I-PAM, i-NIS, i-LDAP, i-Kerberos, i-DS ne-Samba 4 AD-DC - Amanethiwekhi we-SMB

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani bangani nabangane!

Ngale ndatshana ngithi Goodbye to the FromLinux Community. Ukuvalelisa okukhethekile komphakathi okhethekile. Kusukela manje ngizoba kuphrojekthi yami yangasese ongazi kuyo http://www.gigainside.com.

Inhloso enkulu yokuthunyelwe ukunikeza «Isithombe Esikhulu»Mayelana Nezinsizakalo Zokufakazela ubuqiniso nge-Free Software esinayo. Okungenani leyo yinhloso yethu. Ngakho-ke kuzoba yisikhathi eside, yize sazi ukuthi kuphambene nemithetho ejwayelekile yokubhala izindatshana. Siyethemba abaphathi bohlelo bayakwazisa.

Sifuna ukukhomba ukuthi umthetho olandelwayo ovamile kuzinhlelo eziningi zesimanje zokufakazela ubuqiniso yi- I-LDAP, nokuthi akulona ivila ukulitadisha ngokucophelela, ngokususelwa kokufundwayo esizokuthola engosini esemthethweni http://www.openldap.org/.

Ngeke sinikeze izincazelo eziningiliziwe - noma izixhumanisi- ezicini okukhulunywe ngazo kuma-athikili adlule, noma kulabo incazelo yabo engafinyeleleka kalula ku-Wikipedia noma kwamanye amasayithi noma ama-athikili akwi-Intanethi, ukuze singalahlekelwa yinhloso yomyalezo esiwufunayo ukunika. Sizosebenzisa nokuxuba okuvumelekile kwamagama esiNgisini naseSpanishi, njengoba sibheka ukuthi amasistimu amaningi azalwa enamagama esiNgisini futhi kuyasiza kakhulu ukuthi iSysadmin iwasebenzise ngolimi lwayo lokuqala.

  • WFP: Imojuli Yokufakazela Ukuqinisekisa ephathekayo.
  • I-NIS: Inethiwekhi_Information_Service.
  • I-LDAP: Uhlelo Lokungena Lwesikhombi Esingasindi.
  • I-Kerberos: Iprotocol yokuvikela ukuqinisekisa abasebenzisi, amakhompiyutha kanye nezinsizakalo okuphakathi kwenethiwekhi, ukuqinisekisa imininingwane yabo ngokuqhathaniswa nokufakiwe okukhona ku-database yeKerberos.
  • DS: I-Directory Server noma i-Directory Service
  • AD-DC: Isiqondisi Esisebenzayo - Isizinda Controler

Inkomba

WFP

Sinikezela uchungechunge oluncane kulolu hlobo lokufakazela ubuqiniso bendawo, ozoyibona ekusebenzeni kwansuku zonke ukuthi isetshenziswa kabanzi lapho, ngokwesibonelo, sijoyina indawo yokusebenza ku-Domain Controller noma ku-Active Directory; ukubalaza abasebenzisi abagcinwe kulwazi lwangaphandle lwe-LDAP sengathi bangabasebenzisi bendawo; ukubalaza abasebenzisi abagcinwe ku-Domain Controller ye-Active Directory ngokungathi bangabasebenzisi bendawo, njalo njalo.

I-NIS

De Wikipedia:

  • I-Network Information System (eyaziwa ngegama layo elifushanisiwe le-NIS, ngesiSpanish elisho i-Network Information System), igama le-protocol-services services services protocol eyenziwe yi-Sun Microsystems ngokuthumela idatha yokumisa ezinhlelweni ezisatshalalisiwe ezinjengamagama wabasebenzisi nabaphathi phakathi kwamakhompyutha kunethiwekhi.I-NIS isuselwa ku-ONC RPC, futhi iqukethe iseva, umtapo wezincwadi ohlangothini lwamakhasimende, namathuluzi ahlukahlukene wokuphatha.

    Ekuqaleni i-NIS yayibizwa nge-Yellow Pages, noma i-YP, esasetshenziswa ukubhekisa kuyo. Ngeshwa, lelo gama wuphawu lokuhweba lweBritish Telecom, olwaludinga uSun ukuthi alilahle lelo gama. Kodwa-ke, i-YP ihlala iyisiqalo kumagama wemiyalo eminingi ehlobene ne-NIS, njenge-ypserv ne-ypbind.

    I-DNS isebenza ngolwazi olulinganiselwe, okubaluleke kakhulu ukuxhumana phakathi kwegama le-node nekheli le-IP. Kwezinye izinhlobo zolwazi, ayikho insizakalo enjalo ekhethekile. Ngakolunye uhlangothi, uma uphatha i-LAN encane ngaphandle kokuxhumeka kwe-Intanethi, akubonakali kufanelekile ukusetha i-DNS. Yingakho uSun asungule iNethiwekhi Information System (NIS). I-NIS ihlinzeka ngamakhono okufinyelela e-database ejwayelekile angasetshenziswa ukusabalalisa, ngokwesibonelo, imininingwane equkethwe kudlula futhi iqoqe amafayela kuwo wonke ama-node kunethiwekhi yakho. Lokhu kwenza inethiwekhi ibukeke njengohlelo olulodwa, olunama-akhawunti afanayo kuwo wonke ama-node. Ngokufanayo, i-NIS ingasetshenziselwa ukusabalalisa imininingwane yamagama we-node equkethwe ku- / etc / hosts Kuyo yonke imishini kunethiwekhi.

    Namuhla i-NIS iyatholakala cishe kukho konke ukusatshalaliswa kwe-Unix, futhi kukhona nokuqaliswa kwamahhala. I-BSD Net-2 ishicilele eyodwa ethathwe ekusetshenzisweni kwesethenjwa sesizinda somphakathi okunikelwe yi-Sun. Ikhodi yelabhulali yengxenye yamakhasimende yale nguqulo ibikhona ku-GNU / Linux libc isikhathi eside, futhi izinhlelo zokuphatha zathunyelwa kwi-GNU / Linux nguSwel Thümmler. Noma kunjalo, iseva ye-NIS ayitholakali ngokusetshenziswa kwesethenjwa.

    UPeter Eriksson usungule uhlelo olusha olubizwa nge-NYS. Isekela i-NIS eyisisekelo kanye nenguqulo ethuthukisiwe ye-Sun NIS +. [1] I-NYS ayiniki kuphela amathuluzi amaningi we-NIS neseva, kepha futhi ingeza isethi entsha yemisebenzi yelabhulali oyidingayo ukuyihlanganisa ku-libc yakho uma ufuna ukuyisebenzisa. Lokhu kufaka phakathi uhlelo olusha lokumiswa kwesixazululo segama le-node esishintsha isikimu samanje esisetshenziswa yifayela le- "host.conf".

