku lweeseva ze-NIS zijongeka njengoku: master.swl.fan Ngaba oku kuchanekile? [y / n: y] Sidinga imizuzu embalwa yokwakha oovimba ... . Ngoku ungabaleka ypinit -s master.swl.fan kuwo onke amakhoboka. ingcambu @ inkosi: ~ # systemctl qala kwakhona nis ingcambu @ inkosi: ~ # inkquboctl ubume nis
Songeza abasebenzisi bendawo
ingcambu @ inkosi: ~ # adduser bilbo Ukongeza umsebenzisi `bilbo '... Ukongeza iqela elitsha` bilbo' (1001) ... Ukongeza umsebenzisi omtsha` bilbo '(1001) kunye neqela` bilbo' ... Ukwenza umkhombandlela wasekhaya` / home / bilbo ' Ukukopa iifayile kwi `/ etc / skel '... igama elipheleleyo eligcweleyo] [Bilbo Bagins Number Room []: Work Phone []: Home Phone []: Okunye []: Ngaba ulwazi luchanekile? [Y / n] (Imeyile ikhuselwe): ~ # iaddost strides (Imeyile ikhuselwe):
njalo njalo.
ingcambu @ inkosi: ~ # iminwe legolas Ukungena: i-legolas Igama: Ulawulo lwe-Legolas Archer: / ikhaya / i-legolas Shell: / bin / bash Ayikaze ingene. Akukho meyile. Akukho siCwangciso.
Sihlaziya indawo yedatha yeNIS
ingcambu @ inkosi: / var / yp # yenza yenza [1]: Ukungenisa isikhombisi '/var/yp/swl.fan' Ukuhlaziya i-passwd.byname ... Ukuhlaziya i-passwd.byuid ... Ukuhlaziya iqela. .. Ukuhlaziya i-shadow.byname ... Ukungahoywa -> kudityaniswe nepasswd make [1]: Ishiya isikhombisi '/var/yp/swl.fan'
Songeza ukhetho lwe-NIS kwi-isc-dhcp-server
ingcambu @ inkosi: ~ # nano /etc/dhcp/dhcpd.conf
I-ddns-uhlaziyo-lwendlela yethutyana; uhlaziyo lwe-ddns kwi; ddns-igama lesizinda "swl.fan."; ddns-rev-domainname "in-addr.arpa."; ungaluhoyi uhlaziyo lwabaxhasi; uhlaziyo-ulungiso lobuxoki; isigunyaziso Ukudlulisa ukhetho kwi-ip; igama lesizinda-igama "swl.fan"; kubandakanya "/etc/dhcp/dhcp.key"; indawo swl.fan. {ephambili 127.0.0.1; Isitshixo se-dhcp-isitshixo; } Indawo ye-10.168.192.in-addr.arpa. {ephambili 127.0.0.1; Isitshixo se-dhcp-isitshixo; } ulwabelwano lwenethiwekhi ekwabelwana ngayo {subnet 192.168.10.0 netmask 255.255.255.0 {ukhetho lwee-192.168.10.1; ukhetho lwe-subnet-mask 255.255.255.0; ukhetho losasazo-idilesi 192.168.10.255; ukhetho lwegama ledomain-server-192.168.10.5; ukhetho lwe-netbios-name-server 192.168.10.5; ukhetho ntp-server 192.168.10.5; ukhetho-iiseva zexesha 192.168.10.5;
ukhetho nis-domain "swl.fan";
ukhetho nis-server 192.168.10.5;
Uluhlu 192.168.10.30 192.168.10.250; }}
ingcambu @ inkosi: ~ # dhcpd -t
ingcambu @ master: ~ # systemctl qala kwakhona isc-dhcp-server.service
Ukufakwa kwabaxhasi kwi-NIS
- Siqala kufakelo olucocekileyo -ngaphandle komzobo- we-Debian 8 "Jessie".
ingcambu @ imeyile: ~ # igama lenginginya -f
imeyile.swl.fan
ingcambu @ imeyile: ~ # ip addr
2: i-eth0: umntu 1500 qdisc pfifo_fast state UP iqela elingagqibekanga qlen 1000 ikhonkco / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
inet 192.168.10.9/24 brd 192.168.10.255 ububanzi behlabathi eth0
ingcambu @ imeyile: ~ # ukufaneleka ukufaka nis
ingcambu @ imeyile: ~ # nano /etc/yp.conf # # yp.conf Ifayile yoqwalaselo yenkqubo ye-ypbind. Ungachaza iiseva ze- # NIS ngesandla apha ukuba azinakufunyanwa ngokusasaza # kumnatha wasekhaya (ongagqibekanga). # # Bona iphepha lesikhokelo le-ypbind kwis syntax yale fayile. # # OKUBALULEKILEYO: Kwi "ypserver", sebenzisa iidilesi ze-IP, okanye uqiniseke ukuba # umgcini ungaphakathi / njl / kwimikhosi. Le fayile itolikwa kuphela kube kanye, kwaye ukuba i-DNS ayinakufikeleleka okwangoku i-ypserver ayinakho ukusombululwa kwaye i-ypbind ayinakuze ibophele kumncedisi. # ypserver ypserver.network.com ypserver master.swl.fan domain swl.fan
ingcambu @ imeyile: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Umzekelo woqwalaselo lwegama le-GNU Service Service switch. # Ukuba une-glibc-doc-reference 'kunye` info' package efakiweyo, zama: # `info info libc" Name Service Switch "'ngolwazi malunga nale fayile. I-passwd: iqela le-nis nis: i-compat nis shadow: i-compat nis gshadow: Iifayile ezilawulayo: iifayile ze-dns nis network: iifayile zeeprotokholi: iifayile zeefayile ze-db: iifayile ze-db iifayile: iifayile ze-rpc: iifayile ze-db netgroup: nis
ingcambu @ imeyile: ~ # nano /etc/pam.d/common-session
# pam-umbhali-uhlaziyo (8) ngeenkcukacha.
iseshoni ngokuzithandela pam_mkhomedir.so skel = / etc / skel umask = 077
# nazi iimodyuli zephakeji nganye (ibhloko "yePrayimari")
ingcambu @ imeyile: ~ # systemctl ubume nis
ingcambu @ imeyile: ~ # systemctl qala kwakhona nis
Siyayivala iseshoni kwaye siyiyiqale kwakhona kodwa ngomsebenzisi obhaliswe kwindawo yogcino lwedatha ye-NIS apha inkosi.swl.fan.
ingcambu @ imeyile: ~ # ukuphuma Ukuphuma kudityaniso lweposi kuvaliwe. buzz @ sysadmin: ~ $ ssh legolas @ imeyile legolas @ iphasiwedi ye-imeyile: Ukudala ulawulo '/ ikhaya / i-legolas'. Iinkqubo ezibandakanyiweyo nenkqubo ye-Debian GNU / Linux sisoftware yasimahla; Imigaqo yokuhanjiswa ngqo kwenkqubo nganye ichaziwe kwiifayile ezizezinye kwi / usr / share / doc / * / copyright. I-Debian GNU / Linux iza nayo NGOKUPHELELEYO KUNYE ISIQINISEKISO, ukuya kuthi ga kwinqanaba elivunyelwe ngumthetho osebenzayo. iilegolas @ imeyile: ~ $ pwd / ekhaya / iigolola iilegolas @ imeyile: ~ $
Sitshintsha iphasiwedi yomsebenzisi we-legolas kwaye sijonge
iilegolas @ imeyile: ~ $ yppasswd Ukutshintsha ulwazi lweakhawunti ye-NIS ye-legolas kwi-master.swl.fan. Nceda ufake igama eligqithisiweyo elidala: i-legolas Ukutshintsha iphasiwedi ye-NIS ye-legolas kwi-master.swl.fan. Nceda ngenisa igama lokugqithisa elitsha: umtoli Igama lokugqithisa kufuneka libe nobumba abakhulu nabancinci, okanye oonobumba. Nceda ufake ipaswedi entsha: Arquero2017 Nceda uphinde uthayiphe iphasiwedi entsha: Arquero2017 Iphasiwedi ye-NIS itshintshiwe kwi-master.swl.fan. iilegolas @ imeyile: ~ $ exit Ukuphuma kudityaniso lweposi kuvaliwe. buzz @ sysadmin: ~ $ ssh legolas @ imeyile i-legolas @ iphasiwedi ye-imeyile: Arquero2017 Iinkqubo ezibandakanyiweyo nenkqubo ye-Debian GNU / Linux sisoftware yasimahla; Imigaqo yokuhanjiswa ngqo kwenkqubo nganye ichaziwe kwiifayile ezizezinye kwi / usr / share / doc / * / copyright. I-Debian GNU / Linux iza nayo NGOKUPHELELEYO KUNYE ISIQINISEKISO, ukuya kuthi ga kwinqanaba elivunyelwe ngumthetho osebenzayo. Ukungena kokugqibela: Sat Meyi 27 12:51:50 2017 ukusuka sysadmin.swl.fan iilegolas @ imeyile: ~ $
Inkonzo ye-NIS iphunyezwe kumncedisi nakwinqanaba lomthengi lisebenza ngokuchanekileyo.
I-LDAP
Ukusuka kwiWikipedia:
- I-LDAP sisifinyezo seProtocol yokuFikelela kuLwazi oluKhaphukhaphu (kwiProtocol yokufikelela kuLwazi oluLula eSpain) ebhekisa kwiprotocol yenqanaba lesicelo evumela ukufikelela kwinkonzo yolawulo kunye nokuhanjiswa kwenkonzo ukukhangela ulwazi olwahlukeneyo kwindawo inethiwekhi. I-LDAP ikwajongwa njengesiseko sedatha (nangona inkqubo yokugcina inokwahluka) enokubuzwa.Isikhokelo siseti yezinto ezineempawu ezilungelelaniswe ngendlela enengqiqo kunye nokulandelelana. Owona mzekelo uqhelekileyo sisikhombisi sefowuni, esiqulathe uluhlu lwamagama (abantu okanye imibutho) ecwangciswe ngokwe-alfabhethi, igama ngalinye linedilesi kunye nenombolo yomnxeba eqhotyoshelwe kuyo. Ukuqonda ngcono, yincwadi okanye ifolda, ekubhalwe kuyo amagama abantu, iinombolo zomnxeba kunye needilesi, kwaye icwangciswe ngokwe-alfabhethi.
Umthi wesikhokelo we-LDAP ngamanye amaxesha ubonakalisa imida eyahlukeneyo yezopolitiko, yejografi, okanye yombutho, kuxhomekeke kwimodeli ekhethiweyo. Ukuhanjiswa kwangoku kwe-LDAP kuhlala kuthanda ukusebenzisa amagama eDomain Name System (DNS) amagama ukwenza amanqanaba aphezulu kolawulo. Njengoko uskrolela ezantsi isikhombisi, amangenelo anokuvela amele abantu, iiyunithi zombutho, abashicileli, amaxwebhu, amaqela abantu, okanye nantoni na emele ungeniso olunikiweyo emthini (okanye amangenelo amaninzi).
