PAM, NIS, LDAP, Kerberos, DS ati Samba 4 AD-DC - Awọn nẹtiwọọki SMB

Atọka gbogbogbo ti jara: Awọn nẹtiwọọki Kọmputa fun Awọn SME: Ifihan

Kaabo awọn ọrẹ ati ọrẹ!

Pẹlu nkan yii Mo sọ O dabọ si Agbegbe FromLinux. Idagbere pataki fun Agbegbe Pataki kan. Lati isinsinyi Emi yoo wa ninu iṣẹ akanṣe ti ara ẹni eyiti o le mọ ninu http://www.gigainside.com.

Ohun pataki ti ifiweranṣẹ ni lati pese «Aworan nla»Nipa Awọn iṣẹ Ijeri pẹlu Sọfitiwia ọfẹ ti a ni ni didanu wa. O kere ju iyẹn ni ero wa. Nitorinaa yoo pẹ, laisi otitọ pe a mọ pe o lodi si awọn ofin gbogbogbo ti kikọ awọn nkan. A nireti pe Awọn Alabojuto System ni riri fun.

A fẹ lati tọka si pe ilana ti o wọpọ si ọpọlọpọ awọn ọna ẹrọ idanimọ ode oni ni LDAP, ati pe kii ṣe alailera lati kawe rẹ daradara, da lori awọn ohun elo iwadii ti a yoo rii lori aaye ayelujara osise http://www.openldap.org/.

A ko ni fun awọn asọye alaye - tabi awọn ọna asopọ - lori awọn aaye ti o wa ninu awọn nkan iṣaaju, tabi lori awọn ti alaye wọn le ni irọrun ni irọrun lori Wikipedia tabi awọn aaye miiran tabi awọn nkan lori Intanẹẹti, nitorinaa ki o maṣe padanu aifọkanbalẹ ti ifiranṣẹ ti a fẹ lati fun. A yoo tun lo idapọpọ to wulo ti awọn orukọ ni Gẹẹsi ati Ilu Sipeeni, bi a ṣe ro pe ọpọlọpọ awọn ọna ṣiṣe ni a bi pẹlu awọn orukọ ni Gẹẹsi ati pe o jẹ anfani pupọ fun Sysadmin lati ṣa wọn pọ ni ede atilẹba wọn.

  • Pam: Module Ijeri Pluggable.
  • NIS: Network_Information_Service.
  • LDAP: Protocol Wiwọle Ilana Itọsọna Lightweight.
  • Kerberos: Ilana aabo lati jẹrisi awọn olumulo, awọn kọnputa ati awọn iṣẹ ni aarin lori nẹtiwọọki kan, ni idaniloju awọn iwe eri wọn lodi si awọn titẹ sii ti o wa ninu ibi ipamọ data Kerberos.
  • DS: Olupin Itọsọna tabi Iṣẹ Itọsọna
  • AD-DC: Itọsọna Iroyin - Olutọju Aṣẹ

Atọka

Pam

A ya iyasọtọ kan si iru iru ijẹrisi ti agbegbe, eyiti iwọ yoo rii ninu adaṣe ojoojumọ pe o ti lo ni ibigbogbo nigbati, fun apẹẹrẹ, a darapọ mọ ibudo iṣẹ kan si Alakoso Adari tabi Itọsọna Iroyin; lati ya awọn olumulo ti o fipamọ sinu awọn apoti isura infomesonu LDAP ti ita bi ẹnipe wọn jẹ awọn olumulo agbegbe; lati ya awọn olumulo ti o fipamọ sinu Adari Aṣẹ ti Itọsọna Iroyin bi ẹni pe wọn jẹ awọn olumulo agbegbe, ati bẹbẹ lọ.

NIS

De Wikipedia:

  • Eto Alaye Nẹtiwọọki (ti a mọ nipasẹ adaṣe rẹ NIS, eyiti o jẹ ni ede Spani tumọ si Alaye Nẹtiwọọki Nẹtiwọọki), ni orukọ ilana ilana awọn iṣẹ itọsọna liana olupin ti o dagbasoke nipasẹ Sun Microsystems fun fifiranṣẹ data iṣeto ni awọn ọna pinpin bi awọn orukọ awọn olumulo ati awọn ogun laarin awọn kọnputa lori nẹtiwọọki kan.NIS da lori ONC RPC, o si ni olupin, ile-ikawe alabara ẹgbẹ kan, ati ọpọlọpọ awọn irinṣẹ iṣakoso.

    NIS ni akọkọ ti a pe ni Awọn oju-iwe Yellow, tabi YP, eyiti o tun lo lati tọka si rẹ. Laanu, orukọ yẹn jẹ aami-iṣowo ti British Telecom, eyiti o nilo Sun lati ju orukọ yẹn silẹ. Bibẹẹkọ YP jẹ iṣaaju ni awọn orukọ ti ọpọlọpọ awọn ofin ti o ni ibatan NIS, gẹgẹ bi ypserv ati ypbind.

    DNS n ṣe alaye ibiti o lopin ti alaye, eyiti o ṣe pataki julọ ni ibamu laarin orukọ oju ipade ati adiresi IP naa. Fun awọn iru alaye miiran, ko si iru iṣẹ amọja bẹ. Ni apa keji, ti o ba ṣakoso LAN kekere kan laisi isopọ Ayelujara, ko dabi ẹni pe o tọ ṣeto DNS. Eyi ni idi ti Sun ṣe dagbasoke Eto Alaye Nẹtiwọọki (NIS). NIS n pese awọn agbara iraye si ibi ipamọ data jeneriki ti o le lo lati kaakiri, fun apẹẹrẹ, alaye ti o wa ninu passwd ati awọn faili ẹgbẹ si gbogbo awọn apa lori nẹtiwọọki rẹ. Eyi mu ki nẹtiwọọki dabi eto kan ṣoṣo, pẹlu awọn iroyin kanna lori gbogbo awọn apa. Bakan naa, NIS le ṣee lo lati kaakiri alaye orukọ oju ipade ti o wa ninu / ati be be / awọn ogun si gbogbo awọn ẹrọ lori nẹtiwọọki naa.

    Loni NIS wa ni iṣe ni gbogbo awọn pinpin kaakiri Unix, ati pe awọn imuṣẹ ọfẹ wa paapaa. BSD Net-2 ṣe atẹjade ọkan ti o ti ni ariyanjiyan lati imuse itọkasi itọkasi agbegbe kan ti Sun funni. Koodu ile-ikawe fun apakan alabara ti ẹya yii ti wa ni libc GNU / Linux fun igba pipẹ, ati pe awọn eto iṣakoso ni wọn gbe lọ si GNU / Linux nipasẹ Swen Thümmler. Sibẹsibẹ, olupin NIS ti nsọnu bi ti imuse itọkasi.

    Peter Eriksson ti ṣe agbekalẹ imuse tuntun ti a pe ni NYS. O ṣe atilẹyin ipilẹ NIS mejeeji ati ẹya ti o ti ni ilọsiwaju ti Sun NIS +. [1] NYS kii ṣe pese nọmba awọn irinṣẹ NIS ati olupin nikan, ṣugbọn tun ṣafikun gbogbo tuntun ti awọn iṣẹ ikawe ti o nilo lati ṣajọ sinu libc rẹ ti o ba fẹ lo wọn. Eyi pẹlu eto iṣeto tuntun fun ipinnu orukọ oju ipade ti o rọpo eto lọwọlọwọ ti a lo nipasẹ faili “host.conf”.

    GNU libc, ti a mọ bi libc6 ni agbegbe GNU / Linux, pẹlu ẹya ti a ṣe imudojuiwọn ti atilẹyin NIS aṣa ti idagbasoke nipasẹ Thorsten Kukuk. O ṣe atilẹyin fun gbogbo awọn iṣẹ ile-ikawe ti a pese nipasẹ NYS, ati tun lo ilana iṣeto NYS ti ilọsiwaju. Awọn irinṣẹ ati olupin tun nilo, ṣugbọn lilo libc GNU nfi iṣẹ ṣiṣe patching ati imularada ile-ikawe pamọ

    .

Kọmputa ati orukọ ìkápá, wiwo nẹtiwọọki ati ipinnu

  • A bẹrẹ lati fifi sori ẹrọ mimọ-laisi wiwo ayaworan- ti Debian 8 “Jessie”. Ašẹ swl.fan tumọ si "Awọn onibakidijagan ti Software ọfẹ." Orukọ wo ni o dara ju eyi lọ?.
root @ titunto si: ~ # orukọ olupin
titunto si
root @ titunto si: ~ # Orukọ ogun -f
oluwa.swl.fan

root @ titunto si: ~ # ip addr 1: wo: mtu 65536 qdisc noqueue ipinle UNKNOWN ọna asopọ aiyipada ẹgbẹ / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 ogun dopin wo valid_lft lailai prefer_lft lailai inet6 :: 1/128 agbalejo oniduro valid_lft lailai prefer_lft lailai 2: eth0: mtu 1500 qdisc pfifo_fast ipinle UP ẹgbẹ aiyipada qlen 1000 ọna asopọ / ether 00: 0c: 29: 4c: 76: d9 brd ff: ff: ff: ff: ff: ff inet 192.168.10.5/24 brd 192.168.10.255 dopin agbaye eth0 valid_lft titilai afihan_lft lailai inet6 fe80 :: 20c: 29ff: fe4c: 76d9 / 64 ọna asopọ dopin valid_lft lailai afihan_lft lailai

root @ oluwa: ~ # cat /etc/resolv.conf 
wa swl.fan orukọ olupin 127.0.0.1

Fifi sori ẹrọ ti bind9, isc-dhcp-olupin ati ntp

dè9

root @ titunto si: ~ # aptitude fi sori ẹrọ bind9 dè9-doc n maapu
root @ titunto si: ~ # systemctl ipo bind9

root @ titunto si: ~ # nano /etc/bind/named.conf
pẹlu "/etc/bind/named.conf.options"; pẹlu "/etc/bind/named.conf.local"; pẹlu "/etc/bind/named.conf.default-zones";

root @ titunto si: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original

root @ titunto si: ~ # nano /etc/bind/named.conf.options
awọn aṣayan {itọsọna "/ var / kaṣe / dipọ"; // Ti ogiriina kan ba wa laarin iwọ ati awọn olupin orukọ ti o fẹ // lati ba sọrọ, o le nilo lati ṣatunṣe ogiriina lati gba ọpọ awọn ibudo // laaye lati ba sọrọ. Wo http://www.kb.cert.org/vuls/id/800113

        // Ti ISP rẹ ba pese ọkan tabi diẹ sii Awọn adirẹsi IP fun iduroṣinṣin // awọn orukọ olupin, o ṣeeṣe ki o fẹ lati lo wọn bi awọn ifiranšẹ siwaju. // Uncomment abawọn atẹle, ki o fi sii awọn adirẹsi rirọpo // ipo ibi gbogbo-0. // awọn oludari {// 0.0.0.0; //}; // ============================================== = =================== $ // Ti BIND ba ṣe akọọlẹ awọn ifiranṣẹ aṣiṣe nipa bọtini root ti pari, // iwọ yoo nilo lati ṣe imudojuiwọn awọn bọtini rẹ. Wo https://www.isc.org/bind-keys
        // ============================================== = =================== $ // A ko fẹ DNSSEC
        dnssec-jeki rara;
        // dnssec-afọwọsi auto; auth-nxdomain rárá; # ṣe ibamu si RFC1035 gbọ-lori-v6 {eyikeyi; }; // Fun awọn sọwedowo lati localhost ati sysadmin // nipasẹ iwo swl.fan axfr // A ko ni ẹrú DNS ... titi di isisiyi
        gba laaye-gbigbe {localhost; 192.168.10.1; };
}; root @ titunto si: ~ # ti a npè ni-checkconf

root @ titunto si: ~ # nano /etc/bind/zones.rfcFreeBSD
// Aaye Adirẹsi Pipin (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Ọna asopọ-agbegbe / APIPA (Awọn RFC 3927, 5735 ati 6303)
agbegbe "254.169.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

Awọn iṣẹ iyansilẹ Ilana IETF (Awọn RFC 5735 ati 5736)
agbegbe "0.0.192.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// TEST-NET- [1-3] fun Akọsilẹ (Awọn RFC 5735, 5737 ati 6303)
agbegbe "2.0.192.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "100.51.198.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "113.0.203.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// IPv6 Apẹẹrẹ Ibiti fun Documentation (RFCs 3849 ati 6303)
agbegbe "8.bd0.1.0.0.2.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// Awọn Orukọ Aṣẹ fun Iwe ati Idanwo (BCP 32)
agbegbe "idanwo" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "apẹẹrẹ" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "ko wulo" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "example.com" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "apẹẹrẹ.net" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "example.org" {iru oluwa; faili "/etc/bind/db.empty"; };

// Idanwo Ifiweranṣẹ Olulana (Awọn RFC 2544 ati 5735)
agbegbe "18.198.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "19.198.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// IANA Ti wa ni ipamọ - Aaye Kilasi E E atijọ (RFC 5735)
agbegbe "240.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "241.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "242.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "243.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "244.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "245.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "246.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "247.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "248.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "249.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "250.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "251.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "252.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "253.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "254.in-addr.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// IPv6 Awọn Adirẹsi Ainisiṣẹ (RFC 4291)
agbegbe "1.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "3.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "4.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "5.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "6.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "7.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "8.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "9.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "a.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "b.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "c.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "d.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "e.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "0.f.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "1.f.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "2.f.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "3.f.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "4.f.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "5.f.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "6.f.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "7.f.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "8.f.ip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; }; agbegbe "9.f.ip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "afip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "bfip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "0.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "1.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "2.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "3.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "4.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "5.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "6.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "7.efip6.arpa" {oriṣi iru; faili "/etc/bind/db.empty"; };

// IPv6 ULA (Awọn RFCs 4193 ati 6303)
agbegbe "cfip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "dfip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// IPv6 Ọna asopọ Agbegbe (Awọn RFCs 4291 ati 6303)
agbegbe "8.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "9.efip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "aefip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "befip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// IPv6 Awọn adirẹsi Aye-Agbegbe Ti dinku (Awọn RFC 3879 ati 6303)
agbegbe "cefip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "defip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "eefip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; }; agbegbe "fefip6.arpa" {iru oluwa; faili "/etc/bind/db.empty"; };

// IP6.INT jẹ Idinku (RFC 4159)
agbegbe "ip6.int" {iru oluwa; faili "/etc/bind/db.empty"; };

root @ titunto si: ~ # nano /etc/bind/named.conf.local
// // Ṣe iṣeto ni agbegbe eyikeyi nibi // // Ro fifi kun awọn agbegbe 1918 nibi, ti wọn ko ba lo ninu rẹ // agbari pẹlu "/etc/bind/zones.rfc1918";
pẹlu "/etc/bind/zones.rfcFreeBSD";

