I-Samba: Joyina i-Debian ku-Windows Domain (I)

Sanibonani zihlobo !. Samba kusivumela ukuba sihlangane Debian kuya ku Isizinda seMicrosoft ngezindlela ezimbili ezihlukene ezincike kakhulu ekutheni simemezela kanjani inketho nokuvikeleka endaweni yokugcina umlando smb.conf.

Ukuphepha = Isizinda

Umshini kufanele ujoyine isizinda usebenzisa umyalo net rpc ujoyine. Ipharamitha ngemfihlo amaphasiwedi endaweni yokugcina umlando smb.conf, kufanele isethwe ku weqiniso o Yebo, okuyinani lakhona elizenzakalelayo.

Samba Izokuqinisekisa ukuqinisekisa komsebenzisi nephasiwedi ngokukudlulisela ku-Domain Controller njengoba izokwenza kuhlobo lwe-Controller NT 4.

Ukuphepha = Isizinda yindlela esizothuthukisa ngayo kulesi sihloko.

Ukuphepha = ADS: Kule modi Samba uzosebenza njengelungu lesizinda embusweni (Realm) sohlu lwemibhalo olusebenzayo. Ngalokhu kudingekile ukuthi umshini we-Debian iklayenti lifakiwe futhi lahlelwa I-Kerberos, nokuthi ihlanganiswe ne-Active Directory ngomyalo izikhangiso zenethi zijoyine.

Le modi ayenzi iSamba isebenze njenge-Active Directory Domain Controller.

Sizobona:

• Amapharamitha Wokuxhumana Kwesampula
• Izidingo ezincane ku-Domain Controller
• Izidingo ezincane emshinini we-Debian
• Sifaka amaphakheji adingekayo futhi siyalungiselela
• Sijoyina iDebian kusizinda futhi senza amasheke adingekayo
• Sivumela ukungena ngemvume kwabasebenzisi besizinda ku-Debian yethu
• Amathiphu lapho sisebenza kuma-Desktops

Amapharamitha Wokuxhumana Kwesampula

• Isilawuli Sesizinda: I-Windows 2003 Server SP2 Enterprise Edition.
• Igama Lesilawuli:w2003
• Igama Lesizinda: abangane.cu
• Isilawuli IP: 10.10.10.30
• ---------------
• Uhlobo lwe-Debian: Cindezela (6.0.7) [: - $ ikati / njll / debian_version]
• Igama leqembu: khama
• Ikheli le-IP: 10.10.10.15
• Uhlobo lweSamba: 2: 3.5.6 ~ dfsg-3squeeze9
• Uhlobo lwe-Winbind: 2: 3.5.6 ~ dfsg-3squeeze9
• Imvelo yedeskithophu ye-GNOME ene-GDM3
• ---------------
• Uhlobo lwe-Debian: Isondo 7.0
• Igama leqembu:miwheezy
• Ikheli le-IP: 10.10.10.20
• Uhlobo lweSamba: 2: 3.6.6-6
• Uhlobo lwe-Winbind: 2: 3.6.6-6
• Imvelo yedeskithophu ye-Xfce4 ene-GDM3

Izidingo ezincane ku-Domain Controller

Indlela echazwe kule ndatshana yahlolwa kuqala i-Domain Controller eyakhelwe kusuka ku- "ClearOS Enterprise 5.2 SP-1" kuCentOS, futhi konke kusebenze kahle. Akudingeki ukuthi isoftware yamahhala.

Sizobhekisa ku-Domain Controller I-Microsoft Windows Server 2003 SP2 Enterprise Edition, esetshenziswa ezinkampanini eziningi zaseCuba. Ngiyaxolisa ukuthi anginayo i-disc yokufaka inguqulo Iseva 2008 noma okuthuthuke kakhulu. Ngicela ungixolele ngesiNgisi, kepha okuwukuphela kwesifaki enginaso kulolo limi.

Ngiyacela ufunde le ndatshana Samba:SmbClient kushicilelwe kuleli sayithi elifanayo ukuze babe nombono wabasebenzisi abenziwe ku-Domain Controller.

Uma sisebenzisa ikheli le-IP elinqunyelwe ku-Debian yethu, kufanele ngabe simemezele uhlobo oluthi "A" nerekhodi elihambisanayo ku-Reverse Zone ku-DNS Domain Controller.

Kunconywa njalo lapho sisebenza kunethiwekhi enamakhompyutha weLinux neWindows, sikwazi isevisi ye-WINS (Insiza Yegama Le-inthanethi le-Windows) okungcono ku-Domain Controller.