Ngokwesiqhelo, igcina ulwazi lokungqinisisa (igama lomsebenzisi kunye negama lokugqitha) kwaye isetyenziselwa ukungqinisisa, nangona kunokwenzeka ukugcina olunye ulwazi (iinkcukacha zonxibelelwano zomsebenzisi, indawo yezixhobo zonxibelelwano ezahlukeneyo, iimvume, izatifikethi, njl. Isishwankathelo, i-LDAP yinkqubo yokufikelela emanyeneyo kwiseti yolwazi kwinethiwekhi.
Inguqulelo yangoku yi-LDAPv3, kwaye ichaziwe kwi-RFCs RFC 2251 kunye ne-RFC 2256 (uxwebhu olusisiseko lwe-LDAP), i-RFC 2829 (indlela yokuqinisekisa ye-LDAP), i-RFC 2830 (ulwandiso lwe-TLS), kunye ne-RFC 3377 (imigaqo yobuchwephesha)
.
Ixesha elideUmgaqo-nkqubo we-LDAP-kunye noovimba bayo bayahambelana okanye hayi nge-OpenLDAP- yeyona isetyenzisiweyo kwiinkqubo ezininzi zokuqinisekisa namhlanje. Njengomzekelo wengxelo edlulileyo, sinika apha ngezantsi amanye amagama enkqubo -Free okanye yabucala- esebenzisa iziseko zedatha ze-LDAP njenge-backend yokugcina zonke izinto zazo:
- VulaLDAP
- Umncedisi weSikhombisi se-Apache
- Umncedisi weRed Hat Directory - 389 DS
- Iinkonzo zolawulo lweNoveli-eDirectory
- ILANGA Microsystem evulekileyo DS
- Umphathi woLwazi oluBomvu
- MahalaIPA
- Umlawuli weDomain Domain weSamba NT4.
Sifuna ukucacisa ukuba le nkqubo yayiluphuhliso lweQela leSamba kunye neSamba 3.xxx + OpenLDAP njenge backend. UMicrosoft akazange asebenzise nantoni na enje. Ukutsiba ukusuka kwi-NT 4 Domain Controllers ukuya kwii-Directory zabo eziSebenzayo - I-Samba 4 Isikhokelo esisebenzayo-uMlawuli weDomain
- I-ClearOS
- Amashumi amabini
- Iseva yecandelo le-UCS yokuSebenza
- Isikhokelo esisebenzayo seMicrosoft
Umiliselo ngalunye lunempawu zalo, kwaye olona mgangatho luhambelanayo kwaye luyahambelana VulaLDAP.
Ulawulo olusebenzayo, nokuba yeyokuqala iMicrosoft okanye iSamba 4, ngumanyano lwezinto eziphambili ezi:
- I-LDAP yesiqhelo ngabo bobabini iMicrosoft kunye neSamba.
- IMicrosoft Windows Domain o Indawo yewindows. Ngokusisiseko yiNethiwekhi kaMicrosoft.
- UMlawuli woMmandla weMicrosoft Umlawuli weDomain.
- I-Kerberos eyenziwe nguMicrosoft kunye neSamba.
Asifanelanga sibhidanise a Inkonzo yoLawulo o Inkonzo yoLawulo ene Active Directory o Isikhokelo esisebenzayo. Abangaphambili banakho okanye bangabinamkeli ubunyani beKerberos, kodwa abayiboneleli ngenkonzo yeNethiwekhi kaMicrosoft enikezelwa yiWindows Domain, kwaye abanaso isilawuli seWindows Domain.
Inkonzo kavimba weefayili okanye iNkonzo yeefayili ingasetyenziswa ukungqinisisa abasebenzisi kuthungelwano oluxubeneyo kunye ne-UNIX / Linux kunye nabaxhasi beWindows. Okokugqibela, inkqubo kufuneka ifakwe kumthengi ngamnye osebenza njengomlamli phakathi kweNkonzo yeKhowudi kunye nomxhasi weWindows uqobo, njengeSoftware yasimahla. iphepha.
Inkonzo yoLawulo kunye ne-OpenLDAP
- Siqala kufakelo olucocekileyo -ngaphandle komzobo- we-Debian 8 "Jessie", Igama lomatshini "inkosi" efanayo esetyenziselwa ufakelo lwe-NIS, kunye nokumiselwa konxibelelwano lwenethiwekhi kunye nefayile /etc/resolv.conf. Kule seva intsha sifaka i-ntp, bind9 kunye ne-isc-dhcp-server, ngaphandle kokulibala ukukhangelwa kwehlabathi kokusebenza ngokuchanekileyo kweenkonzo ezintathu zangaphambili.
ingcambu @ master: ~ # aptitude faka i-slapd ldap-utils Uqwalaselo lwephakheji ┌───────────────────┤ Uqwalaselo lweSlapd Ngenisa igama eligqithisiweyo lokungena lomlawuli kulawulo lwakho lwe-LDAP │ │. Password │ │ │ Iphasiwedi yomlawuli: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘
Sijonga ubumbeko lokuqala
ingcambu @ inkosi: ~ # slapcat dn: dc = swl, dc = fan objectClass: top objectClass: dcObject objectClass: Organisation o: swl.fan dc: swl structuralObjectClass: entry entryUUID: c8510708-da8e-1036-8fe1-71d022a16904 creatorsName: cn = admin, dc = swl, dc = fan entry entryTimestamp20170531205219: 20170531205219.833955 ukudalaTimestamp000000: 000 : 000000ZN20170531205219 ukungena Z # XNUMX # XNUMX # XNUMX iinguquleloName: cn = admin, dc = swl, dc = fan modifyTimestamp: XNUMXZ dn: cn = ulawulo, dc = swl, dc = fan objectClass: simpleSecurityObject objectClass: organizationalRole cn: Inkcazo admin: umlawuli LDAP userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e- da8fe1036e entrySw8d-da2fe71 entrySw022c16904e-da20170531205219fe20170531205219.834422e-000000 entrySw000e-da000000fe20170531205219e = entrySXNUMX entrySwXNUMXe-daXNUMXfeXNUMXeXNUMXpmTmlYOVhKSUXNUMX entrySXNUMXe-XNUMXe-entry = cXNUMXe XNUMX Z # XNUMX # XNUMX # XNUMX iinguquleloName: cn = admin, dc = swl, dc = fan modifyTimestamp: XNUMXZ
Siguqula ifayile /etc/ldap/ldap.conf
ingcambu @ inkosi: ~ # nano /etc/ldap/ldap.conf BASE dc = swl, dc = fan URI ldap: // indawo yangaphakathi
IiYunithi zoMbutho kunye neqela ngokubanzi «abasebenzisi»
Songeza ubuncinci beyunithi zoMbutho, kunye neqela lePosix «abasebenzisi» apho siza kuthi senze bonke abasebenzisi babe ngamalungu, silandela umzekelo weenkqubo ezininzi ezineqela «abasebenzisi«. Siyichaza ngegama elithi «abasebenzisi» ukuze bangangeni kwiingxabano ezinokubakho neqela «umsebenzisimsgstr "" "yenkqubo.
ingcambu @ inkosi: ~ # nano base.ldif dn: ou = abantu, dc = swl, dc = fan objectClass: organisationUnit ou: people dn: ou = groups, dc = swl, dc = fan objectClass: organisationUnit ou: amaqela dn: cn = abasebenzisi, ou = amaqela, dc = swl, dc = fan fanClass: posixGroup cn: abasebenzisi gidNumber: 10000 ingcambu @ master: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f base.ldif Ngenisa igama eligqithisiweyo le-LDAP: ukongeza ungeno olutsha "ou = abantu, dc = swl, dc = fan" ukongeza ungeno olutsha "ou = amaqela, dc = swl, dc = fan"
Sijonga amangeniso ongezelelweyo
ingcambu @ inkosi: ~ # ldapsearch -x ou = abantu # abantu, swl.fan dn: ou = abantu, dc = swl, dc = ifeni yento ingcambu @ inkosi: ~ # ldapsearch -x ou = amaqela # amaqela, swl.fan dn: ou = amaqela, dc = swl, dc = fan fanIqela: umbutho weyunithi ou: amaqela ingcambu @ inkosi: ~ # ldapsearch -x cn = abasebenzisi # abasebenzisi, amaqela, swl.fan dn: cn = abasebenzisi, ou = amaqela, dc = swl, dc = fan fanIqela: posixGroup cn: abasebenzisi gidInombolo: 10000
Songeza abasebenzisi abaninzi
Iphasiwedi ekufuneka siyivakalisile kwi-LDAP kufuneka ifumaneke ngomyalelo mzantsiweb, ebuyisela iphasiwedi efihliweyo ye-SSHA.
Iphasiwedi yomsebenzisi:
ingcambu @ inkosi: ~ # slappasswd
Iphasiwedi entsha: Faka kwakhona iphasiwedi entsha:
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
Iphasiwedi yomsebenzisi we-legolas
ingcambu @ inkosi: ~ # slappasswd
Iphasiwedi entsha: Faka kwakhona iphasiwedi entsha:
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
Iphasiwedi yomsebenzisi we-gandalf
ingcambu @ inkosi: ~ # slappasswd
Iphasiwedi entsha: Faka kwakhona iphasiwedi entsha:
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
ingcambu @ inkosi: ~ # nano users.ldif
dn: uid = strides, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides givenName: Strides sn: El Rey userPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
inombolo yo-uid: 10000 gidNombolo: i-imeyile eyi-10000: striders@swl.fan
gecos: Strider El Rey loginShell: / bin / bash homeDirectory: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cn: legolas givenName : I-Legolas sn: Umsebenzisi weArcherPassword: {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
inombolo yo-uid: 10001 gidNombolo: i-imeyile eyi-10000: legolas@swl.fan
gecos: Legolas Archer loginShell: / bin / bash homeDirectory: / home / legolas dn: uid = gandalf, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: gandalf cn: gandalf givenName: IGandalf sn: Umsebenzisi weWizard {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
inombolo yo-uid: 10002 gidNombolo: i-imeyile eyi-10000: gandalf@swl.fan
gecos: Gandalf Wizard loginShell: / bin / bash homeDirectory: / home / gandalf
ingcambu @ inkosi: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f users.ldif
Ngenisa igama eligqithisiweyo le-LDAP: ukongeza ungeniso olutsha "uid = strides, ou = people, dc = swl, dc = fan" ukongeza ungeno olutsha "uid = legolas, ou = people, dc = swl, dc = fan" ukongeza ungeno olutsha "uid = gandalf, ou = abantu, dc = swl, dc = fan "
Sijonga amangeniso ongezelelweyo
ingcambu @ inkosi: ~ # ldapsearch -x cn = amanyathelo ingcambu @ inkosi: ~ # ldapsearch -x uid = amanyathelo
Silawula isiseko sedatha esinezixhobo zekhonsoli
Sikhetha iphakheji Imibhalo engabhalwanga ukulungiselela umsebenzi onjalo. Inkqubo yofakelo nolungelelwaniso imi ngolu hlobo lulandelayo:
ingcambu @ master: ~ # ukufaneleka ukufaka i-ldapscript ingcambu @ inkosi: ~ # mv /etc/ldapscript/ldapscript.conf \ /etc/ldapscript/ldapscript.conf. yokuqala ingcambu @ inkosi: ~ # nano /etc/ldapscript/ldapscript.conf ISERVER = indawo yangaphakathi BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = amaqela' USUFFIX = 'ou = people' # MSUFFIX = 'ou = Iikhompyutha' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # OpenLDAP client command LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixPLATE "# . /ldapadduser.template "PASSWORDGEN =" echo% u "
Qaphela ukuba izikripthi zisebenzisa imiyalelo yephakheji ldap-izixhobo. Qhuba dpkg -L ldap-izixhobo | grep / bin ukwazi ukuba ziyintoni na.