    I-GNU libc, eyaziwa njenge-libc6 emphakathini we-GNU / Linux, ifaka inguqulo ebuyekeziwe yokusekelwa kwendabuko kwe-NIS okwenziwe nguThorsten Kukuk. Ixhasa yonke imisebenzi yelabhulali enikezwe yi-NYS, futhi ibuye isebenzise uhlelo lokumisa lwe-NYS oluthuthukile. Amathuluzi neseva kusadingeka, kepha ukusebenzisa i-libc ye-GNU kusindisa inkathazo yokuthwebula nokubuyisela kabusha umtapo wezincwadi

    .

Ikhompyutha negama lesizinda, isikhombimsebenzisi senethiwekhi nesixazululi

  • Siqala ngokufakwa okuhlanzekile -ngaphandle kwesibonisi sokuqhafaza- kwe-Debian 8 "Jessie". Isizinda swl.fan sisho ukuthi "Abalandeli beSoftware yamahhala." Yiliphi igama elingcono kuneli?.
impande @ master: ~ # igama lomgcini
master
impande @ master: ~ # igama lomgcini -f
master.swl.fan

impande @ master: ~ # ip addr 1: bheka: umuntu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1 inet 8/6 scope host lo valid_lft forever preferred_lft forever inet1 :: 128/2 ububanzi bokubamba i-valid_lft unomphela okhethwayo_lft unomphela 0: eth1500: umuntu 1000 qdisc pfifo_fast state UP group default qlen 00 link / ether 0: 29c: 4: 76c: 9: d192.168.10.5 brd ff: ff: ff: ff: ff: ff inet 24/192.168.10.255 brd 0 scope global eth6 valid_lft unomphela okhethwayo_lft unomphela inet80 fe20 :: 29c: 4ff: fe76c: 9d64 / XNUMX scope link valid_lft forever preferred_lft forever

impande @ master: ~ # ikati /etc/resolv.conf 
sesha i-swl.fan nameserver 127.0.0.1

Ukufakwa kwe-bind9, isc-dhcp-server ne-ntp

bopha9

impande @ master: ~ # aptitude install bind9 bind9-idokodo nmap
impande @ master: ~ # isimo se-systemctl bind9

impande @ master: ~ # nano /etc/bind/named.conf
faka "/etc/bind/named.conf.options"; faka "/etc/bind/named.conf.local"; faka i - "/etc/bind/named.conf.default-zones";

impande @ master: ~ # cp /etc/bind/named.conf.options \ /etc/bind/named.conf.options.original

impande @ master: ~ # nano /etc/bind/named.conf.options
izinketho {lwemibhalo "/ var / cache / bind"; // Uma kukhona i-firewall phakathi kwakho nama-nameservers ofuna // ukukhuluma nawo, kungadingeka ukuthi ulungise i-firewall ukuze uvumele amachweba amaningi we-// ukuthi akhulume. Bheka http://www.kb.cert.org/vuls/id/800113

        // Uma i-ISP yakho inikeze ikheli elilodwa le-IP noma amaningi we-nameservers ezinzile //, mhlawumbe ufuna ukuwasebenzisa njengabadlulisi. // Khipha ibhulokhi elandelayo, bese ufaka amakheli afaka esikhundleni se-placeholder se-all-0. Abadluliseli // // //}; // ========================================== = =========== Bheka https://www.isc.org/bind-keys
        // ========================================== = ==================== $ // Asifuni i-DNSSEC
        dnssec-nika amandla cha;
        // dnssec-ukuqinisekisa auto; i-auth-nxdomain cha; # vumelana ne-RFC1035 lalela-ku-v6 {noma yikuphi; }; // Amasheke avela ku-localhost naku-sysadmin // ngokusebenzisa dig swl.fan axfr // Asinayo i-Slave DNS ... kuze kube manje
        vumela-dlulisa i- {localhost; 192.168.10.1; };
}; impande @ master: ~ # okuthiwa-checkconf

impande @ master: ~ # nano /etc/bind/zones.rfcFreeBSD
// Isikhala Samakheli Abiwe (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Isixhumanisi sendawo / i-APIPA (RFCs 3927, 5735 kanye ne-6303)
indawo "254.169.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };

Izabelo ze-// IETF protocol (RFCs 5735 kanye no-5736)
indawo "0.0.192.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// I-TEST-NET- [1-3] Yemibhalo (i-RFCs 5735, 5737 ne-6303)
indawo "2.0.192.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "100.51.198.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "113.0.203.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// Ibanga Lesibonelo le-IPv6 leMibhalo (ama-RFCs 3849 no-6303)
indawo "8.bd0.1.0.0.2.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// Amagama Esizinda Wokubhalwa Kwemibhalo Nokuhlolwa (BCP 32)
zone "test" {type master; ifayela "/etc/bind/db.empty"; }; zone "example" {type master; ifayela "/etc/bind/db.empty"; }; indawo "engavumelekile" {uhlobo lwenkosi; ifayela "/etc/bind/db.empty"; }; indawo "example.com" {type master; ifayela "/etc/bind/db.empty"; }; indawo "example.net" {type master; ifayela "/etc/bind/db.empty"; }; indawo "example.org" {type master; ifayela "/etc/bind/db.empty"; };

// Ukuhlolwa kweBenchmark Benchmark (RFCs 2544 no-5735)
indawo "18.198.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "19.198.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// IANA Igcinwe - Isikhala Esidala E (RFC 5735)
indawo "240.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "241.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "242.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "243.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "244.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "245.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "246.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "247.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "248.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "249.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "250.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "251.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "252.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "253.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "254.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// Amakheli we-IPv6 angabelwe (RFC 4291)
indawo "1.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "3.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "4.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "5.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "6.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "7.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "8.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "9.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "a.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "b.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "c.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "d.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "e.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "0.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "1.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "2.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "3.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "4.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "5.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "6.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "7.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "8.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "9.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "afip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "bfip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "0.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "1.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "2.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "3.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "4.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "5.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "6.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "7.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// IPv6 ULA (RFCs 4193 no-6303)
indawo "cfip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "dfip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// IPv6 Link Local (RFCs 4291 kanye 6303)
indawo "8.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "9.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "aefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "befip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// Amakheli e-IPv6 ahoxisiwe eSayithi (i-RFCs 3879 ne-6303)
indawo "cefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "defip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "eefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "fefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };

// IP6.INT yehlisiwe (RFC 4159)
indawo "ip6.int" {type master; ifayela "/etc/bind/db.empty"; };

impande @ master: ~ # nano /etc/bind/named.conf.local
// // Ingabe kukhona ukumiswa kwasendaweni lapha // // Cabanga ukungeza izindawo ezingama-1918 lapha, uma zingasetshenziswa enhlanganweni yakho // zifaka phakathi "/etc/bind/zones.rfc1918";
faka i- "/etc/bind/zones.rfcFreeBSD";

// Isimemezelo segama, uhlobo, indawo kanye nemvume yokuvuselela // ye-DNS Records Zones // Zombili iZones Ziyi-MASTER zone "swl.fan" {type master; ifayela "/var/lib/bind/db.swl.fan"; }; indawo "10.168.192.in-addr.arpa" {type master; ifayela "/var/lib/bind/db.10.168.192.in-addr.arpa"; };

impande @ master: ~ # okuthiwa-checkconf

impande @ master: ~ # nano /var/lib/bind/db.swl.fan
$ TTL 3H @ IN SOA master.swl.fan. impande.master.swl.fan. (1; i-serial 1D; vuselela i-1H; zama i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila; @ IN NS master.swl.fan. @ KWI-MX 10 mail.swl.fan. @ IN A 192.168.10.5 @ IN TXT "For Fans of Free Software"; sysadmin KU-192.168.10.1 iseva yefayela KU-192.168.10.4 master IN A 192.168.10.5 proxyweb IN A 192.168.10.6 blog IN A 192.168.10.7 ftpserver KU-A 192.168.10.8 mail IN A 192.168.10.9

impande @ master: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ TTL 3H @ IN SOA master.swl.fan. impande.master.swl.fan. (1; i-serial 1D; vuselela i-1H; zama kabusha i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila; @ IN NS master.swl.fan. ; 1 KU-PTR sysadmin.swl.fan. 4 KU-PTR fileserver.swl.fan. 5 KU-PTR master.swl.fan. 6 KU-PTR proxyweb.swl.fan. 7 KU-PTR blog.swl.fan. 8 KU-PTR ftpserver.swl.fan. 9 KWE-PTR mail.swl.fan.

impande @ master: ~ # okuthiwa-checkzone swl.fan /var/lib/bind/db.swl.fan
i-zone swl.fan/IN: i-serial elayishiwe engu-1 KULUNGILE
impande @ master: ~ # okuthiwa-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa
indawo engu-10.168.192.in-addr.arpa/IN: i-serial elayishiwe engu-1 KULUNGILE

impande @ master: ~ # okuthiwa-checkconf -zp
impande @ master: ~ # systemctl qala kabusha bind9.service
impande @ master: ~ # isimo se-systemctl bind9.service

I-B9 isheke

impande @ master: ~ # dig swl.fan axfr
impande @ master: ~ # dig 10.168.192.in-addr.arpa axfr
impande @ master: ~ # bamba ku-SOA swl.fan
impande @ master: ~ # bamba IN NS swl.fan
impande @ master: ~ # bamba KU-MX swl.fan
impande @ master: ~ # proxyweb host root @ master: ~ # nping --tcp -p 53 -c 3 localhost
impande @ master: ~ # nping --udp -p 53 -c 3 localhost
impande @ master: ~ # nping --tcp -p 53 -c 3 master.swl.fan
impande @ master: ~ # nping --udp -p 53 -c 3 master.swl.fan
Iqala i-Nping 0.6.47 ( http://nmap.org/nping ) ngo-2017-05-27 09:32 EDT SENT (0.0037s) UDP 192.168.10.5:53> 192.168.10.245:53 ttl = 64 id = 20743 iplen = 28 SENT (1.0044s) UDP 192.168.10.5:53> 192.168.10.245 .53: 64 ttl = 20743 id = 28 iplen = 2.0060 SENT (192.168.10.5s) UDP 53:192.168.10.245> 53:64 ttl = 20743 id = 28 iplen = 3 Max rtt: N / A | Ubuncane rtt: N / A | I-Avg rtt: N / A amaphakethe we-Raw athunyelwe: 84 (0B) | I-Rcvd: 0 (3B) | Kulahlekile: 100.00 (1%) Ukuqedwa kwenziwa: Ikheli le-IP eli-3.01 liphiniwe kumasekhondi angu-XNUMX 

i-isc-dhcp-iseva

impande @ master: ~ # ukufaka ukufaneleka i-isc-dhcp-server
impande @ master: ~ # nano / etc / default / isc-dhcp-server
# Kukuziphi izixhumi lapho kufanele iseva ye-DHCP (dhcpd) isebenzise izicelo ze-DHCP? # Hlukanisa izixhumi eziningi ezinendawo, isb. "Eth0 eth1".
IZINHLANGANO = "eth0"

impande @ master: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
impande @ master: ~ # ikati Kdhcp-key. + 157 + 51777 
Ifomethi yangokhiye wangasese: v1.3 Algorithm: 157 (HMAC_MD5) Ukhiye: Ba9GVadq4vOCixjPN94dCQ == Amabhithi: AAA = Idalwe: 20170527133656 Shicilela: 20170527133656 Yenza kusebenze: 20170527133656

impande @ master: ~ # nano dhcp.key
ukhiye we-dhcp-key {
        I-algorithm hmac-md5;
        imfihlo "I-Ba9GVadq4vOCixjPN94dCQ == ";
}; impande @ master: ~ # ukufaka -o impande -g bopha -m 0640 dhcp.key /etc/bind/dhcp.key (i-imeyili ivikelwe): ~ # ukufaka -o impande -g impande -m 0640 dhcp.key / etc / dhcp /dhcp.key izimpande @ master: ~ # nano /etc/bind/named.conf.local
faka "/etc/bind/dhcp.key";

indawo "swl.fan" {type master; ifayela "/var/lib/bind/db.swl.fan";
        vumela-ukubuyekeza {key dhcp-key; };
}; indawo "10.168.192.in-addr.arpa" {type master; ifayela "/var/lib/bind/db.10.168.192.in-addr.arpa";
        vumela-ukubuyekeza {key dhcp-key; };
};