// Ikede ti orukọ, iru, ipo, ati igbanilaaye imudojuiwọn // ti Awọn agbegbe Awọn Igbasilẹ DNS // Awọn agbegbe Mejeeji jẹ agbegbe MASTER "swl.fan" {oluwa iru; faili "/var/lib/bind/db.swl.fan"; }; agbegbe "10.168.192.in-addr.arpa" {iru oluwa; faili "/var/lib/bind/db.10.168.192.in-addr.arpa"; };

root @ titunto si: ~ # ti a npè ni-checkconf

root @ oluwa: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ NI SOA master.swl.fan. root.master.swl.fan. (1; tẹlentẹle 1D; tù 1H; tun gbiyanju 1W; pari 3H); o kere ju tabi; Akoko caching odi lati gbe; @ IN NS master.swl.fan. @ IN MX 10 mail.swl.fan. @ IN A 192.168.10.5 @ IN TXT "Fun Awọn egeb ti Sọfitiwia ọfẹ"; sysadmin IN A 192.168.10.1 oluṣakoso IN A 192.168.10.4 oluwa IN A 192.168.10.5 aṣoju IN A bulọọgi 192.168.10.6 IN A 192.168.10.7 ftpserver IN A 192.168.10.8 mail IN A 192.168.10.9

root @ titunto si: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ NI SOA master.swl.fan. root.master.swl.fan. (1; tẹlentẹle 1D; tù 1H; tun gbiyanju 1W; pari 3H); o kere ju tabi; Akoko caching odi lati gbe; @ IN NS master.swl.fan. ; 1 NI PTR sysadmin.swl.fan. 4 INU faili faili PTR.swl.fan. 5 IN oluwa PTR.swl.fan. 6 IN aṣoju protinweb.swl.fan PTR. 7 NI bulọọgi PTR.swl.fan. 8 IN PTR ftpserver.swl.fan. 9 IN PTR mail.swl.fan.

root @ titunto si: ~ # ti a darukọ-checkzone swl.fan /var/lib/bind/db.swl.fan
agbegbe swl.fan/IN: tẹlentẹle ti kojọpọ 1 O DARA
root @ titunto si: ~ # ti a npè ni-ayẹwo 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
agbegbe 10.168.192.in-addr.arpa/IN: ti kojọpọ ni tẹlentẹle 1 O dara

root @ titunto si: ~ # ti a npè ni-checkconf -zp
root @ titunto si: ~ # systemctl tun bẹrẹ bind9.service
root @ titunto si: ~ # systemctl ipo bind9.service

Bind9 sọwedowo

root @ titunto si: ~ # iwo swl.fan axfr
root @ titunto si: ~ # ma wà 10.168.192.in-addr.arpa axfr
root @ titunto si: ~ # ma wà IN SOA swl.fan
root @ titunto si: ~ # ma wà IN NS swl.fan
root @ titunto si: ~ # ma wà IN MX swl.fan
root @ master: ~ # proxyweb host host @ master: ~ # nping --tcp -p 53 -c 3 localhost
root @ titunto si: ~ # nping --udp -p 53 -c 3 localhost
root @ titunto si: ~ # nping --tcp -p 53 -c 3 master.swl.fan
gbongbo @ oluwa: ~ # nping --udp -p 53 -c 3 master.swl.fan
Bibẹrẹ Nping 0.6.47 ( http://nmap.org/nping ) ni 2017-05-27 09:32 EDT RẸ (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 RẸ (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 RAN (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Min rtt: N / A | Avg rtt: N / A Awọn apo-iwe Raw ti a firanṣẹ: 84 (0B) | Rcvd: 0 (3B) | Ti sọnu: 100.00 (1%) Nping ṣe: 3.01 IP adiresi pinged ni awọn aaya XNUMX 

olupin isc-dhcp

root @ oluwa: ~ # aptitude fi sori ẹrọ olupin isc-dhcp
root @ titunto si: ~ # nano / ati be be lo / aiyipada / isc-dhcp-server
# Lori awọn atọkun wo ni olupin DHCP (dhcpd) ṣe fun awọn ibeere DHCP? # Ya awọn atọkun lọtọ kuro pẹlu awọn alafo, fun apẹẹrẹ "eth0 eth1".
Awọn ibaraẹnisọrọ = "eth0"

root @ titunto si: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
root @ oluwa: ~ # cat Kdhcp-key. +157 + 51777.priv 
Ọna kika-ikọkọ-ikọkọ: v1.3 Alugoridimu: 157 (HMAC_MD5) Bọtini: Ba9GVadq4vOCixjPN94dCQ == Awọn ege: AAA = Ṣẹda: 20170527133656 Ṣe atẹjade: 20170527133656 Mu ṣiṣẹ: 20170527133656

root @ titunto si: ~ # nano dhcp.key
bọtini dhcp-bọtini {
        alugoridimu hmac-md5;
        aṣiri "Ba9GVadq4vOCixjPN94dCQ == ";
}; root @ titunto si: ~ # fi sori ẹrọ -o root -g bind -m 0640 dhcp.key /etc/bind/dhcp.key root @ oluwa: ~ # fi sori ẹrọ -o root -g root -m 0640 dhcp.key / etc / dhcp /dhcp.key root @ titunto si: ~ # nano /etc/bind/named.conf.local
pẹlu "/etc/bind/dhcp.key";

agbegbe "swl.fan" {iru oluwa; faili "/var/lib/bind/db.swl.fan";
        gba-imudojuiwọn {bọtini dhcp-key; };
}; agbegbe "10.168.192.in-addr.arpa" {iru oluwa; faili "/var/lib/bind/db.10.168.192.in-addr.arpa";
        gba-imudojuiwọn {bọtini dhcp-key; };
};

root @ titunto si: ~ # ti a npè ni-checkconf

root @ titunto si: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
root @ titunto si: ~ # nano /etc/dhcp/dhcpd.conf
ddns-imudojuiwọn-adele adele; ddns-awọn imudojuiwọn lori; ddns-ašẹ orukọ "swl.fan."; ddns-rev-domainname "in-addr.arpa."; foju awọn imudojuiwọn alabara; iro-ti o dara ju imudojuiwọn; # Ṣe o nilo lori aṣẹ Debian; aṣayan ip-firanšẹ siwaju; aṣayan-ašẹ orukọ "swl.fan"; pẹlu "/etc/dhcp/dhcp.key"; agbegbe swl.fan. {akọkọ 127.0.0.1; bọtini dhcp-key; } agbegbe 10.168.192.in-addr.arpa. {akọkọ 127.0.0.1; bọtini dhcp-key; } redlocal nẹtiwọọki-pinpin {subnet 192.168.10.0 netmask 255.255.255.0 {awọn olulana aṣayan 192.168.10.1; aṣayan subnet-boju 255.255.255.0; aṣayan igbohunsafefe-adirẹsi 192.168.10.255; aṣayan awọn olupin-orukọ-apèsè 192.168.10.5; aṣayan netbios-orukọ-apèsè 192.168.10.5; aṣayan awọn olupin ntp-192.168.10.5; aṣayan awọn olupin-akoko 192.168.10.5; sakani 192.168.10.30 192.168.10.250; }}

root @ oluwa: ~ # dhcpd -t
Consortium Internet Systems Consortium Server Server DHCP 4.3.1 Aṣẹ-aṣẹ 2004-2014 Consortium Awọn ọna Intanẹẹti. Gbogbo awọn Ẹtọ wa ni ipamọ. Fun alaye, jọwọ lọsi https://www.isc.org/software/dhcp/
Ṣe atunto faili: /etc/dhcp/dhcpd.conf Faili aaye data: /var/lib/dhcp/dhcpd. tu faili PID silẹ: /var/run/dhcpd.pid

root @ titunto si: ~ # systemctl tun bẹrẹ bind9.service 
root @ titunto si: ~ # systemctl ipo bind9.service 

root @ titunto si: ~ # systemctl ibere isc-dhcp-server.service
root @ titunto si: ~ # systemctl ipo isc-dhcp-server.service

ntp

root @ titunto si: ~ # aptitude fi ntp ntpdate sii
root @ titunto si: ~ # cp /etc/ntp.conf /etc/ntp.conf.original
root @ titunto si: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift statistiki loopstats peerstats clockstats filegen loopstats faili loopstats iru ọjọ jeki filegen peerstats faili peerstats iru ọjọ jeki filegen clockstats faili aago iru ọjọ mu olupin ṣiṣẹ 192.168.10.1 ihamọ -4 aiyipada kod notrap nomodify nopeer ihamọ -6 aiyipada kod notrap nomodify nopeer noquery ni ihamọ 127.0.0.1 ni ihamọ :: 1 igbohunsafefe 192.168.10.255

root @ titunto si: ~ # systemctl tun bẹrẹ ntp.service 
root @ titunto si: ~ # systemctl ipo ntp.service
root @ titunto si: ~ # ntpdate -u sysadmin.swl.fan
27 Oṣu Karun 10:04:01 ntpdate [18769]: ṣatunṣe olupin akoko 192.168.10.1 aiṣedeede 0.369354 sec

Awọn sọwedowo agbaye fun ntp, bind9 ati olupin isc-dhcp

Lati inu Linux, BSD, Mac OS, tabi alabara Windows ṣayẹwo pe akoko ti muuṣiṣẹpọ ni deede. Pe o gba adiresi IP ti o ni agbara ati pe orukọ ti ogun naa ni ipinnu nipasẹ taara ati yiyipada awọn ibeere DNS. Yi orukọ alabara pada ki o tun ṣe gbogbo awọn sọwedowo. Maṣe tẹsiwaju titi o fi rii daju pe awọn iṣẹ ti o fi sii bẹ jina n ṣiṣẹ ni deede. Fun nkan ti a kọ gbogbo awọn nkan nipa DNS ati DHCP ni Awọn nẹtiwọọki Kọmputa fun Awọn SME.

Fifi sori ẹrọ olupin NIS

root @ titunto si: ~ # aptitude show nis
Awọn ija pẹlu: netstd (<= 1.26) Apejuwe: awọn alabara ati awọn daemons fun Iṣẹ Alaye Nẹtiwọọki (NIS) Apoti yii n pese awọn irinṣẹ fun siseto ati mimu agbegbe NIS kan. NIS, ti a mọ ni akọkọ Awọn oju-iwe Yellow (YP), ni a lo julọ lati jẹ ki awọn ẹrọ pupọ ninu nẹtiwọọki kan pin alaye akọọlẹ kanna, gẹgẹbi faili ọrọ igbaniwọle.

root @ titunto si: ~ # aptitude fi sori ẹrọ nis
Iṣeto ni package Conf Nis iṣeto ni ├──────────────── ── Yan orukọ NIS "orukọ ìkápá" fun eto yii. Ti o ba fẹ ki ẹrọ │ this yii jẹ alabara kan, o yẹ ki o tẹ orukọ ti ašẹ │ │ NIS ti o fẹ darapọ mọ. Ative │ │ │ Ni omiiran, ti ẹrọ yii ba ni lati jẹ olupin NIS, o le domain │ tẹ “orukọ ìkápá” NIS tuntun tabi orukọ ti agbegbe NIS │ │ to wa tẹlẹ. Domain │ │ │ NIS Agbegbe: │ │ │ │ swl.fan __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Yoo ṣe idaduro tirẹ nitori iṣeto iṣẹ ko si tẹlẹ bii. Jọwọ duro fun ilana lati pari.

root @ titunto si: ~ # nano / ati be be lo / aiyipada / nis
# Njẹ a jẹ olupin NIS ati pe ti o ba jẹ iru iru (awọn iye: eke, ẹrú, oluwa)?
NISSERVER = oluwa

root @ master: ~ # nano /etc/ypserv.securenets # securenets Faili yii ṣalaye awọn ẹtọ wiwọle si olupin NIS rẹ # fun awọn alabara NIS (ati awọn olupin ẹrú - ypxfrd nlo faili # yii paapaa). Faili yii ni netmask / awọn orisii nẹtiwọọki ninu. # Adirẹsi IP awọn alabara nilo lati baamu pẹlu o kere ju ọkan ninu awọn wọnyẹn. # # Ẹnikan le lo ọrọ naa “agbalejo” dipo ti netmask ti # 255.255.255.255. Awọn adirẹsi IP nikan ni a gba laaye ninu faili # yii, kii ṣe awọn orukọ ile-iṣẹ. # # Nigbagbogbo gba aaye laaye fun localhost 255.0.0.0 127.0.0.0 # Laini yii n fun iraye si gbogbo eniyan. Jọwọ ṣatunṣe! # 0.0.0.0 0.0.0.0
255.255.255.0 192.168.10.0

root @ titunto si: ~ # nano / var / yp / Makefile # Ṣe o yẹ ki a dapọ faili passwd pẹlu faili ojiji? # MERGE_PASSWD = otitọ | èké
MERGE_PASSWD = otitọ

# Ṣe o yẹ ki a dapọ faili ẹgbẹ pẹlu faili gshadow naa? # MERGE_GROUP = otitọ | èké
MERGE_GROUP = otitọ

A kọ data NIS

gbongbo @ oluwa: ~ # / usr / lib / yp / ypinit -m
Ni aaye yii, a ni lati kọ atokọ ti awọn ọmọ-ogun ti yoo ṣe awọn olupin NIS. master.swl.fan wa ninu atokọ ti awọn olupin olupin NIS. Jọwọ tẹsiwaju lati fi awọn orukọ kun fun awọn ogun miiran, ọkan fun ila kan. Nigbati o ba pari pẹlu atokọ naa, tẹ a . agbalejo atẹle lati ṣafikun: master.swl.fan ogun atẹle lati ṣafikun: Atokọ lọwọlọwọ ti awọn olupin NIS dabi eleyi: master.swl.fan Ṣe eyi tọ? [y / n: y] A nilo iṣẹju diẹ lati kọ awọn apoti isura data ... ṣe [1]: Ti fi ilana silẹ '/var/yp/swl.fan' master.swl.fan ti ṣeto bi olupin olupin NIS . Bayi o le ṣiṣe ypinit -s master.swl.fan lori gbogbo olupin ẹrú.

root @ titunto si: ~ # systemctl tun bẹrẹ nis
gbongbo @ oluwa: ~ # systemctl ipo nis

A fi awọn olumulo agbegbe kun

root @ titunto si: ~ # adduser bilbo
Fifi olumulo naa bilbo '... Fifi ẹgbẹ tuntun' bilbo '(1001) ... Fifi olumulo tuntun "bilbo' (1001) pẹlu ẹgbẹ bilbo '... Ṣiṣẹda itọsọna ile" / ile / bilbo' ... Didaakọ awọn faili lati "/ ati be be / skel '... Tẹ ọrọ igbaniwọle UNIX tuntun sii: Tun ọrọ igbaniwọle UNIX tuntun ṣe: passwd: ọrọ igbaniwọle ti ni imudojuiwọn ni pipe Yiyipada alaye olumulo fun bilbo Tẹ iye tuntun sii, tabi tẹ Tẹ lati lo aiyipada Orukọ Ni kikun []: Nọmba Yara Bagins Bilbo []: Foonu Iṣẹ []: Foonu Ile []: Omiiran []: Ṣe alaye naa tọ? [Y / n]

root @ titunto si: ~ # adduser strides root @ master: ~ # adduser legolas

ati bẹbẹ lọ.

root @ titunto si: ~ # ika legolas
Wọle: legolas Orukọ: Legolas Archer Directory: / ile / legolas Shell: / bin / bash Ko wọle. Ko si meeli. Ko si Eto.

