Sanibonani zihlobo !. Iqonde ngqo ephuzwini, hhayi ngaphambi kokufunda i-athikili «Isingeniso kuNethiwekhi eneSoftware yamahhala (I): Ukwethulwa kwe-ClearOS»Futhi landa iphakheji yezithombe ze-ClearOS Step by Step (1,1 mega), ukuze wazi ukuthi sikhuluma ngani. Ngaphandle kwalokho kufunda kuzoba nzima ukusilandela. Kulungile? Umkhuba uphelelwe yithemba.
Isevisi Yezokuphepha Kwesistimu iDaemon
Uhlelo I-SSSD o I-Daemon Yesevisi Yokuphepha Kwesistimu, kuwumsebenzi we Fedora, Ezalwe ngenye iphrojekthi - nayo evela kuFedora- ibizwa MahhalaIPA. Ngokuya ngabadali bayo, incazelo emfushane futhi ehunyushwe ngokukhululekile kungaba:
I-SSSD iyinsizakalo enikezela ukufinyelela kubanikezeli abahlukile be-Identity kanye nokufakazela ubuqiniso. Ingalungiselelwa isizinda sendabuko se-LDAP (umhlinzeki wobunikazi osuselwa ku-LDAP onokufakazela ubuqiniso be-LDAP), noma umhlinzeki wobunikazi be-LDAP onokufakazela ubuqiniso kweKerberos. I-SSSD inikeza isikhombimsebenzisi ohlelweni ngokusebenzisa NSS y WFP, kanye ne-Back End efakiwe yokuxhuma kumvelaphi yama-akhawunti amaningi nehlukile.
Sikholwa ukuthi sibhekene nesisombululo esibanzi futhi esiqinile sokukhonjwa nokufakazelwa ubuqiniso kwabasebenzisi ababhalisiwe ku-OpenLDAP, kunalabo okukhulunywe ngabo ezindatshaneni ezedlule, isici esishiyelwe ekuboneni kwawo wonke umuntu kanye nokuhlangenwe nakho kwabo.
Isixazululo esiphakanyiswe kulo mbhalo yiso esinconyelwa kakhulu kumakhompyutha aphathekayo nama-laptops, ngoba asivumela ukuthi sisebenze sinqanyuliwe, ngoba i-SSSD igcina imininingwane kwikhompyutha yendawo.
Isibonelo senethiwekhi
- Isilawuli Sesizinda, i-DNS, i-DHCP: I-ClearOS Enterprise 5.2sp1.
- Igama Lesilawuli: centos
- Igama Lesizinda: abangani.cu
- Isilawuli IP: 10.10.10.60
- ---------------
- Uhlobo lobuntu: Ubuntu Desktop 12.04.2 Precise.
- Igama leqembu: okuqondile
- Ikheli le-IP: Kusetshenziswa i-DHCP
Silungiselela Ubuntu bethu
Siguqula ifayela /etc/lightdm/lightdm.conf ukwamukela ukungena ngesandla, futhi sikushiya nokuqukethwe okulandelayo:
[SeatDefaults] greeter-session = united-greeter user-session = ubuntu greeter-show-manual-login = true greeter-fihla-users = true allow-guest = false
Ngemuva kokugcina izinguquko, siqala kabusha ifayela le- Khanyisa kukhonsoli efakwe ngu Ctrl+Alt+F1 futhi kuyo senza, ngemuva kokungena ngemvume, isevisi ye-sudo lightdm restart.
Kunconywa futhi ukuhlela ifayili / njll / amabamba bese uyishiya nokuqukethwe okulandelayo:
127.0.0.1 i-localhost 127.0.1.1 eqondile.amigos.cu inembile [----]
Ngaleyo ndlela sithola izimpendulo ezifanele emiyalweni igama lomkhosi y igama lomsingathi –fqdn.