impande @ master: ~ # okuthiwa-checkconf

impande @ master: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
impande @ master: ~ # nano /etc/dhcp/dhcpd.conf
i-ddns-update-style yesikhashana; izibuyekezo ze-ddns ku; ddns-igama lesizinda "swl.fan."; ddns-rev-domainname "in-addr.arpa."; unganaki izibuyekezo zamakhasimende; ukuvuselelwa-nokwenza amanga; # Kungadingeka ku-Debian onegunya; ukudlulisa inketho kuvaliwe; igama lesizinda legama "swl.fan"; faka phakathi "/etc/dhcp/dhcp.key"; indawo swl.fan. {okuyinhloko 127.0.0.1; ukhiye we-dhcp-ukhiye; } indawo engu-10.168.192.in-addr.arpa. {okuyinhloko 127.0.0.1; ukhiye we-dhcp-key; } i-redlocal eyabiwe-inethiwekhi {subnet 192.168.10.0 netmask 255.255.255.0 {option routers 192.168.10.1; inketho ye-subnet-mask 255.255.255.0; ikheli lokusakaza lekheli 192.168.10.255; inketho yesizinda-igama-amaseva 192.168.10.5; izinketho ze-netbios-name-server 192.168.10.5; inketho ntp-server 192.168.10.5; izinketho zesikhathi-amaseva 192.168.10.5; ububanzi 192.168.10.30 192.168.10.250; }}

impande @ master: ~ # dhcpd -t
I-Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. Wonke Amalungelo Agodliwe. Ngemininingwane, sicela uvakashele https://www.isc.org/software/dhcp/
Ifayela le-Config: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid

impande @ master: ~ # systemctl qala kabusha bind9.service 
impande @ master: ~ # isimo se-systemctl bind9.service 

impande @ master: ~ # systemctl qala isc-dhcp-server.service
impande @ master: ~ # isimo se-systemctl isc-dhcp-server.service

ntp

impande @ master: ~ # aptitude install ntp ntpdate
impande @ master: ~ # cp /etc/ntp.conf /etc/ntp.conf.original
impande @ master: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day sikwazi filegen peerstats file peerstats type day sikwazi ama-filegen clockstats file clockstats type day sikwazi server 192.168.10.1 vimbela -4 iphutha kod notrap nomodify nopeer noquery limited -6 okuzenzakalelayo kod notrap khetha i-noopeery noquery limited 127.0.0.1 limited :: 1 ukusakaza 192.168.10.255

impande @ master: ~ # systemctl qala kabusha ntp.service 
impande @ master: ~ # systemctl isimo ntp.service
impande @ master: ~ # ntpdate -u sysadmin.swl.fan
27 Meyi 10:04:01 ntpdate [18769]: lungisa iseva yesikhathi 192.168.10.1 offset 0.369354 sec

Ukuhlolwa komhlaba wonke kwe-ntp, bind9, ne-isc-dhcp-server

Kusuka kuLinux, BSD, Mac OS, noma iklayenti leWindows hlola ukuthi isikhathi sivumelanisiwe kahle yini. Ukuthi ithola ikheli le-IP eliguquguqukayo nokuthi igama lalowo ophethe lixazululwe ngemibuzo eqondile neguqukayo ye-DNS. Shintsha igama lekhasimende uphinde wenze konke okuhloliwe. Ungaqhubeki uze uqiniseke ukuthi izinsizakalo ezifakiwe kuze kube manje zisebenza kahle. Kokuthize sabhala zonke izindatshana ezimayelana ne-DNS ne-DHCP ku Amanethiwekhi wekhompyutha ama-SME.

Ukufakwa Kweseva ye-NIS

impande @ master: ~ # ukufaneleka kubonisa nis
Ingqubuzana ne: netstd (<= 1.26) Incazelo: amaklayenti kanye nama-daemon we-Network Information Service (NIS) Le phakheji inikeza amathuluzi wokusetha nokugcina isizinda se-NIS. I-NIS, ekuqaleni eyaziwa ngokuthi yi-Yellow Pages (YP), isetshenziswa kakhulu ukuvumela imishini eminingana kunethiwekhi ukuthi yabelane ngolwazi olufanayo lwe-akhawunti, njengefayela le-password.

impande @ master: ~ # ukufaka ukufaneleka ukufaka nis
Ukucushwa Kwephakheji ┌─────────────────────────┤ Ukucushwa kwe-Nis ├──────────────── ── │ │ Khetha igama lesizinda le-NIS lalesi simiso. Uma ufuna │ │ lo mshini ukuthi ube iklayenti nje, kufanele ufake igama lesizinda se- │ │ NIS ofuna ukusijoyina. Uma kungenjalo, uma lo mshini uzoba iseva ye-NIS, ungafaka a │ igama elisha "lesizinda" le-NIS noma igama lesizinda esivele sikhona se-NIS │ │. │ │ │ │ Isizinda se-NIS: │ │ │ │ swl.fan __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Izobambezela eyakho ngoba ukumiswa kwensizakalo akukho lapho. Sicela ulinde inqubo ize iqede.

impande @ master: ~ # nano / etc / default / nis
# Ingabe siyiseva ye-NIS futhi uma kunjalo hlobo luni (amanani: amanga, isigqila, inkosi)?
NISSERVER = master

impande @ master: ~ # nano /etc/ypserv.securenets # securenets Leli fayela lichaza amalungelo okufinyelela kuseva yakho ye-NIS # kumakhasimende we-NIS (namaseva ezinceku - ypxfrd isebenzisa leli fayela # futhi). Leli fayela liqukethe ama-netmask / network pair. # Ikheli le-IP lamakhasimende lidinga ukufana okungenani nelilodwa # lalawo. # # Umuntu angasebenzisa igama "umphathi" esikhundleni se-netmask ye- # 255.255.255.255. Amakheli e-IP kuphela avunyelwe kuleli fayela elingu- #, hhayi amagama aphethe. # # Vumela njalo ukufinyelela kwe-localhost 255.0.0.0 127.0.0.0 # Lo mugqa unikeza ukufinyelela kuwo wonke umuntu. NGICELA UHLEKE! # 0.0.0.0 0.0.0.0
I-255.255.255.0 192.168.10.0

impande @ master: ~ # nano / var / yp / Makefile # Kufanele sihlanganise ifayili le-passwd nefayela lesithunzi? # MERGE_PASSWD = iqiniso | amanga
MERGE_PASSWD = kuyiqiniso