A ṣe imudojuiwọn ibi ipamọ data NIS

root @ titunto si: / var / yp # ṣe
ṣe [1]: Titẹ sii liana '/var/yp/swl.fan' Nmu imudojuiwọn passwd.byname ... Nmu imudojuiwọn passwd.byuid ... Nmu ẹgbẹ dojuiwọn.byname ... Nmu ẹgbẹ dojuiwọn. .. Nmu ojiji.byname n ṣe imudojuiwọn ... Ti foju -> dapọ pẹlu passwd ṣe [1]: Nlọ kuro ni itọsọna '/var/yp/swl.fan'

A ṣafikun awọn aṣayan NIS si olupin isc-dhcp

root @ titunto si: ~ # nano /etc/dhcp/dhcpd.conf
ddns-imudojuiwọn-adele adele; ddns-awọn imudojuiwọn lori; ddns-ašẹ orukọ "swl.fan."; ddns-rev-domainname "in-addr.arpa."; foju awọn imudojuiwọn alabara; iro-ti o dara ju imudojuiwọn; aṣẹ; aṣayan ip-firanšẹ siwaju; aṣayan-ašẹ orukọ "swl.fan"; pẹlu "/etc/dhcp/dhcp.key"; agbegbe swl.fan. {akọkọ 127.0.0.1; bọtini dhcp-key; } agbegbe 10.168.192.in-addr.arpa. {akọkọ 127.0.0.1; bọtini dhcp-key; } redlocal nẹtiwọọki-pinpin {subnet 192.168.10.0 netmask 255.255.255.0 {awọn olulana aṣayan 192.168.10.1; aṣayan subnet-mask 255.255.255.0; aṣayan igbohunsafefe-adirẹsi 192.168.10.255; aṣayan awọn olupin-orukọ-apèsè 192.168.10.5; aṣayan netbios-orukọ-apèsè 192.168.10.5; aṣayan awọn olupin ntp-192.168.10.5; aṣayan awọn olupin-akoko 192.168.10.5;
                aṣayan nis-ašẹ "swl.fan";
                aṣayan awọn olupin-nis 192.168.10.5;
                sakani 192.168.10.30 192.168.10.250; }}

root @ oluwa: ~ # dhcpd -t
root @ titunto si: ~ # systemctl tun bẹrẹ isc-dhcp-server.service

Fifi sori ẹrọ NIS

  • A bẹrẹ lati fifi sori ẹrọ mimọ-laisi wiwo ayaworan- ti Debian 8 “Jessie”.
root @ mail: ~ # orukọ olupin -f
mail.swl.àìpẹ

root @ mail: ~ # ip addr
2: eth0: mtu 1500 qdisc pfifo_fast ipinle UP ẹgbẹ aiyipada qlen 1000 ọna asopọ / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.9/24 brd 192.168.10.255 dopin agbaye eth0

root @ mail: ~ # imoye fi sori ẹrọ nis
root @ mail: ~ # nano /etc/yp.conf # # yp.conf Faili iṣeto ni fun ilana ypbind. O le ṣalaye awọn olupin # NIS pẹlu ọwọ nibi ti wọn ko ba le rii wọn nipasẹ # igbohunsafefe lori apapọ agbegbe (eyiti o jẹ aiyipada). # # Wo oju-iwe afọwọyi ti ypbind fun sintasi ti faili yii. # # PATAKI: Fun "ypserver", lo awọn adirẹsi IP, tabi rii daju pe # olugbalejo wa ni / ati be be lo / awọn ogun. Faili yii ni o tumọ nikan # lẹẹkan, ati pe ti ko ba le de ọdọ DNS sibẹsibẹ ypserver ko le yanju ati pe ypbind kii yoo sopọ mọ olupin naa. # ypserver ypserver.network.com ypserver master.swl.fan ìkápá swl.fan

root @ mail: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Iṣapẹẹrẹ apẹẹrẹ ti iṣẹ Yipada Orukọ GNU. # Ti o ba ni awọn apejọ “glibc-doc-reference’ ati “info’ ti a fi sii, gbiyanju: # “info libc“ Yipada Iṣẹ Orukọ ”” fun alaye nipa faili yii. passwd: ibaramu nis ẹgbẹ: ibaramu nis ojiji: ibaramu nis gshadow: awọn alejo awọn faili: awọn faili dns nis awọn nẹtiwọọki: awọn ilana faili: db awọn iṣẹ awọn iṣẹ: db awọn faili ethers: db awọn faili rpc: db awọn faili netgroup: nis

root @ mail: ~ # nano /etc/pam.d/common-session
# pam-auth-imudojuiwọn (8) fun awọn alaye.
igba aṣayan pam_mkhomedir.so skel = / ati be be lo / skel umask = 077
# nibi ni awọn modulu fun-package (apo “Akọbẹrẹ”)

root @ mail: ~ ipo ipo systemctl nis
root @ mail: ~ # systemctl tun bẹrẹ nis

A pa apejọ naa ki o bẹrẹ sibẹ ṣugbọn pẹlu olumulo ti a forukọsilẹ ninu ibi ipamọ data NIS ni oluwa.swl.fan.

root @ mail: ~ # ijade
jade Asopọ si meeli ti wa ni pipade.

buzz @ sysadmin: ~ $ ssh legolas @ mail
legolas @ ọrọ igbaniwọle meeli: Ṣiṣẹda itọsọna '/ ile / legolas'. Awọn eto ti o wa pẹlu Debian GNU / Linux system jẹ sọfitiwia ọfẹ; awọn ofin pinpin deede fun eto kọọkan ni a sapejuwe ninu awọn faili kọọkan ni / usr / share / doc / * / copyright. Debian GNU / Linux wa pẹlu PATAKI KO SI ATILẸYIN ỌJA, si iye ti ofin to wulo gba laaye.
legolas @ mail: ~ $ pwd
/ ile / legolas
legolas @ mail: ~ $ 

A yipada ọrọ igbaniwọle ti olumulo legolas ati ṣayẹwo

legolas @ mail: ~ $ yppasswd 
Yiyipada alaye akọọlẹ NIS fun legolas lori master.swl.fan. Jọwọ tẹ ọrọ igbaniwọle atijọ sii: legolas Yiyipada ọrọ igbaniwọle NIS fun awọn legolas lori master.swl.fan. Jọwọ tẹ ọrọ igbaniwọle titun sii: tafatafa Ọrọigbaniwọle gbọdọ ni awọn lẹta oke ati kekere, tabi awọn lẹta ti kii ṣe. Jọwọ tẹ ọrọ igbaniwọle titun sii: Arquero2017 Jọwọ tunṣe tẹ ọrọ igbaniwọle titun: Arquero2017 Ọrọ igbaniwọle NIS ti yipada lori master.swl.fan.

legolas @ mail: ~ $ ijade
jade Asopọ si meeli ti wa ni pipade.

buzz @ sysadmin: ~ $ ssh legolas @ mail
legolas @ ká ọrọigbaniwọle: Arquero2017

Awọn eto ti o wa pẹlu Debian GNU / Linux system jẹ sọfitiwia ọfẹ; awọn ofin pinpin deede fun eto kọọkan ni a sapejuwe ninu awọn faili kọọkan ni / usr / share / doc / * / copyright. Debian GNU / Linux wa pẹlu PATAKI KO SI ATILẸYIN ỌJA, si iye ti ofin to wulo gba laaye. Wiwọle ti o kẹhin: Satidee May 27 12:51:50 2017 lati sysadmin.swl.fan
legolas @ mail: ~ $

Iṣẹ NIS ti a gbekalẹ ni olupin ati ipele alabara n ṣiṣẹ ni deede.

LDAP

Lati Wikipedia:

  • LDAP ni adape fun Protocol Access Protocol Directory Access Protocol (ni Protocol Accessory Directory Access Spanish) eyiti o tọka si ilana ipele ohun elo ti o fun laaye iraye si iṣẹ itọsọna ti o paṣẹ ati pinpin lati wa ọpọlọpọ alaye ni nẹtiwọọki ayika kan. LDAP tun ka iwe data (botilẹjẹpe eto ipamọ rẹ le yatọ) ti o le beere.Itọsọna kan jẹ ipilẹ awọn nkan pẹlu awọn abuda ti a ṣeto ni ọna ọgbọngbọn ati ọna akoso ilana. Apẹẹrẹ ti o wọpọ julọ ni itọsọna tẹlifoonu, eyiti o ni awọn lẹsẹsẹ awọn orukọ (awọn eniyan tabi awọn ajo) ti a ṣeto lẹsẹsẹ labidi, pẹlu orukọ kọọkan ti o ni adirẹsi ati nọmba tẹlifoonu kan si. Lati loye daradara, o jẹ iwe tabi folda, ninu eyiti a kọ awọn orukọ eniyan, awọn nọmba tẹlifoonu ati adirẹsi, ati pe a ṣeto rẹ ni abidi.

    Igi ilana itọsọna LDAP nigbamiran ṣe afihan ọpọlọpọ awọn iṣelu, ti ilẹ-aye, tabi awọn aala iṣeto, da lori awoṣe ti a yan. Awọn imuṣiṣẹ LDAP lọwọlọwọ nlo lati lo Orukọ Orukọ Orukọ (DNS) lati ṣe agbekalẹ awọn ipele giga ti ipo giga. Bi o ṣe n lọ kiri si itọsọna naa, awọn titẹ sii le han ti o ṣe aṣoju eniyan, awọn sipo eto, awọn atẹwe, awọn iwe aṣẹ, awọn ẹgbẹ eniyan, tabi ohunkohun ti o duro fun titẹsi ti a fun ni igi (tabi awọn titẹ sii pupọ).

    Nigbagbogbo, o tọju alaye ijẹrisi (orukọ olumulo ati ọrọ igbaniwọle) ati pe o lo lati jẹrisi, botilẹjẹpe o ṣee ṣe lati tọju alaye miiran (data olubasọrọ olumulo, ipo ti ọpọlọpọ awọn orisun nẹtiwọọki, awọn igbanilaaye, awọn iwe-ẹri, ati bẹbẹ lọ). Ni akojọpọ, LDAP jẹ ilana wiwọle ti iṣọkan si akojọpọ alaye lori nẹtiwọọki kan.

    Ẹya ti isiyi jẹ LDAPv3, ati pe o ti ṣalaye ninu RFCs RFC 2251 ati RFC 2256 (iwe ipilẹ LDAP), RFC 2829 (ọna afọwọsi fun LDAP), RFC 2830 (itẹsiwaju fun TLS), ati RFC 3377 (alaye imọ ẹrọ)

    .

Fun gigun, Ilana LDAP - ati awọn apoti isura data rẹ ti o baamu tabi kii ṣe pẹlu OpenLDAP - jẹ lilo julọ julọ ninu awọn eto idanimọ julọ loni. Gẹgẹbi apẹẹrẹ ti alaye iṣaaju, a fun ni isalẹ diẹ ninu awọn orukọ ti awọn ọna ṣiṣe -Ọfẹ tabi Aladani- ti o lo awọn apoti isura data LDAP gẹgẹbi ẹhin lati tọju gbogbo awọn ohun wọn:

  • Ṣii LDAP
  • Olupin Ilana Afun
  • Red Hat Directory Server - 389 DS
  • Awọn iṣẹ Itọsọna Novell - eDirectory
  • SUN Microsystem Ṣii DS
  • Oluṣakoso idanimọ Red Hat
  • Ọfẹ IPA
  • Samba NT4 Ayebaye Alakoso Adari.
    A fẹ lati ṣalaye pe eto yii ni idagbasoke nipasẹ Team Samba pẹlu Samba 3.xxx + OpenLDAP bi backend. Microsoft ko ṣe nkankan bii rẹ. Lọ lati awọn NT 4 Awọn oludari Aṣẹ si Awọn ilana Ṣiṣẹ wọn
  • Samba 4 ti nṣiṣe lọwọ Directory - Oluṣakoso ase
  • Ko OS kuro
  • Zentyal
  • Olupin ajọṣepọ UCS Uninvention Corporate
  • Microsoft Iroyin Directory

Imuse kọọkan ni awọn abuda tirẹ, ati pe boṣewa ati ibaramu julọ ni Ṣii LDAP.

Ilana Itọsọna, boya Microsoft atilẹba tabi Samba 4, jẹ iṣọkan ti ọpọlọpọ awọn paati akọkọ ti o jẹ:

  • Aṣa LDAP nipasẹ mejeeji Microsoft ati Samba.
  • Microsoft Windows ase o Windows ašẹ. O jẹ ipilẹ Nẹtiwọọki Microsoft.
  • Microsoft ase Adarí o Adarí Iṣakoso.
  • Kerberos ṣe adani nipasẹ mejeeji Microsoft ati Samba.

A ko gbodo dapo a Iṣẹ Itọsọna o Iṣẹ Itọsọna pẹlu kan Iroyin Iroyin o Iroyin Ilana. Eyi iṣaaju le tabi ko le gbalejo ijẹrisi Kerberos, ṣugbọn wọn ko pese iṣẹ Nẹtiwọọki Microsoft ti Ibugbe Windows kan pese, tabi ṣe wọn ni Oludari Aṣẹ Windows bi iru.

Iṣẹ Itọsọna tabi Iṣẹ Itọsọna le ṣee lo lati jẹrisi awọn olumulo ni nẹtiwọọki adalu pẹlu UNIX / Linux ati awọn alabara Windows. Fun igbehin, a gbọdọ fi eto kan sori alabara kọọkan ti o ṣe bi alabọde laarin Iṣẹ Itọsọna ati alabara Windows funrararẹ, bii Software ọfẹ. iwe.

Iṣẹ Itọsọna pẹlu OpenLDAP

  • A bẹrẹ lati fifi sori ẹrọ mimọ-laisi wiwo ayaworan- ti Debian 8 “Jessie”, pẹlu orukọ ẹrọ “oluwa” kanna ti a lo fun fifi sori NIS, bii iṣeto ti wiwo nẹtiwọọki rẹ ati faili /etc/resolv.conf. A ti fi sori ẹrọ ntp, bind9 ati olupin isc-dhcp fun olupin tuntun yii, laisi gbagbe awọn iṣayẹwo agbaye ti iṣẹ to tọ ti awọn iṣẹ mẹta iṣaaju.
root @ titunto si: ~ # aptitude fi sori ẹrọ slapd ldap-utils

Iṣeto ni package

. Iṣeto ni Slapd │ Tẹ ọrọ igbaniwọle sii fun titẹsi alabojuto itọsọna LDAP │ │ rẹ. Password │ │ password Ọrọ igbaniwọle Alakoso: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘

A ṣayẹwo iṣeto akọkọ

root @ titunto si: ~ # slapcat
dn: dc = swl, dc = olufẹ
ohunClass: ohun oke : 8510708ZN8 titẹsi Z # 1036 # 8 # 1 awọn aṣatunṣe Orukọ: cn = abojuto, dc = swl, dc = atunse afẹfẹTimestamp: 71Z

dn: cn = abojuto, dc = swl, dc = fan
objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin apejuwe: LDAP administrator userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e-da8fe1036e-entrySw8d-2-dm71c-022-entrySw16904e-da20170531205219fe-20170531205219.834422-titẹsi-000000-fancimes-c000emp000000a20170531205219-entrySwXNUMX -cXNUMXempXNUMXeXNUMXpmTmlYOVhKSUXNUMX-titẹsi-XNUMXc-XNUMX-f-XNUMX-titẹsi-XNUMX-c-XNUMX-fcf-XNUMX-titẹsi-XNUMX-cXNUMX-daXNUMXfe-XNUMX-titẹsi XNUMX-fancimes-entry-XNUMX-entry-ufr ole -iwọle: XNUMXZ # XNUMX # XNUMX # XNUMX awọn aṣatunṣe Orukọ: cn = abojuto, dc = swl, dc = atunṣe atunṣeTimestamp: XNUMXZ

A ṣe atunṣe faili /etc/ldap/ldap.conf

root @ titunto si: ~ # nano /etc/ldap/ldap.conf
MIMỌ dc = swl, dc = fan URI    ldap: // localhost