ingcambu @ inkosi: ~ # sh -c "echo -n 'admin-password'> \ /etc/ldapscripts/ldapscript.passwd " ingcambu @ master: ~ # chmod 400 /etc/ldapscript/ldapscript.passwd ingcambu @ master: ~ # cp /usr/share/doc/ldapscript/examples/ldapadduser.template.sample \ /etc/ldapscript/ldapadduser.template ingcambu @ inkosi: ~ # nano /etc/ldapscript/ldapadduser.template dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: cn: amagama anikezwe lona: sn: igama elibonisiwe: inombolo: gidNumber: 10000 ekhaya Ukungena ngemvumeShell: imeyile: @ swl.fan iigeckos: inkcazelo: Akhawunti yomsebenzisi ingcambu @ inkosi: ~ # nano /etc/ldapscript/ldapscript.conf ## sisusa inkcazo UTEMPLATE = "/ njl / ldapscript / ldapadduser.template"
Yongeza umsebenzisi "bilbo" kwaye umenze ilungu leqela "labasebenzisi"
ingcambu @ inkosi: ~ # ldapadduser abasebenzisi beebilbo [dn: uid = bilbo, ou = abantu, dc = swl, dc = fan] Faka ixabiso le "givenName": Bilbo [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Faka ixabiso " sn ": Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Faka ixabiso" displayName ": Bilbo Bagins Wongeze ngempumelelo umsebenzisi bilbo kwi-LDAP Usete ngempumelelo iphasiwedi yomsebenzisi bilbo ingcambu @ inkosi: ~ # ldapsearch -x uid = bilbo # bilbo, people, swl.fan dn: uid = bilbo, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins bonisaName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / home / bilbo loginShell: / bin / bash mail: bilbo@swl.fan I-gecos: inkcazo yebilbo: Iakhawunti Yomsebenzisi
Ukubona i-hash yegama eligqithisiweyo lomsebenzisi we-bilbo, kuyimfuneko ukwenza umbuzo ngokungqinisisa:
ingcambu @ inkosi: ~ # ldapsearch -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo
Ukucima umsebenzisi we-bilbo esiwenzileyo:
ingcambu @ inkosi: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo, ou = abantu, dc = swl, dc = fan Ngenisa igama lokugqithisa le-LDAP: ingcambu @ inkosi: ~ # ldapsearch -x uid = bilbo
Silawula i-slapd database ngokusebenzisa i-web interface
SineNkonzo yeKhombisi esebenzayo, kwaye sifuna ukuyilawula ngokulula. Zininzi iinkqubo ezenzelwe lo msebenzi, njenge phldapadmin, ldap-akhawunti-umphathi, njl, ezifumaneka ngokuthe ngqo koovimba. Sinokuphinda silawule iNkonzo yoLwazi ngefayile Isitudiyo seApache, ekufuneka siyikhuphele kwi-Intanethi.
Ngolwazi oluthe kratya, nceda undwendwele https://blog.desdelinux.net/ldap-introduccion/, kunye namanqaku ama-6 alandelayo.
Umxhasi we-LDAP
Inqanaba:
Yithi sineqela imeyile.swl.fan njengeseva yemeyile ephunyeziweyo njengoko sibonile kwinqaku Postfix + Dovecot + squirrelmail kunye nabasebenzisi bendawo, ethi nangona iphuhlisiwe kwi-CentOS, inokusebenza njengesikhokelo se-Debian kunye nezinye i-Linux distros. Sifuna ukuba, ukongeza kubasebenzisi bendawo esele sibabhengeza, abasebenzisi abagcinwe kwindawo yogcino lwe-OpenLDAP esele ikhona inkosi.swl.fan. Ukufezekisa oku kungasentla kufuneka «imephu ngaphandle»Kubasebenzisi be-LDAP njengabasebenzisi bengingqi kwiserver imeyile.swl.fan. Esi sisombululo sikwasebenza kuyo nayiphi na inkonzo esekwe ekuqinisekisweni kwePAM. Inkqubo ngokubanzi Debian, oku kulandelayo:
ingcambu @ imeyile: ~ # aptitude fakela libnss-ldap libpam-ldap ldap-utils
Uqwalaselo lwefayile ye I-libnss-ldap Ngenisa i-URI ("Isichongi sezixhobo ezingafaniyo", okanye │ │ Isazisi seSixhobo esingafaniyo) somncedisi we-LDAP. Lo mtya uyafana no │ │ «ldap: //: / ». Unako kwakhona │ │ ukusebenzisa «ldaps: // » okanye "ldapi: //". Inombolo yezibuko ayinakukhetha. Is │ │ │ Kuyacetyiswa ukuba kusetyenziswe idilesi ye-IP ukuthintela ukusilela xa iinkonzo zegama lesizinda │ │ zingafumaneki. Server │ │ │ Iseva ye-LDAP ye-URI: │ │ │ │ ldap: //master.swl.fan__________________________________________________ │ │ │ │ │ └────────────────────────────────────────────── ───────────────────────────┘ ┌───────────────────── Uqwalaselo lwefayile ye I-libnss-ldap Ngenisa igama elahlukileyo (DN) lesiseko sokukhangela se-LDAP. Iindawo ezininzi zisebenzisa izinto zegama lommandla ukulungiselela le njongo │. Umzekelo, idomeyini "example.net" ingasebenzisa │ │ "dc = umzekelo, dc = net" njengegama elibalulekileyo lesiseko sokukhangela. Igama elahlukileyo (DN) lesiseko sokukhangela: │ │ │ │ dc = swl, dc = fan ____________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ┌─────────────────── Uqwalaselo lwefayile ye I-libnss-ldap Ngenisa ingxelo yenkqubo ye-LDAP ekufuneka i-ldapns isebenzise. Kuyacetyiswa ukuba kusetyenziswe elona nani liphezulu lifumanekayo. Version │ │ │ Inguqulelo ye-LDAP oza kuyisebenzisa: │ │ │ │ 3 │ │ 2 │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Uqwalaselo lwefayile ye I-libnss-ldap │ │ Khetha ukuba yeyiphi iakhawunti eza kusetyenziswa kwimibuzo ye-nss nge │ │ amalungelo awodwa engcambu. │ │ │ │ Qaphela: Ukuze olu khetho lusebenze, iakhawunti idinga iimvume │ │ zokubanakho ukufikelela kwiimpawu ze-LDAP ezinxulunyaniswa nomsebenzisi shadow │ "isithunzi" ungeniso kunye negama lokugqitha labasebenzisi kunye namaqela │ │ . Account │ │ │ I-akhawunti ye-LDAP yengcambu: │ │ │ │ cn = admin, dc = swl, dc = fan __________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Uqwalaselo lwefayile ye I-libnss-ldap Faka igama eligqithisiweyo elizakusetyenziswa xa libnss-ldap izama │ │ ukungqinisisa kulawulo lwe-LDAP nge-akhawunti ye-LDAP yengcambu. │ │ │ │ Igama lokugqithisa liya kugcinwa kwifayile eyahlukileyo │ │ ("/etc/libnss-ldap.secret") enokufikelela kwiingcambu kuphela. You │ │ │ Ukuba ufaka igama lokugqitha elingenanto, igama lokugqithisa elidala liya kusetyenziswa kwakhona. │ │ │ │ Iphasiwedi yengcambu ye-akhawunti ye-LDAP: │ │ │ │ ******** ________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── Uqwalaselo lwefayile ye I-libnss-ldap S │ │ │ nsswitch.conf ayilawulwa ngokuzenzekelayo │ │ │ │ Kuya kufuneka uguqule ifayile yakho "/etc/nsswitch.conf "ukusebenzisa isixhobo sedatha se-LDAP ukuba ufuna ipakethe ye-libnss-ldap isebenze. │ Ungasebenzisa umzekelo wefayile │ │ kwi "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" njengomzekelo wobumbeko lwe-nsswitch okanye │ │ ungawukopa ngaphezulu koqwalaselo lwangoku. │ │ │ │ Qaphela ukuba ngaphambi kokuba ususe le phakheji kunokuba lula ukuba │ │ ususe "ldap" amangeniso kwifayile nsswitch.conf ukuze iinkonzo ezisisiseko │ │ ziqhubeke nokusebenza. │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Uqwalaselo lwefayile ye I-libpam-ldap Option │ │ │ Olu khetho luvumela izixhobo zegama eligqithisiweyo kusetyenziswa i-PAM ukutshintsha ipassword yendawo. │ │ for │ Iphasiwedi ye-akhawunti yomlawuli we-LDAP iya kugcinwa kwifayile eyahlukileyo │ │ enokufundwa kuphela ngumlawuli. Option │ │ │ Olu khetho kufuneka lukhubazeke, ukuba ukunyusa "/ njl." Nge NFS. Ufuna ukuyivumela le nto? │ allow L ator you │ │ you │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Uqwalaselo lwefayile ye I-libpam-ldap │ │ │ │ whether server whether server whether forces whether whether whether whether whether whether whether. Olu seto alufane lubekho mfuneko. Required │ │ │ Ngaba umsebenzisi uyafuneka ukufikelela kwiziko ledatha le-LDAP? │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ┌─────────────────── Uqwalaselo lwefayile ye I-libpam-ldap Faka igama le akhawunti yomlawuli ye LDAP. │ │ │ │ Le akhawunti izakusetyenziselwa ulawulo lweenkcukacha ngokuzenzekelayo, ewe, kufuneka ibe namalungelo olawulo afanelekileyo. Iakhawunti yomlawuli we-LDAP: │ │ │ │ cn = admin, dc = swl, dc = fan __________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── Uqwalaselo lwefayile ye I-libpam-ldap Ngenisa igama lokugqitha kwiakhawunti yomlawuli. │ │ │ │ Iphasiwedi iya kugcinwa kwifayile "/etc/pam_ldap.secret". Umlawuli │ │ iya kuba kuphela kwakhe onokufunda le fayile, kwaye uya kuvumela │ │ libpam-ldap ukulawula ngokuzenzekelayo ulawulo lonxibelelwano kwindawo yedatha ye │ │. You │ │ │ Ukuba ushiya lo mhlaba ungenanto, igama eligqithisiweyo elidlulileyo liza kusetyenziswa kwakhona. Password │ │ │ Iphasiwedi yomlawuli we-LDAP: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘
ingcambu @ imeyile: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Umzekelo woqwalaselo lwegama le-GNU Service Service switch. # Ukuba une-glibc-doc-reference 'kunye` info' package efakiweyo, zama: # `info info libc" Name Service Switch "'ngolwazi malunga nale fayile. passwd: ikhom ldap
iqela: i-compat ldap
isithunzi: ikhom ldap
gshadow: Iifayile ezinginginya: iifayile ze-dns iinethiwekhi: iinkqubo zeefayile: iinkonzo zeefayile ze-db: iifayile ze-db iifayile: iifayile ze-db rpc: iifayile ze-db
Masihlele ifayile /etc/pam.d/gama eliqhelekileyo-, siya kumgca wama-26 kwaye silisuse ixabiso «sebenzisa_uthytoktok":
ingcambu @ imeyile: ~ # nano /etc/pam.d/common-password & # # isetyenziselwa ukutshintsha iphasiwedi. Ukungagqibeki ngu pam_unix. # Inkcazo yeenketho ze-pam_unix: # # Ukhetho lwe "sha512" lwenza i-SHA512 passwords enetyiwa. Ngaphandle kolu khetho, # okungagqibekanga yi-Unix crypt. Ngaphambi kokukhutshwa kusetyenziswa ukhetho "md5". # # Ukhetho "olungacacanga" luthatha indawo endala ye-OBSCURE_CHECKS_ENAB 'kwi # login.defs. # # Bona iphepha le-pam_unix lolunye ukhetho. # Ngokwe-pam 1.0.1-6, le fayile ilawulwa ngu-pam-auth-uhlaziyo olungagqibekanga. # Ukuthatha ithuba koku, kuyacetyiswa ukuba uqwalasele naziphi na iimodyuli # zalapha ekhaya ngaphambi okanye emva kwebhloko emiselweyo, kwaye usebenzise # pam-auth-uhlaziyo ukulawula ukhetho kwezinye iimodyuli. Bona # pam-umbhali-uhlaziyo (8) ngeenkcukacha. # nazi iimodyuli zephakeji nganye (igama "eliphambili" ibhloko) [impumelelo = 2 emiselweyo = ngoyaba] pam_unix.so ifihlwe sha512 igama lokugqitha [impumelelo = 1 umsebenzisi_unknown = ukungahoyi okungagqibekanga = kufa] pam_ldap.so zama_first_pass # Nantsi into ebuyela umva ukuba akukho modyuli iphumelela ngokufuna igama elifunwayo pam_deny.so # prime isitaki ngexabiso lokubuyisa elihle ukuba akukho nanye; # oku kuthintela ukuba sibuyisele impazamo kuba akukho nto icwangcisa ikhowudi yempumelelo # kuba iimodyuli ezilapha ngasentla ziya kuthi zivele zityhutyhe igama elifunwayo pam_permit.so # kwaye nazi iimodyuli zephakeji nganye (ibhloko "eyongezelelweyo") Uhlaziyo lwe-auth
Kwimeko apho sifuna ukungena kweNgingqi kwabasebenzisi abagcinwe kwi-LDAP, kwaye sifuna ukuba iifolda zabo zenziwe ngokuzenzekelayo ikhaya, kufuneka sihlele ifayile /etc/pam.d/indlela eqhelekileyo kwaye ungeze lo mgca ulandelayo esiphelweni sefayile:
iseshoni ngokuzithandela pam_mkhomedir.so skel = / etc / skel umask = 077
Kumzekelo wenkonzo ye-OpenLDAP ye-Directory ephuhliswe ngaphambili, ekuphela komsebenzisi wasekhaya owenziweyo yayingumsebenzisi buzzNgelixa kwi-LDAP senza abasebenzisi amanyathelo, imilo, gandalf, kwaye ibilbo. Ukuba ubumbeko olwenziwe ukuza kuthi ga ngoku luchanekile, kuya kufuneka sikwazi ukudwelisa abasebenzisi basekhaya kunye nabo banemephu njengeyasekhaya kodwa igcinwe kwiseva ekude ye-LDAP:
ingcambu @ imeyile: ~ # getent passwd buzz: x: 1001: 1001: I-Buzz Debian yokuqala ye-OS ,,,: / ikhaya / i-buzz: / bin / bash Imizila: x: 10000: 10000: Imigca El Rey: / ikhaya / amanyathelo: / bin / bash iilegolas: x: 10001: 10000: iLegolas Archer: / ikhaya / iigololas: / bin / bash gandalf: x: 10002: 10000: Gandalf Umlingo: / ikhaya / gandalf: / bin / bash bilbo: x: 10003: 10000: bilbo: / home / bilbo: / bin / bash
Emva kotshintsho kwinkqubo yokungqinisisa, kuyasebenza ukuqala kwakhona iserver ukuba asinayo inkonzo ebalulekileyo:
ingcambu @ imeyile: ~ # qala kwakhona
Emva kwexesha siqala iseshoni yendawo kwiserver imeyile.swl.fan ngeenkcukacha zomsebenzisi ezigcinwe kwiziko ledatha le-LDAP inkosi.swl.fan. Sinokuzama nokungena ngeSSH.
buzz @ sysadmin: ~ $ ssh gandalf @ imeyile gandalf @ igama lokugqitha lemeyile: Ukwenza isikhombisi '/ ikhaya / gandalf'. Iinkqubo ezibandakanyiweyo nenkqubo ye-Debian GNU / Linux sisoftware yasimahla; Imigaqo yokuhanjiswa ngqo kwenkqubo nganye ichaziwe kwiifayile ezizezinye kwi / usr / share / doc / * / copyright. I-Debian GNU / Linux iza nayo NGOKUPHELELEYO KUNYE ISIQINISEKISO, ukuya kuthi ga kwinqanaba elivunyelwe ngumthetho osebenzayo. gandalf @ imeyile: ~ $ su Iphasiwedi: ingcambu @ imeyile: / ekhaya / gandalf # iqela lokungena buzz: x: 1001: abasebenzisi: *: 10000: ingcambu @ imeyile: / ekhaya / gandalf # ukuphuma Phuma gandalf @ imeyile: ~ $ ls -l / home / Iyonke i-8 drwxr-xr-x 2 buzz buzz 4096 Juni 17 12:25 buzz drwx ------ 2 abasebenzisi be-gandalf 4096 Jun 17 13:05 gandalf
Inkonzo yeZikhokelo eziphunyezwe kwinqanaba lomncedisi kunye nomxhasi, isebenza ngokuchanekileyo.
IKerberos
Ukusuka kwiWikipedia:
- I-Kerberos yinkqubo yokuqinisekisa uthungelwano lwekhompyuter eyenziweyo mit evumela iikhompyuter ezimbini kuthungelwano olungakhuselekanga ukuba zikhusele ngokuqinisekileyo ezinye zazo. Abaqulunqi bayo baqale bagxila kwimodeli yomthengi-weseva, kwaye inika ubungqina bobabini: bobabini abaxhasi kunye neseva baqinisekisa ubungqina bokuba bobabini. Imiyalezo yokuqinisekisa ikhuselwe ukukhusela ukumamela y phinda uhlasele.
I-Kerberos isekwe kwi-symmetric key cryptography kwaye ifuna umntu wesithathu othenjiweyo. Ukongeza, kukho ulwandiso kwiprothokholi ukuze ukwazi ukusebenzisa i-asymmetric key cryptography.
I-Kerberos isekwe kwi Inkqubo ye-Needham-Schroeder. Isebenzisa iqela lesithathu elithembakeleyo, elibizwa ngokuba "liZiko eliPhambili loSasazo" (KDC), enamacandelo amabini ahlukileyo: "Isiqinisekiso soQinisekiso" (AS okanye isiQinisekiso soQinisekiso) kunye "neseva ekhupha itikiti" (TGS okanye iTikiti yokuNikezela ngeTikiti ). I-Kerberos isebenza kwisiseko se "matikiti", asebenza ukubonisa ubungqina babasebenzisi.
I-Kerberos igcina isiseko sezitshixo zemfihlo; Icandelo ngalinye kwinethiwekhi-nokuba ngumthengi okanye umncedisi-labelana ngesitshixo semfihlo esaziwa sodwa kunye neKerberos. Ulwazi lweli qhosha lisebenza ukubonisa ubungqina besebe. Unxibelelwano phakathi kwamacandelo amabini, iKerberos ivelisa iseshoni yeseshoni, abanokuyisebenzisa ukukhusela iingxaki zabo.
Ukungancedi kweKerberos
De Ikhulile:
Nangona kunjalo IKerberos isusa isoyikiso esiqhelekileyo sokhuseleko, kunokuba nzima ukuphumeza ngenxa yezizathu ezahlukeneyo:
- Ukufuduka kwamagama okugqitha omsebenzisi asuka kwiziko ledatha elisemgangathweni UNIX, ezinje nge / etc / passwd okanye / etc / shadow, kwiziko ledatha leKerberos, kunokuba nzima kwaye akukho ndlela ikhawulezayo yokwenza lo msebenzi.
- I-Kerberos ithatha ukuba umsebenzisi ngamnye uthembekile, kodwa usebenzisa umatshini ongathembekanga kwinethiwekhi engathembekanga. Eyona njongo yayo iphambili kukuthintela amagama angabhalwanga ngokufihlakeleyo ukuba angathunyelwa kwinethiwekhi. Nangona kunjalo, ukuba nawuphi na omnye umsebenzisi, ngaphandle komsebenzisi ofanelekileyo, unokufikelela kumatshini wokwenza itikiti (KDC) yokuqinisekisa, iKerberos iya kuba semngciphekweni.
- Ukuze isicelo sisebenzise iKerberos, ikhowudi kufuneka iguqulwe ukwenza iifowuni ezifanelekileyo kwiilayibrari zeKerberos. Izicelo eziguqulweyo ngale ndlela zithathwa njengesiqhelo. Olunye usetyenziso, oku kunokuba ngumzamo ogqithileyo wenkqubo, ngenxa yesayizi yesicelo okanye uyilo lwayo. Olunye usetyenziso olungahambelaniyo, utshintsho kufuneka lwenziwe kwindlela iseva yenethiwekhi kunye nabaxhasi bayo abanxibelelana ngayo; kwakhona, oku kungathatha inkqubo encinci. Ngokubanzi, izicelo zomthombo ezivaliweyo ezingayixhasi iKerberos zihlala ziyingxaki enkulu.
- Okokugqibela, ukuba uthatha isigqibo sokusebenzisa iKerberos kwinethiwekhi yakho, kuya kufuneka uqaphele ukuba kuko konke okanye akukho nto ikhethiweyo. Ukuba uthatha isigqibo sokusebenzisa iKerberos kwinethiwekhi yakho, kuya kufuneka ukhumbule ukuba, ukuba kukho na amagama agqithisiweyo agqithisiweyo kwinkonzo engasebenzisi Kerberos ukungqinisisa, ubeka umngcipheko wokuba ipakethi ingabhaqwa. Ke, inethiwekhi yakho ayizukufumana sibonelelo ngokusebenzisa Kerberos. Ukukhusela inethiwekhi yakho ngeKerberos, kuya kufuneka usebenzise kuphela iinguqulelo zekerberized zazo zonke izicelo zabaxhasi / zeseva ezithumela iipassword ezingabhalwanga okanye ezingasebenzisi naluphi na usetyenziso kwinethiwekhi.