# Kufanele sihlanganise ifayili leqembu nefayela le-gshadow? # MERGE_GROUP = iqiniso | amanga
MERGE_GROUP = kuyiqiniso

Sakha i-database ye-NIS

impande @ master: ~ # / usr / lib / yp / ypinit -m
Kuleli qophelo, kufanele sakhe uhlu lwabasingathi abazosebenzisa amaseva we-NIS. master.swl.fan usohlwini lwabaphathi beseva be-NIS. Sicela uqhubeke nokwengeza amagama abanye ababungazi, umugqa ngamunye. Uma usuqedile ngohlu, thayipha a . umsingathi olandelayo ukungeza: master.swl.fan umsingathi olandelayo ukungeza: Uhlu lwamanje lwamaseva we-NIS lubukeka kanjena: master.swl.fan Ngabe lokhu kulungile? [y / n: y] Sidinga imizuzu embalwa yokwakha imininingwane ... yenza [1]: Ishiya umkhombandlela '/var/yp/swl.fan' master.swl.fan isethwe njengeseva eyinhloko ye-NIS . Manje usungagijima ypinit -s master.swl.fan kuwo wonke amaseva wezigqila.

impande @ master: ~ # systemctl qala kabusha nis
impande @ master: ~ # systemctl isimo nis

Sengeza abasebenzisi bendawo

impande @ master: ~ # i-adduser bilbo
Ukungeza umsebenzisi `bilbo '... Ukungeza iqembu elisha` bilbo' (1001) ... Ukungeza umsebenzisi omusha` bilbo '(1001) neqembu` bilbo' ... Ukwakha umkhombandlela wasekhaya` / home / bilbo ' ... Ukukopisha amafayela kusuka ku `/ etc / skel '... Faka iphasiwedi entsha ye-UNIX: Thayipha kabusha iphasiwedi entsha ye-UNIX: passwd: password olusha kahle Ukushintsha imininingwane yomsebenzisi ye-bilbo Faka inani elisha, noma cindezela ENTER ukusebenzisa igama eligcwele eligcwele []: Inombolo yegumbi le-Bilbo Bagins []: Ucingo lomsebenzi []: Ucingo lwasekhaya []: Okunye []: Ingabe ulwazi luyiqiniso? [Y / n]

impande @ master: ~ # adduser strides root @ master: ~ # adduser legolas

njalonjalo.

impande @ master: ~ # i-legolas yeminwe
Ukungena ngemvume: i-legolas Igama: I-Legolas Archer Directory: / home / legolas Shell: / bin / bash Akukaze kungenwe ngemvume. Ayikho imeyili. Alikho icebo.

Sibuyekeza i-database ye-NIS

impande @ master: / var / yp # make
yenza [1]: Kufakwa umkhombandlela '/var/yp/swl.fan' Ibuyekeza i-passwd.byname ... Ibuyekeza i-passwd.byuid ... Ibuyekeza i-group.byname ... Ibuyekeza i-group.bygid ... Ibuyekeza i-netid.byname. .. Ibuyekeza i-shadow.byname ... Izitshiwe -> ihlanganiswe ne-passwd make [1]: Ishiya umkhombandlela '/var/yp/swl.fan'

Sengeza izinketho ze-NIS kusec-dhcp-server

impande @ master: ~ # nano /etc/dhcp/dhcpd.conf
i-ddns-update-style yesikhashana; izibuyekezo ze-ddns ku; ddns-igama lesizinda "swl.fan."; ddns-rev-domainname "in-addr.arpa."; unganaki izibuyekezo zamakhasimende; ukuvuselelwa-nokwenza amanga; onegunya ukudlulisa inketho kuvaliwe; igama lesizinda legama "swl.fan"; faka phakathi "/etc/dhcp/dhcp.key"; indawo swl.fan. {okuyinhloko 127.0.0.1; ukhiye we-dhcp-key; } indawo engu-10.168.192.in-addr.arpa. {okuyinhloko 127.0.0.1; ukhiye we-dhcp-key; } i-redlocal eyabiwe-inethiwekhi {subnet 192.168.10.0 netmask 255.255.255.0 {option routers 192.168.10.1; inketho ye-subnet-mask 255.255.255.0; ikheli lokusakaza lekheli 192.168.10.255; inketho yesizinda-igama-amaseva 192.168.10.5; izinketho ze-netbios-name-server 192.168.10.5; inketho ntp-server 192.168.10.5; izinketho zesikhathi-amaseva 192.168.10.5;
                inketho nis-domain "swl.fan";
                inketho nis-server 192.168.10.5;
                ububanzi 192.168.10.30 192.168.10.250; }}

impande @ master: ~ # dhcpd -t
impande @ master: ~ # systemctl qala kabusha isc-dhcp-server.service

Ukufaka iklayenti le-NIS

  • Siqala ngokufakwa okuhlanzekile -ngaphandle kwesibonisi sokuqhafaza- kwe-Debian 8 "Jessie".
impande @ imeyili: ~ # umnikazi wegama -f
imeyili.swl.fan

impande @ imeyili: ~ # ip addr
2: eth0: umuntu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: 25: 1f: 54 brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.9/24 brd 192.168.10.255 ububanzi global eth0

impande @ imeyili: ~ # ukufaneleka ukufaka nis
impande @ imeyili: ~ # nano /etc/yp.conf # # yp.conf Ifayela lokumiswa lenqubo ye-ypbind. Ungachaza amaseva we- # NIS ngesandla lapha uma engatholakali ngokusakazwa okungu- # kunetha lasendaweni (okuyinto ezenzakalelayo). # # Bona ikhasi lesandla le-ypbind le-syntax yaleli fayela. # # OKUBALULEKILE: Nge- "ypserver", sebenzisa amakheli we-IP, noma qiniseka ukuthi # umsingathi uku / etc / hosts. Leli fayela lihunyushwa # kube kanye kuphela, futhi uma i-DNS ingatholakali okwamanje i-ypserver ayikwazi # ukuxazululwa futhi i-ypbind ngeke ize ibophele kuseva. # ypserver ypserver.network.com ypserver master.swl.fan isizinda swl.fan

impande @ imeyili: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Isibonelo sokucushwa kokusebenza kwe-GNU Name Service Shintsha. # Uma unamaphakeji athi `glibc-doc-reference 'and` info', zama: #` info libc "Name Service switch" 'ukuthola ulwazi ngaleli fayela. i-passwd: i-compat nis group: i-compat nis shadow: i-compat nis gshadow: i-files host: ama-file dns nis amanethiwekhi: ama-protocols amafayela: amasevisi we-db services: amafayela we-db ethers: amafayela we-db rpc: amafayela we-db netgroup: nis

impande @ imeyili: ~ # nano /etc/pam.d/common-session
# pam-auth-update (8) ngemininingwane.
isikhathi sokuzikhethela pam_mkhomedir.so skel = / etc / skel umask = 077
# nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko")

impande @ imeyili: ~ # isimo se-systemctl nis
impande @ imeyili: ~ # systemctl qala kabusha nis