Awọn ẹgbẹ agbari ati ẹgbẹ gbogbogbo «awọn olumulo»

A ṣafikun awọn ipin Iṣeto pataki ti o kere julọ, ati ẹgbẹ “awọn olumulo” ẹgbẹ Posix eyiti a yoo ṣe gbogbo awọn ọmọ ẹgbẹ, ni atẹle apẹẹrẹ ọpọlọpọ awọn ọna ṣiṣe ti o ni ẹgbẹ naausers«. A sọ orukọ rẹ pẹlu orukọ ti «awọn olumulo» ki o maṣe wọ inu awọn ija ti o le ṣee ṣe pẹlu ẹgbẹ naa «olumulo"ti eto naa.

root @ titunto si: ~ # nano base.ldif
dn: ou = eniyan, dc = swl, dc = ohun elo fan kilasi: igbimọUnit ou: awọn eniyan dn: ou = awọn ẹgbẹ, dc = swl, dc = fan ohun kilasi: agbari swl, dc = ohun àìpẹKilasi: posixGroup cn: awọn olumulo gidNumber: 10000

root @ titunto si: ~ # ldapadd -x -D cn = abojuto, dc = swl, dc = fan -W -f base.ldif
Tẹ Ọrọigbaniwọle LDAP sii: fifi titẹsi titun sii "ou = eniyan, dc = swl, dc = fan" fifi titẹsi tuntun sii "ou = awọn ẹgbẹ, dc = swl, dc = fan"

A ṣayẹwo awọn titẹ sii ti a ṣafikun

root @ oluwa: ~ # ldapsearch -x ou = eniyan
# eniyan, swl.fan dn: ou = eniyan, dc = swl, dc = ohun àìpẹKilasi: igbimọUnit ou: eniyan

root @ titunto si: ~ # ldapsearch -x ou = awọn ẹgbẹ
# awọn ẹgbẹ, swl.fan dn: ou = awọn ẹgbẹ, dc = swl, dc = ohun àìpẹ Kilasi: igbimọUnit ou: awọn ẹgbẹ

root @ titunto si: ~ # ldapsearch -x cn = awọn olumulo
# awọn olumulo, awọn ẹgbẹ, swl.fan dn: cn = awọn olumulo, ou = awọn ẹgbẹ, dc = swl, dc = ohun elo fan kilasi: posixGroup cn: awọn olumulo gidNumber: 10000

A fi ọpọlọpọ awọn olumulo kun

Ọrọ igbaniwọle ti a gbọdọ sọ ni LDAP gbọdọ gba nipasẹ aṣẹ naa slappasswd, eyiti o da ọrọ igbaniwọle SSHA ti paroko pada.

Ọrọigbaniwọle fun awọn igbesẹ olumulo:

root @ titunto si: ~ # slappasswd 
Ọrọ igbaniwọle titun: Tun-tẹ ọrọ igbaniwọle titun sii: 
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp

Ọrọigbaniwọle fun legolas olumulo

root @ titunto si: ~ # slappasswd 
Ọrọ igbaniwọle titun: Tun-tẹ ọrọ igbaniwọle titun sii: 
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD

Ọrọ igbaniwọle fun gandalf olumulo

root @ titunto si: ~ # slappasswd 
Ọrọ igbaniwọle titun: Tun-tẹ ọrọ igbaniwọle titun sii: 
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u

root @ oluwa: ~ # nano users.ldif
dn: uid = strides, ou = eniyan, dc = swl, dc = ohun elo fan kilasi: inetOrgPerson ohun Kilasi: posixAccount ohunClass: ojijiAccount uid: awọn igbesẹ stn {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
uidNomber: 10000 gidNumber: 10000 meeli: trancos@swl.fan
gecos: Wiwọle Strider El Rey Shell: / bin / bash Ile itọsọna: / ile / strider dn: uid = legolas, ou = eniyan, dc = swl, dc = ohun elo fan: kilasi inetOrgPerson Ohun kilasi: posixAccount ohunClass: ojijiAccount uid: legolas cname: fi Legolas sn: tafatafa olumulo Ọrọigbaniwọle: {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
uidNomber: 10001 gidNumber: 10000 meeli: legolas@swl.fan
gecos: Wiwọle Legolas Archer Ikarahun: / bin / bash Ile itọsọna: / ile / legolas dn: uid = gandalf, ou = eniyan, dc = swl, dc = nkan ohun elo kilasi: inetOrgPerson ohunClass: posixAccount ohunClass: ojijiAccount uid: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname: gandalf cname Gandalf sn: Olumulo Wizard Ọrọigbaniwọle: {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
uidNomber: 10002 gidNumber: 10000 meeli: gandalf@swl.fan
gecos: Gandalf Wiwọle Wizard Shell: / bin / bash Ilana Itọsọna: / ile / gandalf

root @ titunto si: ~ # ldapadd -x -D cn = abojuto, dc = swl, dc = fan -W -f users.ldif
Tẹ Ọrọigbaniwọle LDAP sii: fifi titẹsi titun sii "uid = awọn igbesẹ, ou = eniyan, dc = swl, dc = fan" fifi titẹsi tuntun sii "uid = legolas, ou = eniyan, dc = swl, dc = fan" fifi titẹsi tuntun sii "uid = gandalf, ou = eniyan, dc = swl, dc = fan "

A ṣayẹwo awọn titẹ sii ti a ṣafikun

root @ titunto si: ~ # ldapsearch -x cn = awọn igbesẹ
root @ titunto si: ~ # ldapsearch -x uid = awọn igbesẹ

A ṣakoso ibi ipamọ data slpad pẹlu awọn ohun elo itunu

A yan package naa awọn iwe afọwọkọ fun iru iṣẹ-ṣiṣe bẹ. Fifi sori ẹrọ ati ilana iṣeto ni atẹle:

root @ titunto si: ~ # aptitude fi awọn ldapscripts sii
 
root @ titunto si: ~ # mv /etc/ldapscripts/ldapscripts.conf \
/etc/ldapscripts/ldapscripts.conf.original
 
root @ titunto si: ~ # nano /etc/ldapscripts/ldapscripts.conf
SERVER = localhost BINDDN = 'cn = abojuto, dc = swl, dc = fan' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = awọn ẹgbẹ' USUFFIX = 'ou = eniyan' # MSUFFIX = 'ou = Awọn kọmputa' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # OpenLDAP alabara paṣẹ LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELE / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixGPL = / etc etc " . /ldapadduser.template "PASSWORDGEN =" iwoyi% u "

Ṣe akiyesi pe awọn iwe afọwọkọ lo awọn pipaṣẹ package Awọn ohun elo ldap. Ṣiṣe dpkg -L ldap-ohun-elo | ọra / bin lati mọ ohun ti wọn jẹ.

root @ titunto si: ~ # sh -c "iwoyi -n 'abojuto-ọrọigbaniwọle'> \
/etc/ldapscripts/ldapscripts.passwd "
 
root @ titunto si: ~ # chmod 400 /etc/ldapscripts/ldapscripts.passwd
 
root @ titunto si: ~ # cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \
/etc/ldapscripts/ldapadduser.template
 
root @ titunto si: ~ # nano /etc/ldapscripts/ldapadduser.template
dn: uid = , , ohunClass: inetOrgPerson ohunClass: posixAccount ohunClass: ojijiAccount uid: cn: orukọ afifun: sn: fi oruko han: Nọmba: Nọmba ile: Ile 10000 Itọsọna: Iwọle: Ikarahun: meeli: @ swl.fan geckos: apejuwe: User Account
 
root @ titunto si: ~ # nano /etc/ldapscripts/ldapscripts.conf
## a yọ asọye naa kuro UTEMPLATE = "/ ati be be / ldapscripts / ldapadduser.template"

A ṣafikun olumulo “bilbo” a jẹ ki o jẹ ọmọ ẹgbẹ ti “awọn olumulo” ẹgbẹ

root @ titunto si: ~ # ldapadduser bilbo awọn olumulo
[dn: uid = bilbo, ou = eniyan, dc = swl, dc = fan] Tẹ iye sii fun "orukọ ti a fun": Bilbo [dn: uid = bilbo, ou = eniyan, dc = swl, dc = fan] Tẹ iye sii fun " sn ": Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Tẹ iye sii fun" ifihanName ": Bilbo Bagins Ni ifikun ifikun olumulo bilbo si LDAP Ni aṣeyọri ṣeto ọrọ igbaniwọle fun bilbo olumulo

root @ titunto si: ~ # ldapsearch -x uid = bilbo
# bilbo, eniyan, swl.fan dn: uid = bilbo, ou = eniyan, dc = swl, dc = ohun elo fanKilasi: inetOrgPerson ohunClass: posix uidNomber: 10003 gid Nomba: 10000 ile Itọsọna: / ile / wiwọle bilbo Shell: / bin / bash meeli: bilbo@swl.fan
gecos: bilbo apejuwe: User Account

Lati wo eli ti ọrọ igbaniwọle ti olumulo bilbo, o jẹ dandan lati ṣe ibeere pẹlu ijẹrisi:

root @ titunto si: ~ # ldapsearch -x -D cn = abojuto, dc = swl, dc = fan -W uid = bilbo

Lati pa olumulo bilbo ti a ṣiṣẹ:

root @ titunto si: ~ # ldapdelete -x -D cn = abojuto, dc = swl, dc = fan -W uid = bilbo, ou = eniyan, dc = swl, dc = fan
Tẹ Ọrọigbaniwọle LDAP sii:

root @ titunto si: ~ # ldapsearch -x uid = bilbo

A ṣakoso ibi ipamọ data slapd nipasẹ wiwo wẹẹbu kan

A ni Iṣẹ Itọsọna iṣẹ, ati pe a fẹ lati ṣakoso rẹ ni irọrun diẹ sii. Awọn eto pupọ wa ti a ṣe apẹrẹ fun iṣẹ yii, bii phpldapadmin, oluṣakoso-iroyin-ldap, ati bẹbẹ lọ, eyiti o wa ni taara lati awọn ibi ipamọ. A tun le ṣakoso Iṣẹ Itọsọna nipasẹ awọn Afun Directory Studio, eyiti a gbọdọ ṣe igbasilẹ lati Intanẹẹti.

Fun alaye diẹ sii, jọwọ ṣabẹwo https://blog.desdelinux.net/ldap-introduccion/, ati awọn nkan 6 ti o tẹle.

LDAP alabara

Ipele:

Sọ pe a ni ẹgbẹ naa mail.swl.àìpẹ bi olupin meeli ti a ṣe bi a ti rii ninu nkan naa Postfix + Dovecot + Squirrelmail ati awọn olumulo agbegbe, eyiti botilẹjẹpe o dagbasoke lori CentOS, le ṣiṣẹ daradara bi itọsọna fun Debian ati ọpọlọpọ awọn distros Linux miiran. A fẹ iyẹn, ni afikun si awọn olumulo agbegbe ti a ti kede tẹlẹ, awọn olumulo ti o fipamọ sinu ibi ipamọ data OpenLDAP ti o wa ninu oluwa.swl.fan. Lati ṣaṣeyọri eyi a gbọdọ «ya jade»Si awọn olumulo LDAP bi awọn olumulo agbegbe lori olupin mail.swl.àìpẹ. Ojutu yii tun wulo fun eyikeyi iṣẹ ti o da lori ijẹrisi PAM. Ilana gbogbogbo fun Debian, ni atẹle:

root @ mail: ~ # aptitude fi sori ẹrọ libnss-ldap libpam-ldap ldap-utils

  ┌────────────────────┤ Iṣeto ni ti libnss-ldap ├─────────────────────┐ │ Tẹ URI sii (“Idanimọ Aṣoju Iṣọkan”, tabi │ │ Idanimọ Aṣoju Iṣọkan) ti olupin LDAP. Okun yii jọra si │ │ «ldap: //: / ». O tun le │ │ lo «ldaps: // » tabi "ldapi: //". Nọmba ibudo jẹ aṣayan. │ │ │ │ A ṣe iṣeduro lati lo adiresi IP kan lati yago fun ikuna nigbati awọn iṣẹ orukọ orukọ domain │ ko ba si. Server │ │ │ olupin LDAP URI: │ │ │ │ ldap: //master.swl.fan__________________________________________________ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────────── ┤ Iṣeto ni ti libnss-ldap │ Tẹ orukọ iyasọtọ (DN) ti ipilẹ wiwa LDAP sii. Ọpọlọpọ awọn aaye las │ lo awọn paati ti orukọ ìkápá fun idi │ │ yii. Fun apeere, ase "example.net" yoo lo │ │ "dc = apẹẹrẹ, dc = net" bi orukọ iyasọtọ ti ipilẹ iṣawari. │ │ │ │ Orukọ iyasọtọ (DN) ti ipilẹ wiwa: │ │ │ │ dc = swl, dc = fan ________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libnss-ldap ├──────────────────────┐ Tẹ ikede ti ilana LDAP ti awọn ldapns yẹ ki o lo. O ti ni iṣeduro │ │ lati lo nọmba ẹya ti o ga julọ ti o wa. Version │ │ │ LDAP ẹya lati lo: │ │ │ │                                     3                                     │ 2 │ │ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libnss-ldap Yan akọọlẹ wo ni yoo ṣee lo fun awọn ibeere nss pẹlu awọn anfani root privile │ │ │ │ │ Akọsilẹ: Fun aṣayan yii lati ṣiṣẹ, akọọlẹ naa nilo awọn igbanilaaye si │ │ ni anfani lati wọle si awọn abuda LDAP ti o ni nkan ṣe pẹlu awọn titẹ sii olumulo user │ "ojiji" ati awọn ọrọ igbaniwọle ti awọn olumulo ati awọn ẹgbẹ │ │ . Account │ │ │ Iwe iroyin LDAP fun gbongbo: │ │ │ │ cn = abojuto, dc = swl, dc = fan ___________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libnss-ldap ├─────────────────────┐ │ Tẹ ọrọ igbaniwọle sii lati ṣee lo nigbati libnss-ldap gbìyànjú lati │ │ jẹrisi si itọsọna LDAP pẹlu akọọlẹ LDAP ti gbongbo. │ │ │ │ Ọrọ igbaniwọle yoo wa ni fipamọ ni faili ọtọtọ │ │ ("/etc/libnss-ldap.secret") ti gbongbo nikan le wọle. │ │ │ │ Ti o ba tẹ ọrọ igbaniwọle ṣofo, ọrọ igbaniwọle atijọ yoo tun lo. │ │ │ │ Ọrọigbaniwọle fun akọọlẹ LDAP gbongbo: │ │ │ **** ******** ________________________________ │ │ └────────────────────────────────────────────── ┌──────────────────── ─┤ Iṣeto ni ti libnss-ldap ├──────────────────────┐ │ │ │ nsswitch.conf ko ṣakoso ni adase │ │ │ │ O gbọdọ yipada faili rẹ "/etc/nsswitch.conf "lati lo orisun data LDAP ti o ba fẹ pe package libnss-ldap ṣiṣẹ. │ │ O le lo faili apẹẹrẹ │ │ ni "/usr/share/doc/libnss-ldap/examples/nsswitch.ldap" bi apẹẹrẹ ti iṣeto nsswitch tabi │ │ o le daakọ lori iṣeto rẹ lọwọlọwọ. │ │ │ Akiyesi pe ṣaaju yiyọ kuro yii o le rọrun lati “yọ awọn titẹ sii“ ldap ”kuro ni faili nsswitch.conf ki awọn iṣẹ ipilẹ basic │ tẹsiwaju lati ṣiṣẹ. │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libpam-ldap Option │ │ │ Aṣayan yii ngbanilaaye awọn irinṣẹ ọrọigbaniwọle nipa lilo PAM lati yi awọn ọrọ igbaniwọle agbegbe pada. │ │ │ │ Ọrọ igbaniwọle fun akọọlẹ olutọju LDAP yoo wa ni fipamọ ni faili separate separate ọtọ kan ti o le ka nipasẹ olutọju nikan. Option │ │ │ Aṣayan yii yẹ ki o jẹ alaabo, ti o ba gbe "/ ati be be lo" nipasẹ NFS. │ │ │ │ Ṣe o fẹ gba akọọlẹ olutọju LDAP laaye lati huwa bi │ │ olutọju agbegbe? │ │ │                                            │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libpam-ldap │ │ │ │ Yan boya olupin LDAP fi agbara mu idanimọ ṣaaju gbigba awọn titẹ sii entradas │. │ │ │ │ Eto yii kii ṣe pataki. │ │ │ │ Ṣe o nilo olumulo lati wọle si ibi ipamọ data LDAP? │ │ │                                               │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libpam-ldap ├──────────────────────┐ Tẹ orukọ ti iwe iroyin alakoso LDAP sii. │ │ │ │ A yoo lo akọọlẹ yii laifọwọyi fun iṣakoso ibi ipamọ data, nitorinaa o gbọdọ ni awọn anfaani iṣakoso to yẹ. Account │ │ │ Iwe iroyin olutọju LDAP: │ │ │ │ cn = abojuto, dc = swl, dc = fan ___________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌─────────────────── ──┤ Iṣeto ni ti libpam-ldap │ │ Tẹ ọrọ igbaniwọle sii fun iroyin alakoso. │ │ │ │ Ọrọ igbaniwọle naa yoo wa ni fipamọ ninu faili naa "/etc/pam_ldap.secret". Oluṣakoso │ │ yoo jẹ ẹni kan ti o le ka faili yii, ati pe yoo gba │ │ libpam-ldap laaye lati ṣakoso iṣakoso awọn isopọ laifọwọyi ni ibi ipamọ data │ │. │ │ │ │ Ti o ba fi aaye yii silẹ ni ofo, ọrọ igbaniwọle ti o ti fipamọ tẹlẹ │ │ yoo tun lo. Password │ │ │ ọrọ igbaniwọle olutọju LDAP: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