Ukuphumeza ngesandla kunye nokumisela i-OpenLDAP njenge-Kerberos Back-End ayisiyonto ilula. Nangona kunjalo, kamva siza kubona ukuba i-Samba 4 Directory Directory-Domain Controller idityaniswa ngendlela ebonakalayo yeSysadmin, iseva ye-DNS, iMicrosoft Network kunye ne-Domain Controller yayo, iseva ye-LDAP njenge-Back-End phantse zonke izinto zayo, kunye Inkonzo yokuqinisekisa esekwe eKerberos njengezona zinto zisisiseko kulawulo olusebenzayo lweMicrosoft.
Ukuza kuthi ga ngoku besingekabinaso isidingo sokuphumeza "i-Kerberized Network". Kungenxa yoko le nto singakhange sibhale ngendlela yokusebenzisa iKerberos.
I-Samba 4 Isikhokelo esisebenzayo-uMlawuli weDomain
Kubalulekile:
Akukho maxwebhu angcono kunesiza wiki.samba.org. ISysadmin ixabisa ityuwa yayo kufuneka ityelele loo ndawo-ngesiNgesi- kwaye ukhangele inani elikhulu lamaphepha azinikele ngokupheleleyo kwiSamba 4, ebhalwe liQela Samba uqobo. Andikholelwa ukuba kukho amaxwebhu afumanekayo kwi-Intanethi ayitshintshe. Ngendlela, jonga inani lotyelelo oluboniswe emazantsi ephepha ngalinye. Umzekelo woku kukuba iphepha lakho eliphambili okanye «Iphepha eliphambili» la tyelelwa 276,183 Amaxesha ukuza kuthi ga namhlanje nge-20 kaJuni, ngo-2017: 10 ekuseni ngeXesha eliMiselweyo laseMpuma. Ukongeza, amaxwebhu agcinwa esexesheni kakhulu, njengoko iphepha lalilungisiwe ngoJuni 10.
Ukusuka kwiWikipedia:
I-Samba kukuphunyezwa simahla kweProtocol yokwabelana ngeFayile yeWindows (eyayibizwa ngokuba yi-SMB, esandula ukubizwa ngokuba yi-CIFS) yeenkqubo ezifana ne-UNIX. Ngale ndlela, kunokwenzeka ukuba iikhompyuter ezine-GNU / Linux, iMac OS X okanye iUnix ngokubanzi zijongeka njengeeseva okanye zisebenze njengabaxhasi kwinethiwekhi yeWindows. I-Samba ikwavumela abasebenzisi ukuba baqinisekise njengoMlawuli weDomain wasePrayimari (i-PDC), njengelungu lesizinda kwaye nanjengeDomain yeDomain esisebenzayo yenethiwekhi esekwe kwiWindows; Ngaphandle kokukwazi ukuhambisa imigca yokuprinta, imikhombandlela ekwabelwana ngayo kunye nokuqinisekisa kwindawo yogcino lomsebenzisi.
Phakathi kweenkqubo ezifana ne-Unix apho i-Samba inokuqhutywa khona kunikezelo lwe-GNU / Linux, iSolaris kunye nezahluka-hlukeneyo ze-BSD phakathi ukuba sinokufumana i-Apple's Mac OS X Server.
I-Samba 4 AD-DC ene-DNS yangaphakathi
- Siqala kufakelo olucocekileyo -ngaphandle komzobo- we-Debian 8 "Jessie".
Ukujonga kuqala
ingcambu @ inkosi: ~ # igama lenginginya
inkosi
ingcambu @ inkosi: ~ # igama lomncedisi -fqdn
inkosi.swl.fan
ingcambu @ inkosi: ~ # ip addr
1: yintoni: umntu 65536 qdisc noqueue state UNKNOWN group default default / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 :: 1/128 umda wokubamba esebenzayo_lft ngonaphakade ukhetha_lft ngonaphakade 2: eth0: umntu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link / ether 00: 0c: 29: 80: 3b: 3f brd ff: ff: ff: ff: ff: ff
inet 192.168.10.5/24 brd 192.168.10.255 ububanzi behlabathi eth0
I-valid_lft ehlala ikhethwa_lft ngonaphakade inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 scope link valid_lft forever preferred_lft forever
ingcambu @ inkosi: ~ # ikati /etc/resolv.conf
khangela swl.fan nameserver 127.0.0.1
- Esibhengeza ngalo isebe eyona kuphela, ngaphezulu ukwanele kwiinjongo zethu.
ingcambu @ inkosi: ~ # ikati /etc/apt/source.list udoti http://192.168.10.1/repos/jessie-8.6/debian/ jessie eyona udoti http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / uhlaziyo eyona
Iposi yeposi ngu-Exim kunye nezixhobo
ingcambu @ master: ~ # ukufaneleka ukufaka i-postfix htop mc deborphan Uqwalaselo lwePostfix ├───────────────────── │ │ Khetha uhlobo loseto lweposi olulungele iimfuno zakho ze │ │. Configuration │ │ │ Akukho luqwalaselo: │ │ Igcina ubumbeko lwangoku luhleli. │ site Indawo ye-Intanethi: │ is Imeyile ithunyelwa ize ifunyenwe ngokuthe ngqo kusetyenziswa i-SMTP. │ │ Intanethi nge «smarthost»: │ │ Imeyile ifunyanwa ngqo kusetyenziswa i-SMTP okanye ngokusebenzisa isixhobo se-como like esinjenge «fetchmail». Imeyile ephumayo ithunyelwa kusetyenziswa │ │ a "smarthost". Mail │ Iposi yasekhaya kuphela: │ │ Ekuphela kweposi ethunyelweyo yeyabasebenzisi bengingqi. Hayi │, kukho uthungelwano. │ │ │ │ Uhlobo oluqhelekileyo loqwalaselo lweposi: │ │ │ │ Akukho luqwalaselo site │ Indawo ye-Intanethi │ │ I-Intanethi ene "smarthost" │ │ Inkqubo yesethelayithi │ │ Imeyile yalapha kuphela │ │ │ │ │ │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── Uqwalaselo ─────┤ lwePostfix │ │ "Igama lenkqubo yeposi" ligama ledomeyini leyo │ │ isetyenziselwa "ukufaneleka" _ALL_ iidilesi ze-imeyile ngaphandle kwegama lesizinda. Oku kubandakanya iposi eya "nokususa" ingcambu: nceda ungenzi │ │ umatshini wakho athumele ii-imeyile ukusuka ingcambu@example.org ukuya ku │ │ ngaphantsi kwe ingcambu@example.org wabuza. Programs │ │ │ Ezinye iinkqubo ziya kusebenzisa eli gama. Kufuneka ibe ligama elikhethekileyo lesiqhelo domain │ lesizinda (FQDN). │ │ │ │ Ke ngoko, ukuba idilesi yemeyile kumatshini wasekhaya ngu │ │ something@example.org, ixabiso elichanekileyo lolu khetho luya kuba example.org. System │ │ │ Igama lenkqubo yeposi: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘
Siyacoca
ingcambu @ inkosi: ~ # aptitude purge ~ c ingcambu @ inkosi: ~ # ubuchule bokufaka -f ingcambu @ inkosi: ~ # ukufaneleka kucocekile ingcambu @ master: ~ # aptitude autoclean
Sifaka iimfuno zokuqokelela iSamba 4 kunye ezinye iipakeji eziyimfuneko
ingcambu @ inkosi: ~ # aptitude faka i-acl attr autoconf bison \
Yakha i-dxutils yedisutils ebalulekileyo-i-xml docbook-xsl flex gdb
krb5-umsebenzisi libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
I-libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl\
libpopt-dev libreadline-dev perl perl-iimodyuli pkg-config \
Ndingayisebenzisa njani ipython-yonke kwi-python?
xsltproc zlib1g-dev libgpgme11-dev python-gpgme python-m2crypto
Iibhayibhile28-dbg gnutls-dev I-ldap-utils krb5-config
Ukuseta ubunyani beKerberos ├───────────────┐ │ Xa abasebenzisi bezama ukusebenzisa iKerberos kwaye bakhankanye igama │ │ Inqununu okanye umsebenzisi ngaphandle kokucacisa ukuba yeyiphi indawo yolawulo lweKerberos inqununu │ │ yeyakhe, le nkqubo ithatha indawo emiselweyo │ │. Indawo engagungqiyo inokusetyenziswa njengendawo │ │ yenkonzo yeKerberos eqhuba kumatshini wasekhaya. Ngokwesiqhelo, ummandla ongagqibekanga ligama eliphezulu loonobumba be-DNS │ │. │ │ │ │ I-Kerberos inguqulelo yesi-5 yommandla ongagqibekanga: │ │ │ │ SWL.FAN __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── Qwalasela ukungqinisisa iKerberos Faka amagama eeseva zeKerberos kwi-SWL. Indawo yeFAN ye-│ │ Kerberos, eyahlulwe ngezithuba. │ │ │ │ Iiseva zekerberos zombuso wakho: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── Qwalasela ukungqinisisa iKerberos │ Faka igama lolawulo lomncedisi (utshintsho lwegama eligqithisiweyo) │ │ yommandla weKerberos SWL.
Le nkqubo ingentla ithathe ixesha elincinci kuba asinayo nayiphi na inkonzo ye-DNS efakiweyo okwangoku. Nangona kunjalo, ukhethe i-domain ngokuchanekileyo ngocwangciso lwefayile / njl / imikhosi. Khumbula ukuba kwifayile /etc/resolv.conf Sibhengeze njengedomeyini enegama lomncedisi kwi-IP 127.0.0.1.