Sivala iseshini bese siyayiqala futhi kepha ngomsebenzisi obhaliswe ku-database ye-NIS ku- master.swl.fan.

impande @ imeyili: ~ # phuma
ukuphuma ngemvume Ukuxhumana neposi kuvaliwe.

buzz @ sysadmin: ~ $ ssh legolas @ imeyili
iphasiwedi ye-legolas @ mail: Ukudala umkhombandlela '/ ikhaya / i-legolas'. Izinhlelo ezifakwe ohlelweni lwe-Debian GNU / Linux ziyisoftware yamahhala; imigomo eqondile yokusatshalaliswa kohlelo ngalunye ichazwe kumafayili ngamanye ku / usr / share / doc / * / copyright. I-Debian GNU / Linux iza ne-ABSOLUTELY NO WARRANTY, kuze kufike ezingeni elivunyelwe umthetho osebenzayo.
iilegolas @ imeyili: ~ $ pwd
/ ikhaya / i-legolas
i-legolas @ imeyili: ~ $ 

Sishintsha iphasiwedi yomsebenzisi we-legolas bese sihlola

i-legolas @ imeyili: ~ $ yppasswd 
Ukushintsha imininingwane ye-akhawunti ye-NIS ye-legolas ku- master.swl.fan. Sicela ufake iphasiwedi endala: i-legolas Changing password ye-NIS ye-legolas ku- master.swl.fan. Sicela ufake iphasiwedi entsha: umcibisheli I-password kufanele ibe nezinhlamvu zombili ezingenhla, noma ezingezona izinhlamvu. Sicela ufake iphasiwedi entsha: Arquero2017 Sicela uphinde uthayiphe iphasiwedi entsha: Arquero2017 Iphasiwedi ye-NIS ishintshiwe ku- master.swl.fan.

i-legolas @ imeyili: ~ $ exit
ukuphuma ngemvume Ukuxhumana neposi kuvaliwe.

buzz @ sysadmin: ~ $ ssh legolas @ imeyili
Iphasiwedi ye-legolas @ mail: Arquero2017

Izinhlelo ezifakwe ohlelweni lwe-Debian GNU / Linux ziyisoftware yamahhala; imigomo ngqo yokusatshalaliswa kohlelo ngalunye ichazwe kumafayili ngamanye ku / usr / share / doc / * / copyright. I-Debian GNU / Linux iza ne-ABSOLUTELY NO WARRANTY, kuze kufike ezingeni elivunyelwe umthetho osebenzayo. Ukungena ngemvume kokugcina: Sat May 27 12:51:50 2017 from sysadmin.swl.fan
i-legolas @ imeyili: ~ $

Insiza ye-NIS eyenziwe ezingeni leseva neklayenti isebenza kahle.

I-LDAP

Kusuka kuWikipedia:

  • I-LDAP isichazamazwi se-Lightweight Directory Access Protocol (ngeSpanish Lightweight Directory Access Protocol) esibhekisa kunqubo esezingeni yohlelo lokusebenza evumela ukufinyelela kwinsizakalo yomkhombandlela e-odiwe futhi esatshalalisiwe ukucinga imininingwane ehlukahlukene kunethiwekhi yezemvelo. I-LDAP ibuye ibhekwe njenge-database (yize uhlelo lwayo lokugcina lungahluka) olungabuzwa.Inkomba iqoqo lezinto ezinezimfanelo ezihlelwe ngendlela enengqondo futhi ngokulandelana. Isibonelo esivame kakhulu yinkomba yocingo, equkethe uchungechunge lwamagama (abantu noma izinhlangano) ahlelwe ngokwe-alfabhethi, negama ngalinye linekheli nenombolo yocingo enamathiselwe kuyo. Ukuqonda kangcono, yincwadi noma ifolda, lapho kubhalwa khona amagama abantu, izinombolo zocingo namakheli, futhi ihlelwe ngokwe-alfabhethi.

    Isihlahla somhlahlandlela we-LDAP kwesinye isikhathi sikhombisa imingcele ehlukahlukene yezepolitiki, yezwe, noma yenhlangano, kuya ngemodeli ekhethiwe. Ukuthunyelwa kwamanje kwe-LDAP kuvame ukusebenzisa amagama e-Domain Name System (DNS) ukuhlela amazinga aphezulu wobukhosi. Njengoba uskrolela phansi umkhombandlela, okufakwayo kungavela okumele abantu, amayunithi wenhlangano, amaphrinta, amadokhumenti, amaqembu abantu, noma yini emele okufakiwe okunikezwe esihlahleni (noma okufakiwe okuningi).

    Imvamisa, igcina imininingwane yokufakazela ubuqiniso (umsebenzisi nephasiwedi) futhi isetshenziselwa ukugunyaza, noma kungenzeka ukugcina eminye imininingwane (idatha yokuxhumana yomsebenzisi, indawo yezinsizakusebenza ezahlukahlukene zenethiwekhi, izimvume, izitifiketi, njll.). Ngokufingqa, i-LDAP iyindlela yokufinyelela efinyelelwe kusethi yolwazi kunethiwekhi.

    Uhlobo lwamanje yi-LDAPv3, futhi luchazwa kuma-RFCs RFC 2251 naku-RFC 2256 (idokhumende eyisisekelo ye-LDAP), i-RFC 2829 (indlela yokufakazela ubuqiniso ye-LDAP), i-RFC 2830 (isandiso se-TLS), ne-RFC 3377 (imininingwane yezobuchwepheshe)

    .

Isikhathi eside, umthetho olandelwayo we-LDAP - nemininingwane yawo ehambisanayo noma cha ne-OpenLDAP - isetshenziswa kakhulu ezinhlelweni zokufakazela ubuqiniso namuhla. Njengesibonelo sesitatimende esedlule, sinikeza ngezansi amanye amagama ezinhlelo -Free noma eyimfihlo- esebenzisa imininingwane yolwazi ye-LDAP njenge-backend ukugcina zonke izinto zabo:

  • I-OpenLDAP
  • Iseva ye-Apache Directory
  • I-Red Hat Directory Server - 389 DS
  • Izinsiza Zesiqondisi Sika-Novell - iDirectory
  • ILANGA Microsystem Open DS
  • Umphathi we-Red Hat Identity
  • MahhalaIPA
  • Isilawuli se-Samba NT4 Classic Domain.
    Sifuna ukucacisa ukuthi lolu hlelo bekuwukuthuthuka kweThimba Samba ngeSamba 3.xxx + OpenLDAP njenge i-backend. IMicrosoft ayikaze isebenzise noma yini efana nayo. Kweqiwe kusuka ku-NT 4 Domain Controllers kuya kuzikhombisi zabo ezisebenzayo
  • I-Samba 4 Directory Directory - Isizinda Controler
  • Sula i-ClearOS
  • I-Zentyal
  • I-UCS Uninvention Corporate Server
  • I-Microsoft Active Directory

Ukuqaliswa ngakunye kunezici zako, futhi okujwayelekile kakhulu futhi okuhambisanayo yi- I-OpenLDAP.