root @ mail: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Iṣapẹẹrẹ apẹẹrẹ ti iṣẹ Yipada Orukọ GNU. # Ti o ba ni awọn apejọ “glibc-doc-reference’ ati “info’ ti a fi sii, gbiyanju: # “info libc“ Yipada Iṣẹ Orukọ ”” fun alaye nipa faili yii. passwd: ibaramu lìp
ẹgbẹ: kompat lìp
ojiji: kompat lìp
gshadow: awọn ogun awọn faili: awọn nẹtiwọọki dns awọn faili: Awọn ilana ilana faili: awọn iṣẹ db awọn faili: db awọn faili ati

Jẹ ki a satunkọ faili naa /etc/pam.d/ wọpọ-ọrọ igbaniwọle, a lọ si laini 26 ati imukuro iye «lilo_authtok":

root @ mail: ~ # nano /etc/pam.d/common-password
# # /etc/pam.d/common-password - awọn modulu ti o ni ọrọ igbaniwọle wọpọ si gbogbo awọn iṣẹ # # Faili yii wa pẹlu awọn faili atunto PAM iṣẹ-pato kan pato, # ati pe o yẹ ki o ni atokọ awọn modulu ti o ṣalaye awọn iṣẹ lati jẹ # lo lati yi awọn ọrọ igbaniwọle olumulo pada. Awọn aiyipada ni pam_unix. # Alaye ti awọn aṣayan pam_unix: # # Aṣayan "sha512" n jẹ ki awọn ọrọ igbaniwọle SHA512 iyọ. Laisi aṣayan yii, # aiyipada ni Unix crypt. Awọn tujade iṣaaju lo aṣayan "md5". # # "Aṣayan" aibikita "rọpo aṣayan atijọ" OBSCURE_CHECKS_ENAB 'ni # login.defs. # # Wo oju-iwe pam_unix fun awọn aṣayan miiran. # Gẹgẹ bi pam 1.0.1-6, faili yii ni iṣakoso nipasẹ pam-auth-imudojuiwọn nipasẹ aiyipada. # Lati ni anfani eyi, o ni iṣeduro pe ki o tunto eyikeyi awọn modulu agbegbe boya ṣaaju tabi lẹhin idiwọ aiyipada, ati lo # pam-auth-imudojuiwọn lati ṣakoso yiyan awọn modulu miiran. Wo # pam-auth-imudojuiwọn (8) fun awọn alaye. # nibi ni awọn modulu fun-package (ọrọ “Akọbẹrẹ”) ọrọigbaniwọle [aṣeyọri = aiyipada 2 = foju] pam_unix.so ibitiopamo sha512
ọrọ igbaniwọle [aṣeyọri = 1 user_unknown = foju aiyipada = ku] pam_ldap.so try_first_pass
# eyi ni isubu ti ko ba si module ti o ṣaṣeyọri ọrọigbaniwọle ti o nilo pam_deny.so # nomba akopọ pẹlu iye ipadabọ rere ti ko ba si tẹlẹ; # eyi yago fun wa lati pada aṣiṣe kan nitori pe ko si ohunkan ti o ṣeto koodu aṣeyọri # nitori awọn modulu ti o wa loke kọọkan yoo kan fo ni ayika ọrọ igbaniwọle ti o nilo pam_permit.so # ati pe awọn modulu fun-package diẹ sii (“Afikun” idena) # ipari ti pam- atunto-imudojuiwọn

Ni ọran ti a nilo iwọle Wiwọle ti agbegbe ti awọn olumulo ti o fipamọ sinu LDAP, ati pe a fẹ ki a ṣẹda awọn folda wọn laifọwọyi ile, a gbọdọ satunkọ faili naa /etc/pam.d/ipo-igba ki o ṣafikun laini atẹle si opin faili naa:

igba aṣayan pam_mkhomedir.so skel = / ati be be lo / skel umask = 077

Ninu apẹẹrẹ Iṣẹ OpenLDAP Directory ti dagbasoke ni iṣaaju, olumulo agbegbe ti o ṣẹda nikan ni olumulo Buzz, lakoko ti o wa ni LDAP a ṣẹda awọn olumulo awọn igbesẹ, Legolas, gandalfati bilbo. Ti awọn atunto ti a ṣe titi di deede, lẹhinna o yẹ ki a ni anfani lati ṣe atokọ awọn olumulo agbegbe ati awọn ti ya aworan bi agbegbe ṣugbọn o fipamọ sinu olupin LDAP latọna jijin:

root @ mail: ~ # getent passwd 
buzz: x: 1001: 1001: Buzz Debian First OS ,,,: / ile / buzz: / bin / bash
Awọn igbesẹ: x: 10000: 10000: Strides El Rey: / ile / awọn igbesẹ: / bin / bash
legolas: x: 10001: 10000: Legolas Tafatafa: / ile / legolas: / bin / bash
gandalf: x: 10002: 10000: Gandalf The oso: / ile / gandalf: / bin / bash
bilbo: x: 10003: 10000: bilbo: / ile / bilbo: / bin / bash

Lẹhin awọn ayipada ninu ijẹrisi eto naa, o jẹ deede lati tun bẹrẹ olupin bibẹkọ ti a n dojukọ iṣẹ pataki kan:

root @ mail: ~ # atunbere

Nigbamii a bẹrẹ igba agbegbe kan lori olupin naa mail.swl.àìpẹ pẹlu awọn iwe eri ti olumulo ti o fipamọ sinu ibi ipamọ data LDAP ti oluwa.swl.fan. A tun le gbiyanju lati wọle nipasẹ SSH.

 

buzz @ sysadmin: ~ $ ssh gandalf @ meeli
gandalf @ ọrọ igbaniwọle meeli: Ṣiṣẹda itọsọna '/ ile / gandalf'. Awọn eto ti o wa pẹlu Debian GNU / Linux system jẹ sọfitiwia ọfẹ; awọn ofin pinpin deede fun eto kọọkan ni a sapejuwe ninu awọn faili kọọkan ni / usr / share / doc / * / copyright. Debian GNU / Linux wa pẹlu PATAKI KO SI ATILẸYIN ỌJA, si iye ti ofin to wulo gba laaye.
gandalf @ mail: ~ $ su
Ọrọ aṣina:

root @ mail: / ile / gandalf # ẹgbẹ getent
ariwo: x: 1001: awọn olumulo: *: 10000:

root @ mail: / ile / gandalf # ijade
Jade

gandalf @ mail: ~ $ ls -l / ile /
lapapọ 8 drwxr-xr-x 2 aruwo aruwo     4096 Jun 17 12:25 buzz drwx ------ 2 awọn olumulo gandalf 4096 Jun 17 13:05 gandalf

Iṣẹ Itọsọna ti a ṣe ni olupin ati ipele alabara, n ṣiṣẹ ni deede.

Kerberos

Lati Wikipedia:

  • Kerberos jẹ ilana ijẹrisi nẹtiwọọki kọnputa ti a ṣẹda nipasẹ MIT ti o fun laaye awọn kọmputa meji lori nẹtiwọọki ti ko ni aabo lati fi idi idanimọ wọn mulẹ larin ara wọn. Awọn apẹẹrẹ rẹ ni iṣojukọ akọkọ lori awoṣe olupin-alabara, ati pe o pese ijẹrisi apapọ: alabara ati olupin rii daju idanimọ ti ara wọn. Awọn ifiranṣẹ ijerisi ni aabo lati daabobo igbọran y tun ku.

    Kerberos da lori kryptokurrency bọtini titiipa ati nilo ẹnikẹta ti o gbẹkẹle. Ni afikun, awọn ifaagun wa si ilana lati ni anfani lati lo cryptography bọtini asymmetric.

    Kerberos da lori awọn Ilana Ilana Needham-Schroeder. O nlo ẹnikẹta ti o gbẹkẹle, ti a pe ni “Ile-iṣẹ Pinpin Bọtini” (KDC), eyiti o ni awọn ẹya oye meji ọtọtọ: “Olupin Ijeri” (AS tabi Olupin Ijeri) ati a «olupin ipinfunni tikẹti» (TGS tabi Olufunni fifunni Tiketi). Kerberos n ṣiṣẹ lori ipilẹ ti “awọn tikẹti”, eyiti o ṣiṣẹ lati jẹrisi idanimọ awọn olumulo.

    Kerberos ṣetọju ibi ipamọ data ti awọn bọtini ikoko; Ohunkan kọọkan lori nẹtiwọọki - jẹ alabara tabi olupin - ṣe alabapin bọtini ikoko ti o mọ nikan fun ara rẹ ati Kerberos. Imọ ti bọtini yii n ṣiṣẹ lati jẹrisi idanimọ ti nkankan. Fun ibaraẹnisọrọ laarin awọn nkan meji, Kerberos ṣe agbejade bọtini igba kan, eyiti wọn le lo lati ni aabo awọn iṣoro wọn.

Awọn alailanfani ti Kerberos

De ecured:

Paapaa botilẹjẹpe Kerberos yọ irokeke aabo ti o wọpọ, o le nira lati ṣe fun ọpọlọpọ awọn idi:

  • Iṣipo awọn ọrọigbaniwọle olumulo lati ibi ipamọ data ọrọigbaniwọle boṣewa UNIX, bii / ati be be lo / passwd tabi / ati be be lo / ojiji, si ibi ipamọ data ọrọigbaniwọle Kerberos, le jẹ ibanujẹ ati pe ko si ọna iyara lati ṣe iṣẹ yii.
  • Kerberos dawọle pe olumulo kọọkan ni igbẹkẹle, ṣugbọn nlo ẹrọ ti ko ni igbẹkẹle lori nẹtiwọọki ti ko ni igbẹkẹle. Ohun pataki rẹ ni lati ṣe idiwọ awọn ọrọigbaniwọle ti a ko papamọ lati firanṣẹ lori nẹtiwọọki. Sibẹsibẹ, ti olumulo eyikeyi miiran, yatọ si olumulo ti o yẹ, ni iraye si ẹrọ tikẹti (KDC) fun ìfàṣẹsí, Kerberos yoo wa ni Ewu.
  • Fun ohun elo lati lo Kerberos, koodu gbọdọ wa ni iyipada lati ṣe awọn ipe to pe si awọn ile-ikawe Kerberos. Awọn ohun elo ti a ṣe atunṣe ni ọna yii ni a kà si kerberized. Fun diẹ ninu awọn ohun elo, eyi le jẹ igbiyanju siseto apọju, nitori iwọn ohun elo naa tabi Apẹrẹ rẹ. Fun awọn ohun elo miiran ti ko ni ibamu, awọn ayipada gbọdọ ṣe si ọna olupin nẹtiwọọki ati awọn alabara rẹ ibasọrọ; lẹẹkansi, eyi le gba diẹ ninu siseto. Ni gbogbogbo, awọn ohun elo orisun pipade ti ko ni atilẹyin Kerberos nigbagbogbo jẹ iṣoro julọ.
  • Lakotan, ti o ba pinnu lati lo Kerberos lori nẹtiwọọki rẹ, o gbọdọ mọ pe o jẹ gbogbo tabi ohunkohun yiyan. Ti o ba pinnu lati lo Kerberos lori nẹtiwọọki rẹ, o gbọdọ ranti pe ti o ba kọja eyikeyi awọn ọrọigbaniwọle si iṣẹ kan ti ko lo Kerberos lati jẹrisi, o ni eewu pe o le gba apo-iwe naa. Nitorinaa, nẹtiwọọki rẹ kii yoo ni anfani eyikeyi lati lilo Kerberos. Lati ni aabo nẹtiwọọki rẹ pẹlu Kerberos, o yẹ ki o lo awọn ẹya kerberized ti gbogbo alabara / awọn ohun elo olupin ti o firanṣẹ awọn ọrọ igbaniwọle ti ko ni ikọkọ tabi ko lo eyikeyi ninu awọn ohun elo wọnyi lori nẹtiwọọki.

Ṣiṣe ọwọ pẹlu ọwọ ati tunto OpenLDAP bi Kerberos Back-End kii ṣe iṣẹ ti o rọrun. Sibẹsibẹ, nigbamii a yoo rii pe Ilana Ṣiṣẹ Samba 4 - Oluṣakoso Aṣẹ ṣepọ ni ọna ti o han gbangba fun Sysadmin, olupin DNS kan, Nẹtiwọọki Microsoft ati Alabojuto Aṣẹ rẹ, olupin LDAP bi Afẹhinti ti o fẹrẹ to gbogbo awọn nkan rẹ, ati iṣẹ ijẹrisi ti o da lori Kerberos gẹgẹbi awọn paati ipilẹ ti Ilana Itọsọna Microsoft-ara.

Titi di oni a ko ni iwulo lati ṣe “Nẹtiwọọki Kerberized”. Eyi ni idi ti a ko kọ nipa bi a ṣe le ṣe imuse Kerberos.