Ngoku siqwalasela ifayile / etc / ldap / ldap / conf
ingcambu @ inkosi: ~ # nano /etc/ldap/ldap.conf
BASE dc = swl, dc = fan URI ldap: //master.swl.fan
Kwimibuzo usebenzisa umyalelo ukuhla ezenziwe kumsebenzisi wengcambu zilolu hlobo Ukuqhekeka -x -W cn = xxxx, kufuneka senze ifayile / ingcambu / ngalo mxholo ulandelayo:
ingcambu @ inkosi: ~ # nano .ldaprc I-BINDDN CN = Umlawuli, CN = Abasebenzisi, DC = swl, DC = fan
Inkqubo yefayile kufuneka ixhase i-ACL-uLuhlu loLawulo lokuFikelela
ingcambu @ inkosi: ~ # nano / njl / fstab # / etc / fstab: ulwazi lwefayile emileyo. # # Sebenzisa 'blkid' ukuprinta isazisi esikhetheke ngokubanzi kwisixhobo #; oku kunokusetyenziswa kunye neUUID = njengendlela eyomeleleyo yokubiza izixhobo # ezisebenzayo nokuba zongezwa kwaye zisuswe iidiski. Jonga fstab (5). # # # / yayiku / dev / sda1 ngexesha lofakelo UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 umsebenzisi_xattr, i-acl, isithintelo = 1, ixesha lasemini, iimpazamo = ukubuyisela kwakhona i-0 1 # Ukutshintsha bekukho / dev / sda5 ngexesha lofakelo UUID = cb73228a-615d-4804-9877-3ec225e3ae32 akukho tshintshi sw 0 0 / dev / sr0 / media / cdrom0 udf, iso9660 user, noauto 0 0 ingcambu @ inkosi: ~ # intaba -a ingcambu @ inkosi: ~ # ukuchukumisa uvavanyo_acl.txt (Imeyile ikhuselwe): ~ # setfattr -n umsebenzisi.test -v vavanya uvavanyo_acl.txt ingcambu @ master: ~ # setfattr -n security.test -v test2 test_acl.txt ingcambu @ inkosi: ~ # getfattr -d vavanyo_acl.txt # ifayile: ukuvavanya_acl.txt user.test = "vavanyo" ingcambu @ master: ~ # getfattr -n security.test -d test_acl.txt # ifayile: ukuvavanya_acl.txt security.test = "test2" ingcambu @ inkosi: ~ # setfacl -mg: adm: rwx yokuvavanya_acl.txt ingcambu @ inkosi: ~ # getfacl yovavanyo_acl.txt # ifayile: ukuvavanya_acl.txt # umnini: ingcambu # iqela: ingcambu yomsebenzisi :: rw- iqela :: r - iqela: adm: rwx mask :: rwx enye :: r--
Sifumana umthombo weSamba 4, siwuqokelele, kwaye siwufake
Kuyacetyiswa kakhulu ukuba ukhuphele ifayile yomthombo yenguqulo Uzinzile ukusuka kwindawo https://www.samba.org/. Kumzekelo wethu sikhuphela ingxelo isamba-4.5.1.tar.gz ngokubhekisele kwifolda / opt.
ingcambu @ inkosi: ~ # cd / opt
ingcambu @ master: / opt # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
ingcambu @ master: / opt # tar xvfz samba-4.5.1.tar.gz
ingcambu @ master: / opt # cd samba-4.5.1 /
Izinketho zoqwalaselo
Ukuba sifuna ukwenza ngokwezifiso iinketho zoqwalaselo, senza:
ingcambu @ master: /opt/samba-4.5.1# ./configure -help
kwaye ngononophelo olukhulu khetha ezo sizifunayo. Kuyacetyiswa ukuba ujonge ukuba ngaba iphakheji ekhutshelweyo ingafakwa kulwabiwo lwe-Linux esisebenzisayo, kuthi kuthi yi-Debian 8.6 Jessie:
ingcambu @ master: /opt/samba-4.5.1# ./configure Yenzani
Silungiselela, siQokelela kwaye sifaka i-samba-4.5.1
- Ukusuka kwiimfuno ezazifakwe ngaphambili kunye neefayile ezingama-8604 (ezenza i-compact samba-4.5.1.tar.gz) enobunzima obumalunga ne-101.7 megabytes- kubandakanya i-source3 kunye ne-source4 iifolda ezinobunzima obumalunga ne-61.1 megabytes- sizakufumana indawo Uhlobo lweMicrosoft Directory esisebenzayo, somgangatho kunye nozinzo olungaphezu kolwamkelekileyo kuyo nayiphi na imeko yemveliso. Kuya kufuneka sigqamise umsebenzi weQela Samba ekuhambiseni iSamba yeSoftware yasimahla 4.
Imiyalelo engezantsi yeyakudala yokuqulunqa kunye nokufaka iiphakeji kwimithombo yabo. Kuya kufuneka sinyamezele ngelixa yonke inkqubo iqhubeka. Yindlela kuphela yokufumana iziphumo ezifanelekileyo nezichanekileyo.
ingcambu @ master: /opt/samba-4.5.1# ./configure -with-systemd Iikomityi ezinokukhubazeka ingcambu @ master: /opt/samba-4.5.1# enza ingcambu @ master: /opt/samba-4.5.1# ukwenza ukufaka
Ngexesha lenkqubo yomyalelo enza, siyabona ukuba imithombo ye-Samba 3 kunye ne-Samba 4 yiyo le nto iQela Samba liqinisekisa ukuba uguqulelo lwayo lwesi-4 luhlaziyo lwendalo lwenguqulo 3, zombini kubalawuli beDomain ngokusekwe kwiSamba 3 + OpenLDAP, kunye iiseva zefayile, okanye iinguqulelo ezindala zeSamba 4.
Ukubonelela ngeSamba
Siza kusebenzisa njenge-DNS SAMBA_INTERNAL. en https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End Siza kufumana ulwazi ngakumbi. Xa besicela iphasiwedi yomsebenzisi we-Administrator, kufuneka sichwetheze ubuncinci bobude oonobumba abasi-8 kananjalo, ngoonobumba- oonobumba abakhulu nabancinci - kunye neenombolo.
Phambi kokuba uqhubeke nolungiselelo kunye nokwenza lula ubomi, sidibanisa indlela Samba ephunyeziweyo kwifayile yethu .ukuku, Emva koko siyavala kwaye singene kwakhona.
ingcambu @ inkosi: ~ # nano .bashrc
# ~ / .bashrc: yenziwe ngu-bash (1) kwiigobolondo ezingangeniyo. # Qaphela: I-PS1 kunye ne-umask sele zisetelwe / etc / profile. Akufanele # ufune oku ngaphandle kokuba ufuna ukungagqibeki okwahlukileyo kwengcambu. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # Ungayikhulula le migca ilandelayo ukuba ufuna ukuba 'ls' zifakwe imibala: # ukuthumela ngaphandle LS_OPTIONS = '- umbala = auto '# eval "` dircolors` "# alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # Ezinye iindawo zokuzikhusela ukuthintela ukwenza iimpazamo: # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
bhengeza -x PATH = "/ usr / yendawo / sbin: / usr / yendawo / ibin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / yendawo / isamba / umgqomo "
(Imeyile ikhuselwe): ~ # phuma uphume kunxibelelwano kwi-master closed. xeon @ sysadmin: ~ $ ssh (Imeyile ikhuselwe) okanye inkosi
(Imeyile ikhuselwe): ~ # samba-isixhobo sedomain esinikezelwayo -seuse-rfc2307 -interactive
Ummandla [SWL.FAN]: I-SWL
Idomeyini [SWL]: I-SWL
Indima yeServer (dc, ilungu, ezimeleyo) [dc]: dc
Umva we-DNS (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
Idilesi ye-IP yokuhambisa phambili ye-DNS (bhala 'akekho' ukukhubaza ukugqithisa) [192.168.10.5]: 8.8.8.8
Iphasiwedi yomlawuli: Igama eliyimfihlo2017
Phinda uchwetheze iphasiwedi: Igama eliyimfihlo2017
Ukukhangela iidilesi ze-IPv4 Ukujonga iidilesi ze-IPv6 Akukho dilesi ye-IPv6 iya kunikwa Ukuseta isabelo.ldb Ukumisela iimfihlo.ldb Ukuseta irejista Ukuseta idathabheyisi yamalungelo Ukuseta idmap db Ukumisela i-SAM db Ukumisela izahlulelo ze-sam. phezulu sam.ldb rootDSE Ukulayisha kwangaphambili i-Samba 4 kunye ne-schema yokongeza i-DomainDN: DC = swl, DC = fan Yongeza ikhonteyina yokumisela Ukuseta i-sam.ldb schema Ukuseka idatha yoqwalaselo lwe-sam. Ukulungisa isikhongozeli somsebenzisi Ukongeza isikhongozeli seekhompyuter Ukulungisa ikhonteyina yeekhompyuter Ukumisela idatha ye-sam.ldb Ukumisela iinqununu ezikhuselekileyo ezaziwayo Ukuseka abasebenzisi be-sam. = fan Ukudala iiDomainDnsZones kunye neForestDnsZones izahlulelo eziValayo zeDomainDnsZones kunye neForestDnsZones izahlulo zokumisela isam.ldb ingcambuDSE yokumakisha njengolungelelwaniso lokubonelela ngee-GUIDUkucwangciswa kweKerberos okulungele iSamba 4 kuye kwaveliswa ku- / usr/local/samba/private/krb5.conf Ukusetha useto lwe-yp yenkohliso Xa ezi fayile zingasentla zifakiwe, iserver yakho yeSamba4 iya kuba ilungele ukusebenzisa iNdima yoMncedisi: indawo esebenzayo yolawulo isilawuli Igama lomphathi: inkosi yeNetBIOS Domain: I-swl DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556
Masingalibali ukukopa ifayile yoqwalaselo lweKerberos njengoko kubonisiwe yimveliso ye Ukubonelela:
ingcambu @ inkosi: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Ukungachwethezi umyalelo isixhobo samba ngegama lakho elipheleleyo, senza ikhonkco elingumfuziselo negama elifutshane isixhobo:
ingcambu @ inkosi: ~ # ln -s / usr / yengingqi / samba / bin / samba-isixhobo / usr / yendawo / samba / bin / isixhobo
Sifaka i-NTP
Isiqwenga esisisiseko kuLuhlu oluSebenzayo yiNkonzo yeNethiwekhi yeXesha.Njengoko ungqinisiso lwenziwa ngeKerberos kunye neeTikiti zayo, ukungqinelanisa ixesha kunye neSamba 4 AD-DC kubalulekile.
ingcambu @ inkosi: ~ # ukufaneleka ukufaka ntp ingcambu @ inkosi: ~ # mv /etc/ntp.conf /etc/ntp.conf.original ingcambu @ inkosi: ~ # nano /etc/ntp.conf i-driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / yendawo / isamba / var / lib / ntp_signd manani ama-loopstats peerstats clockstats filegen loopstats file loopstats day day file filegen peerstats file peerstats type day make filegenstats file 192.168.10.1 thintela -4 ngokungagqibekanga kod notrap nomodify nopeer noquery limited -6 default default not notrap nomodify nopeer noquery limited default mssntp limited 127.0.0.1 limited :: 1 Broadcast 192.168.10.255 ingcambu @ inkosi: ~ # inkonzo ntp ukuqala kwakhona ingcambu @ inkosi: ~ # inkonzo ntp yenqanaba ingcambu @ inkosi: ~ # umsila -f / var / log / syslog
Ukuba ujonga syslog usebenzisa lo myalelo ungasentla okanye usebenzisa Ijenali-f sifumana umyalezo:
UJun 19 12: 13: 21 master ntpd_intres [1498]: umzali usweleke ngaphambi kokuba sigqibe, siphuma
kufuneka siqale inkonzo kwaye sizame kwakhona. Ngoku senza ifolda ntp_signd:
ingcambu @ inkosi: ~ # ls -ld / usr / yengingqi / samba / var / lib / ntp_signd
ls: / usr / yendawo / samba / var / lib / ntp_signd ayinakufikeleleka: Ifayile okanye ulawulo alukho
ingcambu @ inkosi: ~ # mkdir / usr / yendawo / isamba / var / lib / ntp_signd
(Imeyile ikhuselwe): ~ # ingcambu ekhethiweyo: ntp / usr / yendawo / isamba / var / lib / ntp_signd /
ingcambu @ inkosi: ~ # chmod 750 / usr / yengingqi / samba / var / lib / ntp_signd / ingcambu @ master: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /
# Njengoko kuceliwe ku-samba.wiki.org
ingcambu @ inkosi: ~ # ls -ld / usr / yengingqi / samba / var / lib / ntp_signd
drwxr-x-- 2 ingcambu ntp 4096 Jun 19 12: 21 / usr / yendawo / samba / var / lib / ntp_signd
Silungiselela ukuqala kweSamba ukusebenzisa inkqubo
ingcambu @ inkosi: ~ # nano /lib/systemd/system/samba-ad-dc.service [Inkonzo] Uhlobo = forking PIDFile = / usr / yendawo / samba / var / run / samba.pid LimitNOFILE = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / kill -HUP $ MAINPID [Faka] i-WantedBy = multi-user.target ingcambu @ inkosi: ~ # systemctl yenza ukuba i-samba-ad-dc ingcambu @ inkosi: ~ # qala kwakhona ingcambu @ inkosi: ~ # systemctl ubume besamba-ad-dc ingcambu @ inkosi: ~ # systemctl ubume ntp
Iindawo zefayile zeSamba 4 AD-DC
BONKE -thabatha isamba-ad-dc.service esandula ukwenziwa-ifayile zikwi:
ingcambu @ inkosi: ~ # ls -l / usr / yendawo / isamba / Iyonke i-32 drwxr-sr-x 2 iingcambu zabasebenzi 4096 Jun 19 11:55 mna I-drwxr-sr-x 2 iingcambu zabasebenzi 4096 Jun 19 11:50 Njl I-drwxr-sr-x 7 iingcambu zabasebenzi 4096 Jun 19 11:30 zibandakanya I-drwxr-sr-x 15 iingcambu zabasebenzi 4096 Jun 19 11:33 lib I-drwxr-sr-x 7 iingcambu zabasebenzi 4096 Jun 19 12:40 abucala I-drwxr-sr-x 2 iingcambu zabasebenzi 4096 Jun 19 11:33 sbin I-drwxr-sr-x 5 iingcambu zabasebenzi 4096 Jun 19 11:33 isabelo I-drwxr-sr-x 8 iingcambu zabasebenzi 4096 Jun 19 12:28 var
ngohlobo olungcono lwe-UNIX. Kuhlala kucetyiswa ukukhangela kwiifolda ezahlukeneyo kwaye ujonge imixholo yazo.