I-Active Directory, kungaba yiMicrosoft yokuqala noma iSamba 4, yakha inyunyana yezinto eziyinhloko eziyizi:

Akufanele sididanise a Insiza Yezincwadi o Insiza Yohlu Lwemibhalo ene- I-Active Directory o Isiqondisi Esisebenzayo. Abangaphambili bangabamba ukuqinisekiswa kweKerberos noma cha, kodwa abayinikeli insizakalo yeMicrosoft Network enikezwa yiWindows Domain, futhi abanaso nesilawuli seWindows Domain.

I-Directory Service noma i-Directory Service ingasetshenziswa ukuqinisekisa abasebenzisi kwinethiwekhi exubile namakhasimende we-UNIX / Linux neWindows. Okokugcina, uhlelo kufanele lufakwe kwiklayenti ngalinye elisebenza njengomxhumanisi phakathi kwe-Directory Service kanye neklayenti leWindows uqobo, njengeFree Software. ikhasi.

Insizakalo Yezikhombisi nge-OpenLDAP

  • Siqala ngokufakwa okuhlanzekile -ngaphandle kwesibonisi sokuqhafaza- kwe-Debian 8 "Jessie", negama lomshini "master" elifanayo elisetshenziselwa ukufakwa kwe-NIS, kanye nokumiswa kwesixhumi esibonakalayo senethiwekhi kanye nefayela le / /etc/resolv.conf. Kule seva entsha sifaka i-ntp, bind9 ne-isc-dhcp-server, ngaphandle kokukhohlwa amasheke womhlaba wonke wokusebenza okulungile kwezinsizakalo ezintathu zangaphambilini.
impande @ master: ~ # aptitude install slapd ldap-utils

Ukucushwa kwephakheji

┌───────────────────┤ Ukumiswa kwe-Slapd │ │ Faka iphasiwedi yokungena komlawuli we-LDAP │ │ directory yakho. Password │ │ │ Iphasiwedi yomqondisi: │ │ │ │ ******** _________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────┘

Sihlola ukumiswa kokuqala

impande @ master: ~ # slapcat
dn: dc = swl, dc = fan
objectClass: top objectClass: dcObject objectClass: inhlangano o: swl.fan dc: swl kwesakhiwoObjectClass: ukungena kwenhlanganoUUID: c8510708-da8e-1036-8fe1-71d022a16904 creatorsName: cn = admin, dc = swl, dc = fan entry createTimestamp20170531205219: 20170531205219.833955 : 000000ZN000 ukungena Z # 000000 # 20170531205219 # XNUMX modifiersName: cn = admin, dc = swl, dc = fan modifyTimestamp: XNUMXZ

dn: cn = umphathi, dc = swl, dc = fan
objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin incazelo: LDAP umlawuli userPassword :: e1NTSEF9emJNSFU1R3l2OWVEN0pmTmlYOVhKSUF4ekY1bU9YQXc = structuralObjectClass: organizationalRole entryUUID: c851178e-da8fe1036e-entrySw8d-2-dm71c-022-entrySw16904e-da20170531205219fe-20170531205219.834422-entry-000000-fancimes-c000emp000000a20170531205219-entrySwXNUMX -cXNUMXempXNUMXeXNUMXpmTmlYOVhKSUXNUMX-entry-XNUMXc-XNUMX-f-XNUMX-entry-XNUMX-c-XNUMX-fcf-XNUMX-entry-XNUMX-cXNUMX-daXNUMXfe-XNUMX-entry-XNUMX-fancimes-entry-XNUMX-entry-ufr-ole ukungena: XNUMXZ # XNUMX # XNUMX # XNUMX modifiersName: cn = admin, dc = swl, dc = fan modifyTimestamp: XNUMXZ

Siguqula ifayela /etc/ldap/ldap.conf

impande @ master: ~ # nano /etc/ldap/ldap.conf
IBASE dc = swl, dc = fan URI    i-ldap: // i-localhost

Amayunithi Enhlangano kanye neqembu jikelele «abasebenzisi

Sengeza ubuncane bama-Units Organisational, kanye neqembu le-Posix «abasebenzisi» esizokwenza bonke abasebenzisi babe ngamalungu, ngokulandela isibonelo sezinhlelo eziningi ezineqembu «abasebenzisi«. Sikubiza ngegama le «abasebenzisi» ukuze singangeni ezingxabanweni ezingaba khona neqembu «umsebenzisi"yohlelo.

impande @ master: ~ # nano base.ldif
dn: ou = abantu, dc = swl, dc = fan objectClass: inhlanganoUnit ou: abantu dn: ou = amaqembu, dc = swl, dc = fan objectClass: organisationalUnit ou: amaqembu dn: cn = abasebenzisi, ou = amaqembu, dc = swl, dc = fan objectClass: posixGroup cn: abasebenzisi gidNumber: 10000

impande @ master: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f base.ldif
Faka iphasiwedi ye-LDAP: ukungeza ukungena okusha "ou = people, dc = swl, dc = fan" ukwengeza ukungena okusha "ou = amaqembu, dc = swl, dc = fan"

Sihlola okufakiwe okungeziwe

impande @ master: ~ # ldapsearch -x ou = people
# abantu, i-swl.fan dn: ou = abantu, i-dc = i-swl, i-dc = i-fan objectI-Class: inhlangano ye-Unit ou: abantu

impande @ master: ~ # ldapsearch -x ou = amaqembu
# amaqembu, swl.fan dn: ou = amaqembu, dc = swl, dc = fan objectIsigaba: inhlanganoUnit ou: amaqembu

impande @ master: ~ # ldapsearch -x cn = users
# abasebenzisi, amaqembu, swl.fan dn: cn = abasebenzisi, ou = amaqembu, dc = swl, dc = fan objectIsigaba: posixGroup cn: abasebenzisi gidInombolo: 10000

Sengeza abasebenzisi abaningana

Iphasiwedi okufanele siyimemezele ku-LDAP kufanele itholakale ngomyalo umabhebhana, ebuyisa iphasiwedi ebethelwe ye-SSHA.