Samba 4 ti nṣiṣe lọwọ Directory - Oluṣakoso ase

Pataki:

Ko si iwe ti o dara julọ ju aaye lọ wiki.samba.org. Sysadmin ti o bọwọ fun ara ẹni yẹ ki o ṣabẹwo si aaye yẹn-ni ede Gẹẹsi- ki o lọ kiri lori nọmba nla ti awọn oju-iwe ti a ṣe igbẹhin patapata si Samba 4, ti Team Samba kọ funrararẹ. Emi ko gbagbọ pe awọn iwe aṣẹ wa lori Intanẹẹti lati rọpo rẹ. Ni ọna, ṣe akiyesi nọmba awọn ọdọọdun ti o farahan ni isalẹ oju-iwe kọọkan. Apẹẹrẹ ti eyi ni pe oju-iwe akọkọ rẹ tabi «Oju-iwe Akọkọ» ti ṣabẹwo 276,183 awọn igba bi ti oni Okudu 20, 2017 ni 10: 10 Aago Ilẹ Ila-oorun. Ni afikun, awọn iwe naa wa ni imudojuiwọn titi di oni, bi oju-iwe yẹn ti yipada ni Oṣu Karun ọjọ 6.

Lati Wikipedia:

Samba jẹ imuse ọfẹ ti Protocol Pipin faili Windows Windows Microsoft (eyiti a pe ni SMB tẹlẹ, ti a tun lorukọ CIFS laipẹ) fun awọn eto iru UNIX. Ni ọna yii, o ṣee ṣe pe awọn kọnputa pẹlu GNU / Linux, Mac OS X tabi Unix ni gbogbogbo dabi awọn olupin tabi ṣiṣẹ bi awọn alabara ni awọn nẹtiwọọki Windows. Samba tun ngbanilaaye awọn olumulo lati ṣe afọwọsi bi Alakoso Adari Alakọbẹrẹ (PDC), bi ọmọ ẹgbẹ ìkápá kan ati paapaa bi ìkápá Itọsọna Iroyin fun awọn nẹtiwọọki orisun Windows; yato si ni anfani lati sin awọn isinyi atẹjade, awọn ilana ti o pin ati jẹrisi pẹlu ile ifi nkan pamosi olumulo rẹ.

Lara awọn eto irufẹ Unix lori eyiti Samba le ṣiṣẹ ni awọn pinpin GNU / Linux, Solaris ati awọn oriṣiriṣi BSD oriṣiriṣi laarin awọn ti a le rii Apple's Mac OS X Server.

Samba 4 AD-DC pẹlu DNS inu rẹ

  • A bẹrẹ lati fifi sori ẹrọ mimọ-laisi wiwo ayaworan- ti Debian 8 “Jessie”.

Awọn iṣayẹwo akọkọ

root @ titunto si: ~ # orukọ olupin
titunto si
root @ titunto si: ~ # orukọ olupin --fqdn
oluwa.swl.fan
root @ titunto si: ~ # ip addr
1: kini: mtu 65536 qdisc noqueue ipinle UNKNOWN ọna asopọ aiyipada ẹgbẹ / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 agbalejo dopin wo valid_lft lailai prefer_lft lailai inet6 :: 1/128 agbalejo oniduro valid_lft lailai ti a fẹ_lft lailai 2: eth0: mtu 1500 qdisc pfifo_fast ipinle AIMỌ ẹgbẹ aiyipada qlen 1000 ọna asopọ / ether 00: 0c: 29: 80: 3b: 3f brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.5/24 brd 192.168.10.255 dopin agbaye eth0
       valid_lft lailai afihan_lft lailai inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 ọna asopọ dopin valid_lft lailai afihan_lft lailai
root @ oluwa: ~ # cat /etc/resolv.conf
wa swl.fan orukọ olupin 127.0.0.1
  • Pẹlu eyiti a fi kede ẹka naa akọkọ nikan, o ju to fun awọn idi wa.
root @ titunto si: ~ # ologbo /etc/apt/sources.list
gbese http://192.168.10.1/repos/jessie-8.6/debian/ jessie akọkọ
gbese http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / awọn imudojuiwọn akọkọ

Postfix nipasẹ Exim ati awọn ohun elo

root @ titunto si: ~ # aptitude fi sori ẹrọ postfix htop mc deborphan

  Conf Iṣeto ni Postfix ├───────────────────── Yan iru iṣeto olupin olupin meeli ti o baamu fun aini rẹ │ │. │ │ │ │ Ko si iṣeto: │ │ Nmu iṣeto lọwọlọwọ lọwọ. Site site Aaye ayelujara: │ │ Mail ti firanṣẹ ati gba taara ni lilo SMTP. │ │ Intanẹẹti pẹlu "smarthost": │ │ Mail ti gba taara ni lilo SMTP tabi nipa ṣiṣiṣẹ ohun elo │ like bii "fetchmail". Ti firanṣẹ meeli ti njade ni lilo │ │ a "smarthost". Mail mail Meeli agbegbe nikan: │ │ Meeli nikan ti a firanṣẹ ni fun awọn olumulo agbegbe. Rara │ │ nẹtiwọọki kan wa. Type │ │ │ Iru jalẹ iṣeto ni meeli: │ │ │ │ Ko si iṣeto-ọrọ │ Ayelujara Intanẹẹti │ Intanẹẹti pẹlu “smarthost” │ Eto satẹlaiti │ │                         Meeli ti agbegbe nikan                                │ │ │ │ │                                     │ │ └────────────────────────────────────────────── ┌──────────────────── Conf Iṣeto ni Postfix ├─────────────────────────┐ "“ Orukọ eto meeli ”ni orukọ ibugbe ti │ Used ni a lo lati “pege” awọn adirẹsi imeeli _ALL_ laisi orukọ ìkápá kan. Eyi pẹlu meeli si ati lati "gbongbo": jọwọ maṣe ṣe │ │ ẹrọ rẹ lati firanṣẹ awọn imeeli lati root@example.org lati │ │ kere ju root@example.org beere. Programs │ │ │ Awọn eto miiran yoo lo orukọ yii. O gbọdọ jẹ alailẹgbẹ name │ orukọ ašẹ ti oṣiṣẹ (FQDN). │ │ │ │ Nitorina, ti adirẹsi imeeli lori ẹrọ agbegbe ba jẹ │ │ nkankan@example.org, iye to pe fun aṣayan yii yoo jẹ apẹẹrẹ.org. System │ │ │ Orukọ eto meeli: │ │ │ │ master.swl.fan _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

A nu

gbongbo @ oluwa: ~ imukuro aptitude ~ c
root @ titunto si: ~ # aptitude fi sori ẹrọ -f
root @ titunto si: ~ imọraye mimọ
gbongbo @ oluwa: ~ autoclean aptitude

A fi awọn ibeere sii lati ṣajọ Samba 4 ati awọn idii pataki miiran

root @ titunto si: ~ # aptitude fi sori ẹrọ acl attr autoconf bison \
kọ-pataki debhelper dnsutils docbook-xml docbook-xsl flex gdb \
krb5-olumulo libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses 5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev perl perl-modulu pkg-config \
Python-all-dev Python-dev Python-dnspython Python-crypto \
xsltproc zlib1g-dev libgpgme 11-dev python-gpgme Python-m2crypto \
libgnutls28-dbg awọn ohun elo-dev ldap-utils krb5-atunto

 Ṣiṣeto ijẹrisi Kerberos │ Nigbati awọn olumulo gbiyanju lati lo Kerberos ki o sọ orukọ kan pato │ │ ọga tabi olumulo laisi ṣiṣe alaye si eyiti iṣakoso Kerberos ašẹ akọkọ │ │ jẹ, eto naa gba ijọba aiyipada │ │.  Aaye aiyipada tun le ṣee lo bi ijọba │ of ti iṣẹ Kerberos ti n ṣiṣẹ lori ẹrọ agbegbe.  │ Ni igbagbogbo, ijọba aiyipada ni orukọ oke nla ti agbegbe DNS │ │ agbegbe.  Er │ │ │ Kerberos version 5 ibugbe aiyipada: │ │ │ │ SWL.FAN __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── Ṣiṣeto ijẹrisi Kerberos Tẹ awọn orukọ ti awọn olupin Kerberos sii ni agbegbe SWL.FAN ti │ │ Kerberos, ti a ya sọtọ nipasẹ awọn alafo.  Servers │ │ │ Awọn olupin Kerberos fun ijọba rẹ: │ │ │ │ master.swl.fan _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── Ṣiṣeto ijẹrisi Kerberos ├───────────────┐ │ Tẹ orukọ olupin olupin sii (iyipada ọrọ igbaniwọle) │ │ fun ijọba Kerberos SWL.FAN.   

Ilana ti o wa loke gba akoko diẹ nitori a ko ni awọn iṣẹ DNS eyikeyi ti a fi sii sibẹsibẹ. Sibẹsibẹ, o yan aṣẹ-aṣẹ ni pipe nipasẹ awọn eto faili / Ati be be / ogun. Ranti pe ninu faili naa /etc/resolv.conf a ti ṣalaye bi olupin orukọ orukọ ìkápá si IP 127.0.0.1.

Nisisiyi a tunto faili / ati be be lo / ldap / ldap / conf

root @ titunto si: ~ # nano /etc/ldap/ldap.conf
MIMỌ dc = swl, dc = fan URI ldap: //master.swl.fan

Fun awọn ibeere nipa lilo pipaṣẹ ldapsearch ti a ṣe lati gbongbo olumulo jẹ iru ldapsearch -x -W cn = xxxx, a gbọdọ ṣẹda faili naa / gbongbo /.ldapsearc pẹlu akoonu atẹle:

root @ titunto si: ~ # nano .ldaprc
BINDDN CN = Oluṣakoso, CN = Awọn olumulo, DC = swl, DC = olufẹ

Eto faili gbọdọ ṣe atilẹyin ACL - Akojọ Iṣakoso Wiwọle

root @ titunto si: ~ # nano / ati be be lo / fstab
# / ati be be lo / fstab: alaye eto faili aimi. # # Lo 'blkid' lati tẹ idanimọ alailẹgbẹ gbogbo agbaye fun ẹrọ # kan; eyi le ṣee lo pẹlu UUID = bi ọna ti o lagbara julọ lati lorukọ awọn ẹrọ # ti n ṣiṣẹ paapaa ti o ba fi awọn disiki kun ati yọkuro. Wo fstab (5). # # # / wa lori / dev / sda1 lakoko fifi sori ẹrọ UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 user_xattr, acl, idankan = 1, akoko, awọn aṣiṣe = yiyọ-ro 0 1
# swap wa lori / dev / sda5 lakoko fifi sori ẹrọ UUID = cb73228a-615d-4804-9877-3ec225e3ae32 ko si swap sw 0 0 / dev / sr0 / media / cdrom0 udf, olumulo iso9660, noauto 0 0

gbongbo @ oluwa: ~ # Mount -a

root @ titunto si: ~ # ifọwọkan testing_acl.txt
root @ titunto si: ~ # setfattr -n user.test -v idanwo igbeyewo_acl.txt
root @ titunto si: ~ # setfattr -n security.test -v test2 testing_acl.txt
root @ oluwa: ~ # getfattr -d testing_acl.txt
# faili: testing_acl.txt user.test = "idanwo"

root @ titunto si: ~ # getfattr -n Security.test -d testing_acl.txt
# faili: igbeyewo_acl.txt security.test = "test2"

root @ oluwa: ~ # setfacl -mg: adm: rwx testing_acl.txt

root @ titunto si: ~ # getfacl testing_acl.txt
# faili: igbeyewo_acl.txt # eni: gbongbo # ẹgbẹ: olumulo root :: rw- ẹgbẹ :: r-- ẹgbẹ: adm: rwx mask :: rwx miiran :: r--

A gba orisun Samba 4, ṣajọ, ati fi sii

O ni iṣeduro niyanju lati gba lati ayelujara faili orisun ẹya idurosinsin lati ojula https://www.samba.org/. Ninu apẹẹrẹ wa a ṣe igbasilẹ ẹya naa samba-4.5.1.tar.gz si folda naa / jáde.

root @ oluwa: ~ # cd / opt
root @ titunto si: / jáde # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
root @ titunto si: / jáde # oda xvfz samba-4.5.1.tar.gz
root @ titunto si: / jáde # cd samba-4.5.1 /

Awọn aṣayan iṣeto ni

Ti a ba fẹ ṣe awọn aṣayan iṣeto, a ṣe:

root @ titunto si: /opt/samba-4.5.1# tunto-iranlọwọ

ki o si ṣọra yan awọn ti a nilo. O ni imọran lati ṣayẹwo boya a le fi package ti o gba lati ayelujara sori pinpin Linux ti a nlo, eyiti o jẹ ninu ọran wa ni Debian 8.6 Jessie:

root @ titunto si: /opt/samba-4.5.1# ./configure yiyọ kuro

A tunto, ṣajọ ati Fi samba-4.5.1 sii

  • Lati awọn ibeere ti a ti fi sii tẹlẹ ati awọn faili 8604 (eyiti o jẹ samba-4.5.1.tar.gz iwapọ) ti o wọnwọn iwọn megabiti 101.7 - pẹlu orisun3 ati awọn folda orisun4 ti o wọnwọn iwọn megabyte 61.1 - a yoo gba aropo kan fun Ilana Itọsọna Microsoft-ara, ti didara ati iduroṣinṣin diẹ sii ju itẹwọgba lọ fun eyikeyi iṣelọpọ iṣelọpọ. A gbọdọ ṣe afihan iṣẹ ti Team Samba ni jiṣẹ Software ọfẹ Samba 4.

Awọn ofin ti o wa ni isalẹ jẹ awọn Ayebaye fun ikojọpọ ati fifi awọn idii sii lati awọn orisun wọn. A gbọdọ ni suuru lakoko gbogbo ilana naa npẹ. O jẹ ọna kan ṣoṣo lati gba awọn esi to tọ ati ti o tọ.

root @ titunto si: /opt/samba-4.5.1# tunto-pẹlu-systemd - yọ-agolo
root @ titunto si: /opt/samba-4.5.1# ṣe
root @ titunto si: /opt/samba-4.5.1# ṣe fi sori ẹrọ

Lakoko ilana aṣẹ ṣe, a le rii pe a ṣajọ awọn orisun Samba 3 ati Samba 4. Ti o ni idi ti Egbe Samba ṣe fi idi rẹ mulẹ pe ẹya 4 rẹ jẹ imudojuiwọn ti ẹda ti ẹya 3, mejeeji fun Awọn olutọsọna ase ti o da lori Samba 3 + OpenLDAP, ati awọn olupin faili, tabi agbalagba awọn ẹya ti Samba 4.

Ipese Samba

A yoo lo bi DNS naa SAMBA_INTERNAL. en https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End a yoo wa alaye diẹ sii. Nigbati wọn ba beere lọwọ wa fun ọrọ igbaniwọle ti olumulo Olutọju, a gbọdọ tẹ ọkan ninu ipari to kere ju ti awọn ohun kikọ 8 ati pẹlu pẹlu awọn lẹta - ọrọ oke ati kekere - ati awọn nọmba.