Ifayile /usr/local/samba/etc/smb.conf
ingcambu @ inkosi: ~ # nano / usr/local/samba/etc/smb.conf # Iiparameter zehlabathi [zehlabathi] igama le-netbios = MASTER indawo = I-SWL.Iqela lomsebenzi iqela = I-SWL dns phambili = 8.8.8.8 iinkonzo zeseva = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns indima yomncedisi = ulawulo olusebenzayo lwesilawuli sedomeyini vumela i-dns updates = ikhusele kuphela idmap_ldb: sebenzisa rfc2307 = ewe idmap config *: backend = tdb idmap config *: range = 1000000-1999999 ldap server ifuna strong auth = no printcap name = / dev / null [netlogon] path = / usr/local/samba/var/locks/sysvol/swl.fan/script read only = No [sysvol] path = / usr / local / samba / var / locks / sysvol funda kuphela = Hayi ingcambu @ inkosi: ~ # testparm Layisha iifayile ze-smb zokumisela kwi / usr/local/samba/etc/smb.conf Icandelo lokuqhubekeka "[netlogon]" Icandelo lokuqhubekeka "[sysvol]" Ifayile yeenkonzo ezilayishiwe zilungile. Indima yeseva: ROLE_ACTIVE_DIRECTORY_DC Cinezela ukungena ukuze ubone indawo yokulahla yeenkcazo zenkonzo yakho # Iiparameter zehlabathi [jikelele] indawo = SWL.FAN iqela lomsebenzi = SWL dns forwarder = 192.168.10.1 ldap server ifuna strong auth = No passdb backend = samba_dsdb server role = directory directory umlawuli wommandla wolawulo rpc_server: tcpip = akukho rpc_daemon: isolsolssd = efakwe i-rpc_server: i-spoolss = i-rpc_server efakwe: i-winreg = i-rpc_server efakwe imibhobho yangaphandle = idmap eyinyani yokumisela *: uluhlu = 1000000-1999999 idmap_ldb: sebenzisa rfc2307 = ewe idmap config *: backend = tdb map archive = Akukho mephu readonly = akukho ziimpawu zevenkile = Ewe vfs objects = dfs_samba4 acl_xattr [netlogon] path = / usr / local / samba / var / locks / sysvol / swl.fan / scripts read only = No [sysvol] path = / usr / local / samba / var / locks / sysvol funda kuphela = Hayi
Ukujonga okuncinci
ingcambu @ inkosi: ~ # isixhobo senqanaba lesizinda sibonise Inqanaba lomsebenzi wedomeyini kunye nehlathi 'DC = swl, DC = fan' Inqanaba lomsebenzi wehlathi: (Windows) 2008 R2 Inqanaba lomsebenzi weDomain: (Windows) 2008 R2 Elona nqanaba lisezantsi lomsebenzi weDC: (Windows) 2008 R2 ingcambu @ inkosi: ~ # ldapsearch -x -W ingcambu @ inkosi: ~ # isixhobo dbcheck Ukujonga izinto ezingama-262 kukhangelwe izinto ezingama-262 (0 iimpazamo) ingcambu @ inkosi: ~ # kinit Administrator Iphasiwedi ye Umlawuli@SWL.FAN: ingcambu @ inkosi: ~ # klist -f Indawo yokugcina itikiti: IFAYILE: / tmp / krb5cc_0 Ukungagqibeki kwasekuqaleni: Umlawuli@SWL.FAN Ukuqala kokusebenza kuphelelwa lixesha kweenkonzo eziphambili 19/06/17 12:53:24 19/06/17 22:53:24 krbtgt/SWL.FAN@SWL.FAN Hlaziya kude kube nge-20/06/17 12:53:18 PM, iiflegi: i-RIA ingcambu @ inkosi: ~ # kdestroy ingcambu @ inkosi: ~ # klist -f uluhlu: Isiqinisekiso sefayile yecache '/ tmp / krb5cc_0' ayifumaneki ingcambu @ inkosi: ~ # smbclient -L yendawo yokuhlala -U% I-Domain = [SWL] OS = [Windows 6.1] Iseva = [Samba 4.5.1] Uhlobo lweSharename Uhlobo lweNkcazo --------- -------- netlogon Disk sysvol Disk IPC $ IPC IPC Inkonzo (iSamba 4.5.1) Domain = [SWL] OS = [Windows 6.1] Iseva = [Samba 4.5.1] Amagqabantshintshi eSeva --------- ------- Iqela lomsebenzi weQela ---- ------ ------- (Imeyile ikhuselwe): ~ # smbclient // localhost / netlogon -UUmlawuli -c 'ls' Ngenisa igama lokugqithisa loMlawuli: Domain = [SWL] OS = [Windows 6.1] Iseva = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 iibhloko zobukhulu 1024. 16198044 iibhloko ezikhoyo ingcambu @ inkosi: ~ # isixhobo se-dns serverinfo master -U umlawuli ingcambu @ inkosi: ~ # host -t SRV _ldap._tcp.swl.fan _ldap._tcp.swl.fan inerekhodi ye-SRV 0 100 389 master.swl.fan. ingcambu @ inkosi: ~ # umgcini -i-SRV _kerberos._udp.swl.fan _kerberos._udp.swl.fan unerekhodi ye-SRV 0 100 88 master.swl.fan. ingcambu @ inkosi: ~ # umphathi -t Inkosi.swl.fan master.swl.fan idilesi 192.168.10.5 ingcambu @ inkosi: ~ # Umgcini -i-SOA swl.fan swl.fan ine-SOA irekhodi master.swl.fan. umphathi wenkosi.swl.fan. 1 900 600 86400 3600 ingcambu @ inkosi: ~ # Umgcini -t NS swl.fan swl.fan igama lomncedisi master.swl.fan. ingcambu @ inkosi: ~ # Umgcini -t MX swl.fan swl.fan ayinayo irekhodi le-MX ingcambu @ inkosi: ~ # samba_dnsupdate -verbose ingcambu @ inkosi: ~ # uluhlu lwabasebenzisi besixhobo Umphathi krbtgt Undwendwe ingcambu @ inkosi: ~ # uluhlu lwamaqela ezixhobo # Iziphumo liqela lamaqela. ;-)
Silawula iSamba 4 AD-DC esandula ukufakwa
Ukuba sifuna ukuguqula ukuphelelwa lixesha kwi-password yoMlawuli; ubunzima beephasiwedi; ubuncinci ubude begama eligqithisiweyo; ubuncinci kunye nobude obukhulu- ngeentsuku- zephasiwedi; kunye nokutshintsha igama eligqithisiweyo loMlawuli elibhengezwe ngexesha Ukubonelela, kufuneka senze le miyalelo ilandelayo nge amaxabiso ahlengahlengisiweyo kwiimfuno zakho:
ingcambu @ inkosi: ~ # isixhobo
Ukusetyenziswa: isixhobo samba Isixhobo esiphambili solawulo lwesamba. -H, -help bonisa lo myalezo woncedo kwaye uphume kukhetho lwe-Version: -V, -version bonisa inombolo yenguqulo efumanekayo kumgaqo ophantsi: dbcheck -Jonga kwindawo yedatha ye-AD ukuba kukho iimpazamo. abathunywa - ulawulo lwamagunya. dns -Ulawulo lweeNkonzo zeDomain (DNS). domain - Ulawulo lweDomain. drs - Ulawulo lweeNkonzo zokuPhindaphinda iirejista (i-DRS). dsacl - DS ACL ubuqhetseba. I-fsmo-Flexible Single Operations (FSMO) yokulawula iindima. gpo-Ulawulo lweNjongo yoMgaqo-nkqubo weQela (GPO). iqela-Ulawulo lweqela. ldapcmp - Thelekisa ezimbini zedatha yolwazi. Ntacl - NT ACLs ubuqhetseba. iinkqubo-Uluhlu lweenkqubo (ukunceda ukulungisa ingxaki kwiinkqubo ngaphandle kwe-setproctitle). i-rodc - uLawulo lweDomain Domain (RODC) kuphela. iisayithi - Ulawulo lweeSayithi. i-spn-igama leNqununu yeNkonzo (SPN). testparm -I-syntax jonga ifayile yoqwalaselo. ixesha -Fumana kwakhona ixesha kwiserver. Umsebenzisi - Ulawulo lomsebenzisi. Ngoncedo oluthe kratya kwi-subcommand ethile, nceda uthayiphe: samba-tool (-h | - uncedo)
ingcambu @ inkosi: ~ # isixhobo somsebenzisi setexexy umphathi
(Imeyile ikhuselwe): ~ # isixhobo sedomeyini iseti yokuseta iphasiwedi -min-pwd-ubude = 7
(Imeyile ikhuselwe): ~ # isixhobo sedomeyini siseti yokuseta -min-pwd-age = 0
(Imeyile ikhuselwe): ~ # isixhobo sedomeyini siseti yokuseta --max-pwd-age = 60
(Imeyile ikhuselwe): ~ # isixhobo somsebenzisi setassword -filter = samaccountname = Administrator -newpassword = Passw0rD
Songeza iirekhodi ezininzi ze-DNS
ingcambu @ master: ~ # isixhobo sedns
Ukusetyenziswa: isixhobo samba-dns Ulawulo lweeNkonzo zeDomain (DNS). Iinketho: -h, -help bonisa lo myalezo woncedo kwaye uphume kwimiyalelo ekhoyo: Yongeza-Yongeza irekhodi ye-DNS cima -Cima umbuzo werekhodi ye-DNS -Ubuza igama. i-roothints-Iingcebiso zeengcambu zengcebiso. serverinfo-Umbuzo wolwazi lweseva. hlaziya-Hlaziya irekhodi lendawo ye-DNS -Yila indawo. zonedelete -Cima indawo. zoneinfo-Umbuzo wolwazi lommandla. zelist - Umbuzo weendawo. Ukufumana uncedo olungakumbi kwi-subcommand ethile, nceda uthayiphe: samba-tool dns (-h | - uncedo)
Iseva yemeyile
(Imeyile ikhuselwe): ~ # isixhobo se-dns songeza i-master swl.fan imeyile I-192.168.10.9 -U umlawuli (Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master swl.fan swl.fan MX "imeyile.swl.fan 10" -U mlawuli