Sihlola ukuthi iseva ye-LDAP iyasebenza
Siguqula ifayela /etc/ldap/ldap.conf bese ufaka iphakheji i-ldap-utils:
: ~ $ sudo nano /etc/ldap/ldap.conf [----] BASE dc = abangani, dc = cu URI ldap: //centos.amigos.cu [----]
: ~ $ sudo aptitude ukufaka i-ldap-utils: ~ $ ldapsearch -x -b 'dc = abangani, dc = cu' '(objectclass = *)': ~ $ ldapsearch -x -b dc = abangane, dc = cu 'uid = amagxathu ' : ~ $ ldapsearch -x -b dc = abangane, dc = cu 'uid = legolas' cn gidNumber
Ngemiyalo emibili yokugcina, sibheka ukutholakala kweseva ye-OpenLDAP ye-ClearOS yethu. Ake sibheke kahle imiphumela yemiyalo yangaphambilini.
Okubalulekile: siqinisekisile nokuthi Insiza Yokuhlonza kuseva yethu ye-OpenLDAP isebenza kahle.
Sifaka iphakethe le-sssd
Kunconywa futhi ukufaka iphakheji umunwe ukwenza amasheke aphuze ukudlula i- ldapsearch:
: ~ $ sudo ukufaneleka ukufaka umunwe we-sssd
Lapho kuqedwa ukufakwa, insizakalo ssd ayiqali ngenxa yefayela elilahlekile /etc/sssd/sssd.conf. Ukukhishwa kokufakwa kukhombisa lokhu. Ngakho-ke, kufanele sidale lelo fayela bese silishiya nefayela le- okuqukethwe okulandelayo okuncane:
: ~ $ sudo nano /etc/sssd/sssd.conf [sssd] config_file_version = 2 services = nss, pam # SSSD ngeke iqale uma ungalungiseleli noma yiziphi izizinda. # Engeza ukucushwa kwesizinda esisha njenge [domain / ] izigaba, bese # bese ufaka uhlu lwezizinda (ngendlela ofuna zibuzwe ngayo # kumfanelo "yezizinda" engezansi bese uyayekisa. domains = amigos.cu [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 # domain LDAP [domain / amigos.cu] id_provider = ldap auth_provider = ldap chpass_provider = ldap # ldap_schema ingasethwa ku- "rfc2307", egcina amagama amalungu eqembu kumfanelo # "memberuid", noma ku- "rfc2307bis", egcina amalungu eqembu ama-DNs kumfanelo # "yelungu". Uma ungalazi leli nani, buza umphathi wakho we-LDAP #. # isebenza nge-ClearOS ldap_schema = rfc2307 ldap_uri = ldap: //centos.amigos.cu ldap_search_base = dc = abangane, dc = cu # Qaphela ukuthi ukunika amandla ukubala kuzoba nomthelela wokusebenza ngokulingene. # Ngenxa yalokho, inani elizenzakalelayo lokubala liyiFALSE. # Bheka i-sssd.conf man page ukuthola imininingwane egcwele. enumerate = false # Vumela ukungena ngemvume ungaxhunyiwe ku-inthanethi ngokugcina endaweni ama-hashes we-password (okuzenzakalelayo: amanga). cache_credentials = kuyiqiniso ldap_tls_reqcert = vumela ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
Lapho ifayili selakhiwe, sinikezela izimvume ezihambelanayo bese siqala kabusha insiza:
: ~ $ sudo chmod 0600 /etc/sssd/sssd.conf : ~ $ sudo service sssd restart
Uma sifuna ukucebisa okuqukethwe kwefayela langaphambilini, sincoma ukusebenzisa indoda sssd.conf kanye / noma uthintane nemibhalo ekhona ku-Intanethi, uqale ngezixhumanisi ekuqaleni kokuthunyelwe. Futhi thintana indoda sssd-ldap. Iphakheji ssd kufaka isibonelo ku /usr/share/doc/sssd/examples/sssd-example.conf, engasetshenziselwa ukugunyaza ngokumelene ne-Microsoft Active Directory.