Ṣaaju ki o to tẹsiwaju pẹlu ipese ati lati jẹ ki igbesi aye rọrun, a ṣafikun awọn ọna ti awọn oluṣeṣẹ Samba ninu faili wa .bashrc, Lẹhinna a sunmọ ati wọle lẹẹkansi.

root @ titunto si: ~ # nano .bashrc
# ~ / .bashrc: ti a ṣe nipasẹ bash (1) fun awọn ibon nlanla ti ko wọle. # Akiyesi: PS1 ati umask ti ṣeto tẹlẹ ni / ati be be / profaili. O yẹ ki o ko # nilo eyi ayafi ti o ba fẹ awọn aiyipada aiyipada fun gbongbo. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # O le ṣoro fun awọn ila wọnyi ti o ba fẹ ki “ls’ di awọ: # okeere LS_OPTIONS = '- awọ = auto '# eval "" dircolors` "# inagijẹ ls =' ls $ LS_OPTIONS '# inagijẹ ll =' ls $ LS_OPTIONS -l '# inagijẹ l =' ls $ LS_OPTIONS -lA '# # Diẹ ninu awọn aliasi diẹ sii lati yago fun ṣiṣe awọn aṣiṣe: # inagijẹ rm = 'rm -i' # inagijẹ cp = 'cp -i' # inagijẹ mv = 'mv -i'
kede -x PATH = "/ usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / local / samba / bin "

root @ titunto si: ~ # jade logout Asopọ lati Titunto si pipade. xeon @ sysadmin: ~ $ ssh root @ titunto si

gbongbo @ oluwa: ~ ipese ipese aaye samba-tool --use-rfc2307 - ibanisọrọ
Ijọba [SWL.FAN]: SWL.FAN
 Aṣẹ [SWL]: SWL
 Ipa olupin (dc, ọmọ ẹgbẹ, adashe) [dc]: dc
 Atilẹyin DNS (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, KO SI) [SAMBA_INTERNAL]: SAMBA_INTERNAL
 Adirẹsi IP onitẹsiwaju DNS (kọ 'ko si' lati mu fifiranṣẹ siwaju) [192.168.10.5]: 8.8.8.8
Ọrọ igbaniwọle alabojuto: Ọrọigbaniwọle rẹ2017
Tun oroiwole re se: Ọrọigbaniwọle rẹ2017
Wiwa awọn adiresi IPv4 Wiwa awọn adirẹsi IPv6 Ko si adirẹsi IPv6 yoo pin si Ṣiṣeto share.ldb Ṣiṣeto awọn asiri.ldb Ṣiṣeto iforukọsilẹ Ṣiṣeto aaye data awọn anfani Ṣiṣeto idmap db Ṣiṣeto SAM db Ṣiṣeto awọn ipin sam.ldb ati eto Eto gbongbo sam.ldbDSE Ṣaju ikojọpọ Samba 4 ati apẹrẹ AD fifi Nkan aseDN: DC = swl, DC = fan Fifi apoti iṣeto ni Ṣiṣeto sam.ldb schema Ṣiṣeto data iṣeto ni sam.ldb Ṣiṣeto awọn onigbọwọ ifihan Ifihan Awọn olufihan ifihan Ifihan Ṣiṣatunṣe awọn olumulo eiyan Fifi awọn kọnputa eiyan Ṣiṣe awọn kọmputa awọn ohun elo Ṣiṣeto data sam.ldb Ṣiṣeto awọn alaabo aabo ti o mọ daradara Ṣiṣeto awọn olumulo sam.ldb ati awọn ẹgbẹ Ṣiṣeto ara ẹni darapọ Fikun awọn iroyin DNS Ṣiṣẹda CN = MicrosoftDNS, CN = Eto, DC = swl, DC = fan Ṣiṣẹda Awọn ipin DomainDnsZones ati awọn ipin ForestDnsZones Population DomainDnsZones ati awọn ipin ForestDnsZones Ṣiṣeto sam.ldb rootDSE samisi bi ṣiṣiṣẹpọ Ṣiṣeto ipese GUIDsIṣeto ni Kerberos ti o baamu fun Samba 4 ti ni ipilẹṣẹ ni /usr/local/samba/private/krb5.conf Ṣiṣeto awọn eto olupin yp ti o ni kete ti a fi awọn faili ti o wa loke sii, olupin Samba4 rẹ yoo ṣetan lati lo Ipa Server: agbegbe itọsọna itọsọna oludari Orukọ ogun: oluwa NetBIOS Ašẹ: SWL DNS Aṣẹ: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556

Jẹ ki a maṣe gbagbe lati daakọ faili iṣeto ni Kerberos bi a ṣe tọka nipasẹ iṣẹjade ti Ilana:

root @ titunto si: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

Lati ma tẹ aṣẹ naa samba-ọpa pẹlu orukọ rẹ ni kikun, a ṣẹda ọna asopọ aami pẹlu orukọ kukuru tool:

root @ titunto si: ~ # ln -s / usr / agbegbe / samba / bin / samba-tool / usr / agbegbe / samba / bin / tool

A fi NTP sii

Nkan pataki ninu Itọsọna Iroyin ni Iṣẹ Aago Nẹtiwọọki Bi a ṣe ṣe ìfàṣẹsí nipasẹ Kerberos ati Awọn iwe-iwọle rẹ, amuṣiṣẹpọ akoko pẹlu Samba 4 AD-DC jẹ pataki.

root @ titunto si: ~ # aptitude fi ntp sii
root @ titunto si: ~ # mv /etc/ntp.conf /etc/ntp.conf.original

root @ titunto si: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd statistiki loopstats peerstats clockstats filegen loopstats file loopstats type day enable enable filegen peerstats file peerstats type day enable filegenstats file clockstats aago iru ọjọ jeki olupin 192.168.10.1 ni ihamọ -4 aiyipada kod notrap nomodify nopeer ihamọ ihamọ -6 aiyipada kod notrap nomodify nopeer noquery ihamọ aiyipada mssntp ni ihamọ 127.0.0.1 ni ihamọ :: 1 igbohunsafefe 192.168.10.255

root @ titunto si: ~ # iṣẹ ntp tun bẹrẹ
root @ titunto si: ~ ipo ipo ntp

root @ titunto si: ~ # iru -f / var / log / syslog

Ti o ba nigba ayẹwo awọn syslog lilo pipaṣẹ ti o wa loke tabi lilo iwe iroyin -f a gba ifiranṣẹ naa:

Jun 19 12:13:21 oluwa ntpd_intres [1498]: obi ti ku ṣaaju ki a pari, jade

a gbọdọ tun bẹrẹ iṣẹ naa ki a tun gbiyanju. Bayi a ṣẹda folda naa ntp_signd:

root @ titunto si: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
ls: / usr / agbegbe / samba / var / lib / ntp_signd ko le wọle si: Faili tabi itọsọna ko si

gbongbo @ oluwa: ~ # mkdir / usr / agbegbe / samba / var / lib / ntp_signd
root @ titunto si: ~ # gbongbo gbongbo: ntp / usr / agbegbe / samba / var / lib / ntp_signd /
gbongbo @ oluwa: ~ # chmod 750 / usr / agbegbe / samba / var / lib / ntp_signd / root @ oluwa: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /

# Bi o ti beere lori samba.wiki.org
root @ titunto si: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
drwxr-x --- 2 root ntp 4096 Jun 19 12:21 / usr / agbegbe / samba / var / lib / ntp_signd

A tunto ibẹrẹ Samba nipa lilo systemd

root @ titunto si: ~ # nano /lib/systemd/system/samba-ad-dc.service
[Iṣẹ] Iru = forking PIDFile = / usr / agbegbe / samba / var / run / samba.pid LimitNOFILE = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / agbegbe / samba / sbin / samba ExecReload = / usr / bin / pa -HUP $ MAINPID [Fi sori ẹrọ] WantedBy = multi-user.target

root @ titunto si: ~ # systemctl jeki samba-ad-dc
root @ titunto si: ~ # atunbere

root @ titunto si: ~ # systemctl ipo samba-ad-dc
gbongbo @ oluwa: ~ # systemctl ipo ntp

Awọn ipo faili Samba 4 AD-DC

GBOGBO -iyokuro iṣẹ tuntun samba-ad-dc.- awọn faili wa ni:

gbongbo @ oluwa: ~ # ls -l / usr / local / samba /
lapapọ 32 drwxr-sr-x 2 root osise 4096 Jun 19 11:55 emi
drwxr-sr-x 2 gbongbo osise 4096 Jun 19 11:50 ati be be lo
drwxr-sr-x 7 gbongbo osise 4096 Jun 19 11:30 ni
drwxr-sr-x 15 gbongbo osise 4096 Jun 19 11:33 lib
drwxr-sr-x 7 gbongbo osise 4096 Jun 19 12:40 ikọkọ
drwxr-sr-x 2 gbongbo osise 4096 Jun 19 11:33 sbin
drwxr-sr-x 5 gbongbo osise 4096 Jun 19 11:33 o ti le pin
drwxr-sr-x 8 gbongbo osise 4096 Jun 19 12:28 je

ni aṣa UNIX ti o dara julọ. O jẹ imọran nigbagbogbo lati lọ kiri lori awọn folda oriṣiriṣi ki o ṣayẹwo awọn akoonu wọn.

/Usr/local/samba/etc/smb.conf faili

root @ titunto si: ~ # nano /usr/local/samba/etc/smb.conf 
# Awọn aye-aye agbaye , ipa olupin olupin dns = oludari agbegbe ti nṣiṣe lọwọ gba awọn imudojuiwọn dns = aabo nikan ni idmap_ldb: lo rfc8.8.8.8 = bẹẹni idmap config *: backend = tdb idmap config *: range = 3-2307 ldap server nilo auth = ko si orukọ titẹ orukọ = / dev / asan [netlogon] ọna = /usr/local/samba/var/locks/sysvol/swl.fan/scripts ka nikan = Bẹẹkọ ọna [sysvol] = / usr / agbegbe / samba / var / awọn titiipa / sysvol ka nikan = Bẹẹkọ

root @ titunto si: ~ # testparm
Fifuye awọn faili atunto smb lati /usr/local/samba/etc/smb.conf Abala Ilana "[netlogon]" Abala ilana "[sysvol]" Faili awọn iṣẹ ti o gbe dara. Ipa olupin: ROLE_ACTIVE_DIRECTORY_DC Tẹ tẹ lati wo idapọ awọn asọye iṣẹ rẹ # Awọn ipilẹ agbaye [agbaye] ijọba = SWL.FAN ẹgbẹ iṣẹ = SWL dns forwarder = 192.168.10.1 ldap server nilo auth = Ko si passdb backend = ipa olupin samba_dsdb = itọsọna ti nṣiṣe lọwọ domain adarí rpc_server: tcpip = ko si rpc_daemon: spoolssd = ifibọ rpc_server: spoolss = ifibọ rpc_server: winreg = ifibọ rpc_server: ntsvcs = ifibọ rpc_server: eventlog = ifibọ rpc_server: srvsvc = ifibọ rvcct_server = lo ita rvcct_server = lo ita rvcct_server = lo ita rvcct_server . / usr / agbegbe / samba / var / awọn titiipa / sysvol / swl.fan / awọn iwe afọwọkọ ka nikan = Bẹẹkọ [sysvol] ọna = / usr / agbegbe / samba / var / awọn titiipa / sysvol ka nikan = Rara

Awọn ayẹwo kekere

root @ titunto si: ~ # show ipele ipele aaye irinṣẹ
Ipele iṣẹ ati igbo fun aṣẹ 'DC = swl, DC = fan' Ipele iṣẹ igbo: (Windows) 2008 R2 Ipele iṣẹ ase: (Windows) 2008 R2 Ipele iṣẹ ti o kere ju ti DC kan: (Windows) 2008 R2

root @ titunto si: ~ # ldapsearch -x -W

root @ titunto si: ~ # ọpa dbcheck
Ṣiṣayẹwo awọn ohun 262 Ṣayẹwo awọn ohun 262 (awọn aṣiṣe 0)

root @ titunto si: ~ # kinit Administrator
Ọrọigbaniwọle fun Oludari@SWL.FAN: 
root @ oluwa: ~ # klist -f
Kaṣe tikẹti: FILE: / tmp / krb5cc_0
Iyipada akọkọ: Oludari@SWL.FAN

Bibẹrẹ Wulo dopin Iṣẹ akọkọ 19/06/17 12:53:24 19/06/17 22:53:24  krbtgt/SWL.FAN@SWL.FAN
    tunse titi 20/06/17 12:53:18 PM, Awọn asia: RIA

root @ titunto si: ~ # kdestroy
root @ oluwa: ~ # klist -f
klist: Faili iwe-ẹri kaṣe '/ tmp / krb5cc_0' ko rii

root @ oluwa: ~ # smbclient -L localhost -U%
Aṣẹ = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Ọrọ Iru Sharen --------- ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Iṣẹ (Samba 4.5.1) Aṣẹ = [SWL] OS = [Windows 6.1] Olupin = [Samba 4.5.1] Ọrọìwòye olupin --------- ------- Titunto si Ẹgbẹ-iṣẹ ---- ----- -------

root @ titunto si: ~ # smbclient // localhost / netlogon -UAdministrator -c 'ls'
Tẹ ọrọ igbaniwọle Alakoso sii: Aṣẹ = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 awọn bulọọki ti iwọn 1024. Awọn bulọọki 16198044 wa

root @ titunto si: ~ # tool dns serverinfo master -U alakoso

gbongbo @ oluwa: ~ # host -t SRV _ldap._tcp.swl.fan
_ldap._tcp.swl.fan ni igbasilẹ SRV 0 100 389 master.swl.fan.

gbongbo @ oluwa: ~ # host -t SRV _kerberos._udp.swl.fan
_kerberos._udp.swl.fan ni igbasilẹ SRV 0 100 88 master.swl.fan.

root @ titunto si: ~ # host -t A master.swl.fan
master.swl.fan ni adirẹsi 192.168.10.5

gbongbo @ oluwa: ~ # host -t SOA swl.fan
swl.fan ni SOA igbasilẹ master.swl.fan. oluṣakoso ile-iṣẹ.swl.fan. 1 900 600 86400 3600

root @ oluwa: ~ # host -t NS swl.fan
swl.fan olupin orukọ olupin.swl.fan.

root @ oluwa: ~ # host -t MX swl.fan
swl.fan ko ni igbasilẹ MX

root @ titunto si: ~ # samba_dnsupdate --verbose

root @ titunto si: ~ # irinṣẹ atokọ irinṣẹ
Oludari krbtgt Alejo

root @ titunto si: ~ # akojọ ẹgbẹ irinṣẹ
# Iṣẹjade jẹ opo awọn ẹgbẹ. ;-)