I-IP ehleliweyo yezinye iiseva
(Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master swl.fan sysadmin A 192.168.10.1 -U umlawuli (Imeyile ikhuselwe): ~ # isixhobo se-dns songeza i-master swl.fan ifayile yeseva A 192.168.10.10 -U umlawuli (Imeyile ikhuselwe): ~ # isixhobo se-dns songeza i-master swl.fan proxy A 192.168.10.11 -U umlawuli (Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master swl.fan ingxoxo A 192.168.10.12 -U umlawuli
Indawo ebuyayo
ingcambu @ master: ~ # isixhobo se-dns zonecreate master 10.168.192.in-addr.arpa -U umlawuli Iphaswedi ye- [SWL \ umlawuli]: iZone 10.168.192.in-addr.arpa yenziwe ngempumelelo (Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master 10.168.192.in-addr.arpa 5 PTR master.swl.fan. -Umlawuli (Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master 10.168.192.in-addr.arpa 9 PTR imeyile.swl.fan. -Umlawuli (Imeyile ikhuselwe) -Umlawuli (Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. -Umlawuli (Imeyile ikhuselwe): ~ # izixhobo zedns zongeza i-master 10.168.192.in-addr.arpa 11 PTR proxy.swl.fan. -Umlawuli (Imeyile ikhuselwe) -Umlawuli
Itshekhi
(Imeyile ikhuselwe) ~ ~ isixhobo se-dns sombuzo master swl.fan imeyile ZONKE -U umlawuli Iphasiwedi ye [SWL \ administrator]: Name =, Records = 1, Children = 0 A: 192.168.10.9 (flags = f0, serial = 2, ttl = 900) ingcambu @ inkosi: ~ # umphathi wenkosi master.swl.fan idilesi 192.168.10.5 ingcambu @ inkosi: ~ # host sysadmin sysadmin.swl.fan idilesi 192.168.10.1 ingcambu @ inkosi: ~ # imeyile yokubamba imeyile.swl.fan ineadilesi 192.168.10.9 ingcambu @ inkosi: ~ # ingxoxo yokubamba chat.swl.fan ineadilesi 192.168.10.12 (Imeyile ikhuselwe): ~ # umphathi wokubamba Ummeli.swl.fan unedilesi 192.168.10.11 ingcambu @ inkosi: ~ # umphathi wefayile fileserver.swl.fan ineedilesi 192.168.10.10 ingcambu @ inkosi: ~ # umgcini 192.168.10.1 1.10.168.192.in-addr.arpa isizinda segama lesikhombisi sysadmin.swl.fan. ingcambu @ inkosi: ~ # umgcini 192.168.10.5 5.10.168.192.in-addr.arpa indawo yesikhombisi master.swl.fan. ingcambu @ inkosi: ~ # umgcini 192.168.10.9 9.10.168.192.in-addr.arpa isalathiso segama lesizinda imeyile.swl.fan. ingcambu @ inkosi: ~ # umgcini 192.168.10.10 10.10.168.192.in-addr.arpa isalathi segama lefayile isikhombisi sefayile.swl.fan. ingcambu @ inkosi: ~ # umgcini 192.168.10.11 11.10.168.192.in-addr.arpa isalathi segama proxy.swl.fan. ingcambu @ inkosi: ~ # umgcini 192.168.10.12 12.10.168.192.in-addr.arpa isizinda segama lesikhombisi chat.swl.fan.
Ukufuna ukwazi
ingcambu @ inkosi: ~ # ldbsearch -H / usr/local/samba/private/sam.ldb.d/ DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | grep dn:
Songeza abasebenzisi
ingcambu @ inkosi: ~ # isixhobo somsebenzisi
Ukusetyenziswa: samba-isixhobo somsebenzisi Ulawulo lomsebenzisi. -H, -help bonisa lo myalezo woncedo kwaye uphume kwi-subcommands ezikhoyo: Yongeza-Yenza umsebenzisi omtsha. yenza-Yenza umsebenzisi omtsha. cima -Cima umsebenzisi. khubaza-Khubaza umsebenzisi. vumela-Nika amandla umsebenzisi. igama eligqithisiweyo -Fumana indawo yephasiwedi yomsebenzisi / iakhawunti yekhompyuter. uluhlu-Dwelisa bonke abasebenzisi. igama eligqithisiweyo -Tshintsha iphasiwedi yeakhawunti yomsebenzisi (leyo inikezelwe kukungqinisisa). setexpiry-Seta ukuphela kweakhawunti yomsebenzisi. setassword-Cwangcisa okanye usete kwakhona iphasiwedi yeakhawunti yomsebenzisi. amagama okuvumelanisa-Vumelanisa iphasiwedi yeakhawunti yomsebenzisi. Ukufumana uncedo olungakumbi kwi-subcommand ethile, nceda uthayiphe: samba-tool user (-h | --help)
ingcambu @ master: ~ # isixhobo somsebenzisi yenza i-trancos Trancos01
Umsebenzisi 'trancos' wenziwe ngempumelelo
ingcambu @ inkosi: ~ # isixhobo somsebenzisi yenza i-gandalf Gandalf01
Umsebenzisi 'gandalf' wenziwe ngempumelelo
ingcambu @ master: ~ # isixhobo somsebenzisi senze i-legolas Legolas01
Umsebenzisi 'iilegola' zenziwe ngempumelelo
ingcambu @ inkosi: ~ # uluhlu lwabasebenzisi besixhobo
Umlawuli u-gandalf legolas uthatha amanyathelo krbtgt undwendwe
Ulawulo ngokusebenzisa imbonakalo yomzobo okanye ngokusebenzisa umxhasi wewebhu
Ndwendwela i-wiki.samba.org ngolwazi oluneenkcukacha ngendlela yokufaka IMicrosoft RSAT o Izixhobo zoLawulo lweSeva ekude. Ukuba awufuni imigaqo-nkqubo yakudala enikezelwa yiMicrosoft Active Directory, ungafaka iphakheji ldap-akhawunti-umphathi enikezela ujongano olulula kulawulo ngesikhangeli sewebhu.
Iphakheji yenkqubo yeMicrosoft Remote Server Management (RSAT) ifakiwe kwiinkqubo ezisebenzayo zeWindows Server.
Sijoyina isizinda kumxhasi weWindows 7 ogama lingu "sixhenxe"
Njengoko singenayo iseva ye-DHCP kwinethiwekhi, into yokuqala ekufuneka siyenzile kukumisela ikhadi lomnatha lomthengi nge-IP esisigxina, sibhengeze ukuba i-DNS ephambili iya kuba yi-IP samba-ad-dc, kwaye ujonge ukuba ukhetho "Bhalisa idilesi yonxibelelwano kwi-DNS" iyasebenza. Ayisiyonto ilandelayo ukujonga ukuba igama «Sixhenxe»Okwangoku ayikabhaliswa kwi-Samba's DNS yangaphakathi.
Emva kokuba sijoyine ikhompyuter kwi-domain kwaye sayiqala kwakhona, masizame ukungena kunye nomsebenzisi «amanyathelo«. Siza kujonga ukuba yonke into iyasebenza. Kukwacetyiswa ukuba ujonge iiLogs zeKlayenti yeWindows kwaye ujonge ukuba ixesha lilungelelaniswe ngokuchanekileyo njani.
Abalawuli abanamava eWindows baya kufumanisa ukuba naziphi na iitshekhi abazenzayo kumthengi ziya kunika iziphumo ezonelisayo.
Isishwankathelo
Ndiyathemba ukuba inqaku liluncedo kubafundi basekuhlaleni. DesdeLinux.
Sala kakuhle!
Ixesha elide kodwa eneenkcukacha, inyathelo elihle kakhulu ngenyathelo ngendlela yokwenza yonke into.
Ndigxininisa i-NIS, inyani kukuba nangona ndiyazi ngobukho bayo, andizange ndiyazi ukuba isebenza njani, kuba ukunyaniseka yayihlala indinika umbono wokuba ifile ecaleni kwe-LDAP kunye neSamba 4.
PS: Siyavuyisana neprojekthi yakho entsha! Kulusizi ukuba awuyi kuqhubeka ubhala apha, kodwa ubuncinci kukho indawo yokukulandela.
Isifundo esikhulu njengesiqhelo kwiintandokazi zam, Ndiyabulisa uFico.
Siyavuyisana neprojekthi.
Icandelo le-NIS lilungile, ndiyavelana noGonzalo Martinez, bendisazi ngokufutshane kodwa bendingenalo nofifi lokuba ndingalisebenzisa njani kwaye lisetyenziswa kweziphi iimeko.
Enkosi kube kanye "ngomthi" omkhulu wethiyori kunye nokusebenza kwinqaku.
Okokugqibela impumelelo entsha kwiprojekthi yakho entsha «gigainside».
Ndiyabulela wonke umntu ngezimvo zakho !!!.
Phendula nge quote
i-smb.conf oyibonisayo ayinalo ikhonkco ne-LDAP, ngaba injalo ngenjongo okanye ndishiye into?
mussol: Le yi-Samba 4 ye-Domain Controler eseleyo enesakhelo se-LDAP esakhelweyo.
Ngaba ungahlomla ngendlela yokudibanisa imac (iapile) kwisamba 4 AD-DC?
Enkosi kuwe.
Unjani;
Enkosi ngencwadi, kulungile. Ndinombuzo malunga nomyalezo obonakala kum.
ingcambu @ AD: ~ # nping -tcp -p 53 -c 3 ad.rjsolucionessac.com
Isilele ukusombulula igama lomamkeli / IP: ad.rjsolucionessac.com. Qaphela ukuba awukwazi ukusebenzisa '/ mask' KUNYE '1-4,7,100-' isimbo se-IP
Ayinakufumana into ekujoliswe kuyo. Nceda uqinisekise ukuba iinginginya ezichaziweyo nokuba ziidilesi ze-IP kubhalo oluqhelekileyo okanye amagama asingathi anokuxazululwa nge-DNS
ingcambu @ AD: ~ #