Izidingo ezincane emshinini we-Debian

Ifayela /etc/resolv.conf kufanele ibe nokuqukethwe okulandelayo:

sesha abangani.cu nameserver 10.10.10.30

Sikhipha:

$ hostname -f misqueeze.friends.cu $ dnsdomainname friends.cu $ host w2003 w2003.friends.cu inekheli 10.10.10.30 $ dig -x 10.10.10.30 [----] ;; ISIQENDU SEMPENDULO: 30.10.10.10.in-addr.arpa. 1200 KU-PTR w2003.amigos.cu. [----]

Sifaka amaphakheji adingekayo futhi siyalungiselela

# ukufaneleka faka umunwe we-samba winbind smbclient

Ngesikhathi sokufakwa kwephakeji samba, sizocelwa igama leQembu Elisebenzayo, okuyisibonelo sethu BANGANI.

Silondoloza ifayela loqobo smb.conf bese siyakuthulula:

# cp /etc/samba/smb.conf /etc/samba/smb.conf.original # cp / dev / null /etc/samba/smb.conf

Sihlela ifayela smb.conf futhi sikushiya nokuqukethwe okulandelayo:

[global] ### Isiphequluli senethiwekhi - Ubunikazi ### iqembu lomsebenzi = Intambo yeseva yabangane =% h iseva iwina iseva = 10.10.10.30 dns proxy = no # # # Network Connection ### interfaces = 127.0.0.0/8 eth0 bind interface kuphela = yebo abasingathi bayakuvumela = 10.10.10.0/255.255.255.0 ### Ukulungisa iphutha ### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = / usr / share / samba / panic-action% d ### AUTHENTICATION ### security = domain
encrypt passwords = yes master local = no master domain = no master preferred = no # # # Winbind ### winbind uid = 15000-20000 winbind gid = 15000-20000 template shell = / bin / bash winbind sebenzisa isizinda esizenzakalelayo = Yebo winbind rpc only = yes winbind offline logon = yes ### Okuxubile # # # abasebenzisi abangavumelekile = isifanekiso sempande homedir = / ikhaya /% D /% U amasheya wokubhalisa = Cha # unix charset = ISO-8859-1 # display charset = ISO-8859 -odwa

Sibheka i-syntax eyisisekelo yefayela smb.conf:

#imvumodel

Sihlela ifayela /etc/nsswitch.conf futhi siguqula le migqa elandelayo:

[----] ukudlula:         amafayela we-winbind
iqembu:          amafayela we-winbind
isithunzi: i-compat host: amafayela dns iwina [----]

Sijoyina iDebian kusizinda futhi sihlola

# service winbind stop # service samba restart # service winbind start # net rpc join -U Administrator # service winbind stop # service samba restart # service winbind start # net rpc testjoin -U Administrator # net rpc info -U Administrator # wbinfo -u # i-wbinfo -g # ukuhamba kweminwe # getent passwd strides # getent group "Abasebenzisi Besizinda"

Vele, i-Akhawunti Yomshini izobe yakhiwe kahle ku-Domain Controller.

Kuze kube manje sesibonile ukuthi singathola imininingwane efanelekile mayelana ne-Domain, kanye nabasebenzisi bayo.

Kuma-athikili akamuva sizofunda ukuthi sabelana kanjani ngezinsizakusebenza ukuze zisetshenziswe ngabasebenzisi ababhaliswe ku-Domain, okusho ukuthi, sizokwazi ukuhambisa amafayela kubasebenzisi be-Microsoft Domain, bobabili abavela endaweni yokusebenza nasesiphakelini esizinikele.

Sivumela ukungena ngemvume kwabasebenzisi besizinda ku-Debian yethu

Lapho sifaka iphakheji i-winbind, I-Debian ihlela ngokuzenzakalela Amamojula Wokufakazela Ukuxhuma noma Amamojula Wokufakazela Ukuxhumeka PAM.

Kodwa-ke, uma sizama ukuqala iseshini njengoMsebenzisi Wesizinda, kungaba ngeSSH noma ngeseshini yokuqhafaza, sizothola umlayezo "Ukwehluleka Kokuqinisekisa".

Kungenxa yokuthi amafayela wamamojula we-PAM, ikakhulukazi amafayela we- ojwayelekile-umbhali yenziwe ifaka ubuqiniso ngeKerberos, engasetshenziswanga lapho simemezela ukuphepha = isizinda endaweni yokugcina umlando smb.conf.