Manje sesingasebenzisa imiyalo ephuzwa kakhulu umunwe y uthole:
: ~ $ finger strides Login: strides Name: Strides El Rey Directory: / home / strides Shell: / bin / bash Ungakaze ungene ngemvume. Ayikho imeyili. Alikho icebo. : ~ $ sudo getw passwd legolas i-legolas: *: 1004: 63000: I-Legolas I-Elf: / ikhaya / i-legolas: / bin / bash
Asikwazi ukuzithumela ukuze sizame ukugunyaza njengomsebenzisi kuseva ye-LDAP. Ngaphambi kokuthi siguqule ifayela /etc/pam.d/common-session, ukuze ifolda yomsebenzisi yenziwe ngokuzenzakalela lapho uqala iseshini yakho, uma ingekho, bese uqala kabusha uhlelo:
[----] isikhathi sidingeka pam_mkhomedir.so skel = / etc / skel / umask = 0022 ### Umugqa ongenhla kufanele ufakwe NGAPHAMBI # nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko") [----]
Manje uma siqala kabusha:
: ~ $ sudo qala kabusha
Ngemuva kokungena ngemvume, nqamula inethiwekhi usebenzisa iMenenja yokuXhuma bese uphuma uphinde ungene ngaphakathi. Ungasheshisi lutho. Qalisa esigungwini ifconfig futhi bazobona ukuthi i eth0 ayimisiwe nhlobo.
Yenza kusebenze inethiwekhi. Sicela ungene futhi ungene ngemvume futhi. Hlola futhi nge ifconfig.
Vele, ukusebenza ngokungaxhunyiwe ku-inthanethi, kuyadingeka ukuqala iseshini okungenani kanye ngenkathi i-OpenLDAP iku-inthanethi, ukuze iziqinisekiso zigcinwe kukhompyutha yethu.
Masingakhohlwa ukwenza umsebenzisi wangaphandle obhaliswe ku-OpenLDAP abe yilungu lamaqembu adingekayo, abheke njalo umsebenzisi owenziwe ngesikhathi sokufakwa.
Uma okokusebenza kungafuni ukucishwa ngu i-applet elihambisanayo, bese ugijima kukhonsoli Sudo poweroff ukucisha, futhi ukuqala kabusha kwe-sudo ukuqala kabusha. Kuhlala ukuthola ukuthi kungani lokhu okungenhla kwesinye isikhathi kwenzeka.
Note:
Memezela inketho ldap_tls_reqcert = akakaze, kufayela /etc/sssd/sssd.conf, kuyingozi yokuphepha njengoba kushiwo ekhasini I-SSSD - Imibuzo Evame Ukubuzwa. Inani elizenzakalelayo lithi «kwesidzingo«. Bheka indoda sssd-ldap. Noma kunjalo, esahlukweni 8.2.5 Ukuhlela Izizinda Kusuka kumadokhumenti e-Fedora, okulandelayo kuyashiwo:
I-SSSD ayisekeli ukufakazela ubuqiniso ngaphezu kwesiteshi esingabhalwanga. Ngenxa yalokho, uma ufuna ukuqinisekisa ngeseva ye-LDAP, noma
TLS/SSL
orLDAPS
iyadingeka.I-SSSD akusekeli ukufakazela ubuqiniso ngaphezu kwesiteshi esingabhalwanga. Ngakho-ke, uma ufuna ukuqinisekisa ngeseva ye-LDAP, kuzodingeka I-TLS / SLL o I-LDAP.
Ngokwethu sicabanga ukuthi isixazululo sibhekiwe yanele i-Enterprise LAN, kusuka endaweni yokubuka yokuphepha. Ngokusebenzisa iWWW Village, sincoma ukusebenzisa ishaneli ebethelwe usebenzisa TLS noma «Isendlalelo Sokuphepha Kwezokuthutha », phakathi kwekhompyutha yeklayenti neseva.
Sizama ukukufeza kusuka esizukulwaneni esifanele sezitifiketi ze-Self Signed noma i- «Uyasayina “Kusiphakeli se-ClearOS, kepha asikwazanga. Empeleni kuyinkinga esalindile. Uma kukhona umfundi okwazi ukukwenza, wamukelekile ukukuchaza!
Enye indatshana yamaBhukumaka 😀
Siyabonga ngokuphawula nokubingelela !!!
Sawubona. Ngizama ukuyenza isebenze nesiphakeli se-ubuntu nenye i-ubuntu njengeklayenti, futhi konke okuxhunywe kusebenza kahle kakhulu, kepha lapho ngima iseva noma nginqamula inethiwekhi, ayemukeli amaphasiwedi wabasebenzisi. Angazi ukuthi yini engingayenza engalungile. Kungenzeka yini ukuthi anginayo i-ldap server elungiselelwe ukusebenzisa ukuphepha (ssl)?
Yingakho nje, njengoba ungenaso isiteshi esibethelwe, ngeke samukele iphasiwedi yakho.