A ṣakoso Samba 4 AD-DC ti a fi sori ẹrọ tuntun

Ti a ba fẹ ṣe atunṣe ipari ni awọn ọjọ ti ọrọ igbaniwọle Alakoso; idiju awọn ọrọigbaniwọle; ipari ti o kere julọ ti ọrọ igbaniwọle; o kere julọ ati iye to pọ julọ -in ọjọ- ti ọrọ igbaniwọle; ki o yi ọrọ igbaniwọle Alakoso pada lakoko Ilana, a gbọdọ ṣe awọn ofin wọnyi pẹlu awọn awọn iye ti a ṣatunṣe si awọn aini rẹ:

root @ titunto si: ~ # ọpa
Lilo: samba-tool Ọpa iṣakoso samba akọkọ. Awọn aṣayan: -h, - Iranlọwọ fi ifiranṣẹ iranlọwọ yii han ki o si jade Awọn aṣayan Awọn ẹya: -V, - iyipada Ifihan nọmba ẹya Awọn aṣẹ-aṣẹ ti o wa: dbcheck - Ṣayẹwo ibi-ipamọ AD agbegbe fun awọn aṣiṣe. aṣoju - Isakoso aṣoju. dns - Isakoso Orukọ Iṣẹ (DNS) iṣakoso. ase - Isakoso ase. drs - Awọn iṣẹ Idapada Awọn Itọsọna (DRS). dsacl - ifọwọyi DS ACLs. fsmo - Rirọ Awọn iṣiṣẹ Olukọni Kan (FSMO) iṣakoso awọn ipa. gpo - Iṣakoso Nkan Nkan ti Ẹgbẹ (GPO). ẹgbẹ - Isakoso ẹgbẹ. ldapcmp - Ṣe afiwe awọn apoti isura data ldap meji. ifọwọyi ntacl - NT ACLs. awọn ilana - Awọn ilana atokọ (lati ṣe iranlọwọ n ṣatunṣe aṣiṣe lori awọn eto laisi setproctitle). rodc - Ṣakoso-Iṣakoso Iṣakoso Agbegbe nikan (RODC). awọn aaye - Isakoso awọn aaye. spn - Orukọ Alakoso Iṣẹ (SPN) iṣakoso. testparm - Sintasi ṣayẹwo faili iṣeto. akoko - Gba akoko pada lori olupin kan. olumulo - Isakoso olumulo. Fun iranlọwọ diẹ sii lori aṣẹ-aṣẹ kan pato, jọwọ tẹ: samba-tool (-h | - iranlọwọ)

root @ titunto si: ~ # irinṣẹ olutọsọna setexpiry olumulo --noexpiry
root @ titunto si: ~ # awọn eto igbaniwọle igbaniwọle irinṣẹ ṣeto --min-pwd-ipari = 7
root @ titunto si: ~ # ṣeto awọn ọrọigbaniwọle aaye ašẹ irinṣẹ --min-pwd-age = 0
root @ titunto si: ~ # awọn eto igbaniwọle igbaniwọle irinṣẹ ṣeto -max-pwd-age = 60
root @ titunto si: ~ # irinṣẹ olumulo setpassword --filter = samaccountname = Adari --newpassword = Passw0rD

A ṣafikun ọpọlọpọ awọn igbasilẹ DNS

root @ titunto si: ~ # dns tool
Lilo: samba-tool dns Isakoso Orukọ Iṣẹ (DNS) iṣakoso. Awọn aṣayan: -h, - ṣe iranlọwọ fi ifiranṣẹ iranlọwọ yii han ki o si jade Awọn aṣẹ-aṣẹ ti o wa: ṣafikun - Ṣafikun igbasilẹ igbasilẹ DNS - Paarẹ ibeere igbasilẹ DNS kan - Ibeere orukọ kan. roothints - Awọn tanilolobo gbongbo gbongbo. serverinfo - Ibeere fun Alaye olupin. imudojuiwọn - Ṣe imudojuiwọn ibi igbasilẹ igbasilẹ DNS kan - Ṣẹda agbegbe kan. zonedelete - Paarẹ agbegbe kan. zoneinfo - Ibeere fun alaye agbegbe. zonelist - Ibeere fun awọn agbegbe. Fun iranlọwọ diẹ sii lori aṣẹ-aṣẹ kan pato, jọwọ tẹ: dns samba-tool (-h | - iranlọwọ)

Olupin leta

root @ oluwa: ~ # tool dns add master swl.fan meeli A 192.168.10.9 -U alakoso
root @ oluwa: ~ # tool dns add master swl.fan swl.fan MX "mail.swl.fan 10" -U administrator

IP ti o wa titi ti awọn olupin miiran

root @ oluwa: ~ # tool dns add master swl.fan sysadmin A 192.168.10.1 -U administrator
root @ oluwa: ~ # tool dns add master swl.fan fileserver A 192.168.10.10 -U alakoso
root @ titunto si: ~ # tool dns ṣe afikun oluwa swl.fan aṣoju A 192.168.10.11 -U alakoso
root @ oluwa: ~ # tool dns add master swl.fan chat A 192.168.10.12 -U alakoso

Yiyipada Zone

root @ titunto si: ~ # tool dns zonecreate master 10.168.192.in-addr.arpa -U alakoso
Ọrọigbaniwọle fun [SWL \ adari]: Agbegbe 10.168.192.in-addr.arpa ti ṣẹda ni aṣeyọri

root @ titunto si: ~ # dns tool ṣe afikun oluwa 10.168.192.in-addr.arpa 5 PTR master.swl.fan. -Olusakoso
root @ titunto si: ~ # dns tool ṣe afikun oluwa 10.168.192.in-addr.arpa 9 PTR mail.swl.fan. -Olusakoso
root @ oluwa: ~ # tool dns add master 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. -Olusakoso
gbongbo @ oluwa: ~ # tool dns add master 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. -Olusakoso
root @ titunto si: ~ # dns tool ṣe afikun oluwa 10.168.192.in-addr.arpa 11 PTR proxy.swl.fan. -Olusakoso
root @ titunto si: ~ # dns tool ṣe afikun oluwa 10.168.192.in-addr.arpa 12 PTR chat.swl.fan. -Olusakoso

Awọn ayẹwo

root @ titunto si: ~ # tool dns ìbéèrè oluwa swl.fan meeli GBOGBO -U alakoso
Ọrọ igbaniwọle fun [SWL \ adari]: Orukọ =, Awọn igbasilẹ = 1, Awọn ọmọde = 0 A: 192.168.10.9 (awọn asia = f0, tẹlentẹle = 2, ttl = 900)

root @ titunto si: ~ # olukọ agbalejo
master.swl.fan ni adirẹsi 192.168.10.5
root @ titunto si: ~ # ogun sysadmin
sysadmin.swl.fan ni adirẹsi 192.168.10.1
root @ titunto si: ~ # gbalejo meeli
mail.swl.fan ni adirẹsi 192.168.10.9
root @ titunto si: ~ # gbalejo iwiregbe
chat.swl.fan ni adirẹsi 192.168.10.12
root @ titunto si: ~ # aṣoju aṣoju
proxy.swl.fan ni adirẹsi 192.168.10.11
root @ titunto si: ~ # olugbalejo faili
fileerver.swl.fan ni adirẹsi 192.168.10.10
root @ titunto si: ~ # ogun 192.168.10.1
1.10.168.192.in-addr.arpa orukọ ìkápá ijuboluwole sysadmin.swl.fan.
root @ titunto si: ~ # ogun 192.168.10.5
5.10.168.192.in-addr.arpa orukọ ìkápá ijuboluwole master.swl.fan.
root @ titunto si: ~ # ogun 192.168.10.9
9.10.168.192.in-addr.arpa orukọ ìkápá ijuboluwole mail.swl.fan.
root @ titunto si: ~ # ogun 192.168.10.10
10.10.168.192.in-addr.arpa orukọ ìkápá ijuboluwole fileserver.swl.fan.
root @ titunto si: ~ # ogun 192.168.10.11
11.10.168.192.in-addr.arpa orukọ ìkápá ijuboluwole proxy.swl.fan.
root @ titunto si: ~ # ogun 192.168.10.12
12.10.168.192.in-addr.arpa orukọ ìkápá ijuboluwole chat.swl.fan.

Fun iyanilenu

root @ oluwa: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/ \
DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | kí dn:

A fi awọn olumulo kun

root @ titunto si: ~ # olumulo irinṣẹ
Lilo: olumulo samba-tool Isakoso olumulo. Awọn aṣayan: -h, - ṣe iranlọwọ fihan ifiranṣẹ iranlọwọ yii ki o jade Ni awọn aṣẹ-aṣẹ ti o wa: ṣafikun - Ṣẹda olumulo tuntun kan. ṣẹda - Ṣẹda olumulo tuntun kan. paarẹ - Pa olumulo kan rẹ. mu - Muu olumulo kan ṣiṣẹ. jeki - Jeki olumulo kan. Ọrọ igbaniwọle - Gba awọn aaye igbaniwọle ti olumulo / akọọlẹ kọnputa kan. atokọ - Ṣe atokọ gbogbo awọn olumulo. ọrọ igbaniwọle - Yi ọrọ igbaniwọle pada fun akọọlẹ olumulo kan (eyiti a pese ni ìfàṣẹsí). setexpiry - Ṣeto ipari ti akọọlẹ olumulo kan. setpassword - Ṣeto tabi tunto ọrọ igbaniwọle ti akọọlẹ olumulo kan. amuṣiṣẹpọ ọrọ - Mu ọrọ igbaniwọle ti awọn iroyin olumulo ṣiṣẹpọ. Fun iranlọwọ diẹ sii lori aṣẹ-aṣẹ kan pato, jọwọ tẹ: olumulo irinṣẹ-samba (-h | - iranlọwọ)

root @ titunto si: ~ # olumulo olumulo ṣẹda awọn igbesẹ Trancos01
Olumulo 'trancos' ti ṣẹda ni aṣeyọri
root @ titunto si: ~ # olumulo olumulo ṣẹda gandalf Gandalf01
Olumulo 'gandalf' ti ṣẹda ni aṣeyọri
root @ titunto si: ~ # olumulo olumulo ṣẹda legolas Legolas01
Olumulo 'legolas' ti ṣẹda ni aṣeyọri
root @ titunto si: ~ # irinṣẹ atokọ irinṣẹ
Oluṣakoso gandalf legolas awọn igbesẹ ti krbtgt Alejo

Isakoso nipasẹ wiwo ayaworan tabi nipasẹ alabara wẹẹbu

Ṣabẹwo si wiki.samba.org fun alaye ni kikun lori bii o ṣe le fi sori ẹrọ naa Microsoft RSAT o Awọn irinṣẹ Isakoso Server latọna jijin. Ti o ko ba beere awọn ilana alailẹgbẹ ti Itọsọna Iroyin Microsoft funni, o le fi package sii oluṣakoso-iroyin-ldap eyiti o funni ni wiwo ti o rọrun fun iṣakoso nipasẹ ẹrọ lilọ kiri lori ayelujara kan.

Awọn irinṣẹ Awọn irinṣẹ Isakoso Server latọna Microsoft (RSAT) ti awọn eto wa ninu awọn ọna ṣiṣe Windows Server.

A darapọ mọ ibugbe si alabara Windows 7 kan ti a npè ni "meje"

Bi a ko ṣe ni olupin DHCP kan ninu nẹtiwọọki, ohun akọkọ ti a gbọdọ ṣe ni tunto kaadi nẹtiwọọki ti alabara pẹlu IP ti o wa titi, kede pe DNS akọkọ yoo jẹ IP ti samba-ad-dc, ati ṣayẹwo pe aṣayan "Forukọsilẹ adirẹsi ti asopọ yii ni DNS" ti muu ṣiṣẹ. Kii ṣe iṣẹ-ṣiṣe lati ṣayẹwo pe orukọ «meje»Ko tii forukọsilẹ ni DNS Inu ti Samba.

Lẹhin ti a darapọ mọ kọnputa si agbegbe naa ki o tun bẹrẹ, jẹ ki a gbiyanju lati wọle pẹlu olumulo naa «awọn igbesẹ«. A yoo ṣayẹwo pe ohun gbogbo n ṣiṣẹ DARA. O tun jẹ imọran lati ṣayẹwo awọn akọọlẹ ti Onibara Windows ati ṣayẹwo bi a ṣe muuṣiṣẹpọ akoko naa.

Awọn alakoso pẹlu diẹ ninu iriri Windows yoo rii pe eyikeyi awọn iṣayẹwo ti wọn ṣe lori alabara yoo fun awọn abajade itelorun.

Akopọ

Mo nireti pe nkan naa wulo fun awọn oluka ti Agbegbe FromLinux.

O dabọ!


Awọn akoonu ti nkan naa faramọ awọn ilana wa ti awọn ilana olootu. Lati jabo aṣiṣe kan tẹ nibi.

Awọn asọye 8, fi tirẹ silẹ

Fi ọrọ rẹ silẹ

Adirẹsi imeeli rẹ yoo ko le ṣe atejade. O beere aaye ti wa ni samisi pẹlu *

*

*

  1. Lodidi fun data naa: Miguel Ángel Gatón
  2. Idi ti data naa: SPAM Iṣakoso, iṣakoso ọrọ asọye.
  3. Ofin: Iyọọda rẹ
  4. Ibaraẹnisọrọ data: Awọn data kii yoo ni ifọrọhan si awọn ẹgbẹ kẹta ayafi nipasẹ ọranyan ofin.
  5. Ibi ipamọ data: Alaye data ti o gbalejo nipasẹ Awọn nẹtiwọọki Occentus (EU)
  6. Awọn ẹtọ: Ni eyikeyi akoko o le ni opin, gba pada ki o paarẹ alaye rẹ.

  1.   Gonzalo martinez wi

    Nkan gigun ṣugbọn alaye, igbesẹ ti o dara pupọ nipasẹ igbesẹ lori bii o ṣe ṣe ohun gbogbo.

    Mo tẹnumọ NIS, otitọ ni pe botilẹjẹpe Mo mọ nipa aye rẹ, Emi ko mọ bi o ṣe n ṣiṣẹ gaan, nitori lati jẹ ol honesttọ o nigbagbogbo fun mi ni imọran pe o fẹrẹ kú ni atẹle LDAP ati Samba 4.

    PS: Oriire lori iṣẹ-ṣiṣe ti ara ẹni tuntun rẹ! Aanu pe iwọ kii yoo tẹsiwaju kikọ nibi, ṣugbọn o kere ju aaye kan wa lati tẹle ọ.

  2.   HO2Gi wi

    Ikẹkọ nla bi nigbagbogbo si awọn ayanfẹ mi, Ẹ kí Fico.
    Oriire lori iṣẹ naa.

  3.   IWO wi

    Apakan NIS jẹ nla, Mo ṣaanu pẹlu Gonzalo Martinez, Mo mọ ni ṣoki ṣugbọn emi ko mọ bi a ṣe le ṣe imuse ati ni awọn ipo wo ni o ti lo.
    A dupẹ lẹẹkan fun “ẹhin mọto” nla ti akọsilẹ ati iṣe to wulo.
    Lakotan awọn aṣeyọri tuntun ninu iṣẹ tuntun rẹ «gigainside».

  4.   Frederick wi

    O ṣeun pupọ gbogbo eniyan fun ọrọìwòye !!!.
    Dahun pẹlu ji

  5.   mussol wi

    smb.conf ti o fihan ko ni ọna asopọ eyikeyi pẹlu LDAP, ṣe bẹẹ ni idi tabi ṣe Mo fi nkan silẹ?

  6.   phico wi

    mussol: Eyi jẹ Alakoso Iṣakoso Aṣẹ Samba 4 ti n ṣiṣẹ tẹlẹ ti o ni olupin LDAP ti a ṣe sinu rẹ.

  7.   Vincent wi

    Ṣe o le ṣalaye bi o ṣe le ṣọkan mac kan (apple) si samba 4 AD-DC kan?
    O ṣeun

  8.   jaramirez wi

    Bawo ni o se wa;

    O ṣeun fun itọnisọna, o dara julọ. Mo ni ibeere kan nipa ifiranṣẹ ti o han si mi.

    root @ AD: ~ # nping –tcp -p 53 -c 3 ad.rjsolucionessac.com
    Kuna lati yanju orukọ olupin ti a fun / IP: ad.rjsolucionessac.com. Akiyesi pe o ko le lo '/ iboju-boju' ATI 'awọn sakani IP aṣa 1-'
    Ko le wa ibi-afẹde to wulo kan. Jọwọ rii daju pe awọn ogun ti a ṣalaye boya awọn adirẹsi IP ni akọsilẹ deede tabi awọn orukọ ile-iṣẹ ti o le yanju pẹlu DNS
    root @ AD: ~ #