Ukuze sikwazi ukuqala iseshini sisebenzisa i-SSH noma i-graphical, kufanele siguqule amafayela ngesandla:

• /etc/pam.d/okuvamile-auth
• /etc/pam.d/common-session

/etc/pam.d/okuvamile-auth

Sisusa emugqeni obhekise kuwo pam_winbind.so, amapharamitha ahlobene ne- krb5. Leyo ngxenye izobukeka kanjena:

[----] # nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko") auth [impumelelo = 2 okuzenzakalelayo = ukuziba] pam_unix.so nullok_secure auth [impumelelo = 1 okuzenzakalelayo = ukuziba]      pam_winbind.so i-cached_login zama_first_pass
[----]

/etc/pam.d/common-session

[----]
isikhathi sidingeka pam_mkhomedir.so skel = / etc / skel / umask = 0022
### Lo mugqa ongenhla kufanele ufakwe NGAPHAMBI KWAMA- # nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko") [----]

Siqala kabusha izinsizakalo ezithintekayo

# service winbind stop # ervice samba restart # service winbind start # service ssh restart

Ukuguqulwa okungenhla kumafayili wokumiswa kwe-PAM kuzovumela abasebenzisi be-Domain ukuthi baqale iseshini ye-SSH noma endaweni yangakini esiteshini sethu sokusebenza se-Debian.

Izinkomba zasekhaya zomsebenzisi ngamunye nazo zizokwakhiwa lapho bengena okokuqala ngqa. Amafolda womuntu siqu noma izinkomba zizokwakhiwa nge- / home / DOMAIN / domain-user.

Uma kunobunzima ekungeneni kokuqhafaza, sincoma ukuqala kabusha umphathi wokungena ngemvume wokuqhafaza (gdm3, kdm, njll.) futhi uma kungenele, qala kabusha isiteshi sokusebenzela.

Ukukhawulela noma ukukhawulela ukufinyelela nge-SSH ku-Debian yethu, kufanele sihlele ifayela / njll / ssh / sshd_config bese ungeza ekugcineni:

 I-AllowUsers myuser-local strides root

Esibonelweni sethu, igxathu ungumsebenzisi wesizinda esifuna ukumvumela ukuthi angene ngemvume nge-SSH, ngenkathi i-xeon ungumsebenzisi wasendaweni.

Singafaka futhi kufayela / njll / ama-sudoers usebenzisa umyalo ngithanda, kumsebenzisi oyedwa noma ngaphezulu we-Domain.

[----] # Izimpande zokucaciswa kwelungelo lomsebenzisi ZONKE = (BONKE) BONKE xeon BONKE = (BONKE) BONKE amagxathu BONKE = (BONKE) BONKE [----]

Amathiphu lapho sisebenza kuma-Desktops

Uma kwenzeka sifuna ukusebenza kuDeskithophu noma ku-Workstation ngokungena ngemvume okucacile nemvelo yokuqhafaza, kufanele senze abasebenzisi besizinda abazongena endaweni yangakini, amalungu okungenani amaqembu alandelayo: i-cdrom, i-floppy, umsindo, ividiyo y i-plugdev. Uma sisebenzisa imodem ukuxhuma kunethiwekhi yangaphandle, kufanele futhi sibenze babe ngamalungu eqembu cwilisa.

Endabeni ye-Squeeze, uma sifuna ukuqeda uhlu lwabasebenzisi ekuqaleni kweseshini yokuqhafaza, esimweni se-gdm3, sihlela ifayela /etc/gdm3/greeter.gconf-defaults, futhi uncomment inketho / apps / gdm / simple-greeter / disable_user_list, futhi sishintsha inani laso libe yi- weqiniso.

Siyethemba ukuthi ababoni lokho okuchazwayo kuyinkimbinkimbi noma okwe-diabolical. Masihlale sikhumbula njalo lapho sisebenzisa i-Samba Suite ku-Linux, silingisa cishe yonke imisebenzi ye-Windows maqondana namanethiwekhi we-SMB / CIFS ... nokuningi okuthe xaxa. IMicrosoft inikeza "Ukuphepha" ukushintshanisa nobumnyama. Ngokwengxenye yayo, iLinux, yize ekuqaleni ibonakala iyinkimbinkimbi, inikeza ukuphepha, ukungafihli kanye nenkululeko.

Yini ongayifunda? Umzamo Uyakufanelekela!

Futhi umsebenzi uphelile wanamuhla, Bangani. Kuze kube i-adventure elandelayo !!!.

Note: Sivivinye inqubo echazwe emaZingeni amathathu okuSebenza eMicrosoft Domain, okungukuthi, iMixed, Native 2000, and Native 2003.