Iphasiwedi yomsebenzisi inyathela:

impande @ master: ~ # slappasswd 
Iphasiwedi entsha: Faka kabusha iphasiwedi entsha: 
{SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp

Iphasiwedi yomsebenzisi we-legolas

impande @ master: ~ # slappasswd 
Iphasiwedi entsha: Faka kabusha iphasiwedi entsha: 
{SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD

Iphasiwedi yomsebenzisi we-gandalf

impande @ master: ~ # slappasswd 
Iphasiwedi entsha: Faka kabusha iphasiwedi entsha: 
{SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u

impande @ master: ~ # nano users.ldif
dn: uid = strides, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: strides cn: strides givenName: Strides sn: El Rey userPassword: {SSHA}Fn8Juihsr137u8KnxGTNPmnV8ai//0lp
UidNumber: 10000 gidInombolo: 10000 imeyili: trancos@swl.fan
gecos: Strider El Rey loginShell: / bin / bash homeDirectory: / home / strider dn: uid = legolas, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: legolas cn: legolas givenName : I-Legolas sn: Umsebenzisi we-ArcherIphasiwedi: {SSHA}rC50/W3kBmmDd+8+0Lz70vkGEu34tXmD
UidNumber: 10001 gidInombolo: 10000 imeyili: legolas@swl.fan
i-gecos: i-Legolas Archer loginShell: / bin / bash homeIkhombandlela: / home / legolas dn: uid = gandalf, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: gandalf cn: gandalf givenName: IGandalf sn: Umsebenzisi weWizard {SSHA} oIVFelqv8WIxJ40r12lnh3bp + SXGbV + u
UidNumber: 10002 gidInombolo: 10000 imeyili: gandalf@swl.fan
gecos: Gandalf IWizard loginShell: / bin / bash homeDirectory: / home / gandalf

impande @ master: ~ # ldapadd -x -D cn = admin, dc = swl, dc = fan -W -f users.ldif
Faka iphasiwedi ye-LDAP: ukwengeza ukungena okusha "uid = strides, ou = people, dc = swl, dc = fan" ukwengeza okufakiwe okusha "uid = legolas, ou = people, dc = swl, dc = fan" ukwengeza okufakiwe okusha "uid = gandalf, ou = abantu, dc = swl, dc = fan "

Sihlola okufakiwe okungeziwe

impande @ master: ~ # ldapsearch -x cn = igxathu
impande @ master: ~ # ldapsearch -x uid = igxathu

Siphatha i-slpad database ngezinsiza ze-console

Sikhetha iphakheji imibhalo ngomsebenzi onjalo. Inqubo yokufaka nokulungisa imi kanje:

impande @ master: ~ # ukufaneleka ukufaka i-ldapscript
 
impande @ master: ~ # mv /etc/ldapscript/ldapscript.conf
/etc/ldapscripts/ldapscripts.conf.original
 
impande @ master: ~ # nano /etc/ldapscripts/ldapscripts.conf
I-SERVER = i-localhost BINDDN = 'cn = admin, dc = swl, dc = fan' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = swl, dc = fan' GSUFFIX = 'ou = amaqembu' USUFFIX = 'ou = people' # MSUFFIX = 'ou = Computers' GIDSTART = 10001 UIDSTART = 10003 # MIDSTART = 10000 # OpenLDAP client orders LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixGroup "# . /ldapadduser.template "PASSWORDGEN =" echo% u "

Qaphela ukuthi imibhalo isebenzisa imiyalo yephakheji i-ldap-utils. Gijima dpkg -L ldap-utils | grep / bin ukwazi ukuthi ziyini.

impande @ master: ~ # sh -c "echo -n 'admin-password'> \
/etc/ldapscripts/ldapscript.passwd "
 
impande @ master: ~ # chmod 400 /etc/ldapscript/ldapscript.passwd
 
impande @ master: ~ # cp / usr/share/doc/ldapscript/examples/ldapadduser.template.sample \
/etc/ldapscripts/ldapadduser.template
 
impande @ master: ~ # nano /etc/ldapscripts/ldapadduser.template
dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: cn: igama elinikeziwe: sn: Bonisa igama: inombolo: gidNumber: 10000 homeIkhombandlela: ukungenaShell: imeyili: @ swl.fan ama-geckos: incazelo: I-Akhawunti Yomsebenzisi
 
impande @ master: ~ # nano /etc/ldapscripts/ldapscripts.conf
## sisusa amazwana UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"

Sifaka umsebenzisi "bilbo" futhi simenze ilungu leqembu "abasebenzisi"

izimpande @ master: ~ # abasebenzisi be-ldapadduser bilbo
[dn: uid = bilbo, ou = people, dc = swl, dc = fan] Faka inani le- "givenName": Bilbo [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Faka inani le- " sn ": Ama-Bagins [dn: uid = bilbo, ou = people, dc = swl, dc = fan] Faka inani le-" displayName ": Ama-Bilbo Bagins engeze ngempumelelo umsebenzisi we-bilbo ku-LDAP Setha ngempumelelo iphasiwedi yomsebenzisi we-bilbo

impande @ master: ~ # ldapsearch -x uid = bilbo
# bilbo, people, swl.fan dn: uid = bilbo, ou = people, dc = swl, dc = fan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bilbo cn: bilbo givenName: Bilbo sn: Bagins displayName: Bilbo Bagins uidNumber: 10003 gidNumber: 10000 homeDirectory: / home / bilbo loginShell: / bin / bash mail: bilbo@swl.fan
Incazelo ye-gecos: bilbo: I-Akhawunti Yomsebenzisi

Ukubona i-hashi ye-password yomsebenzisi we-bilbo, kuyadingeka ukwenza umbuzo ngokuqinisekisa:

impande @ master: ~ # ldapsearch -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo

Ukususa umsebenzisi we-bilbo esimkhiphayo:

impande @ master: ~ # ldapdelete -x -D cn = admin, dc = swl, dc = fan -W uid = bilbo, ou = people, dc = swl, dc = fan
Faka iphasiwedi ye-LDAP:

impande @ master: ~ # ldapsearch -x uid = bilbo

Siphatha i-slapd database ngokusebenzisa isikhombimsebenzisi sewebhu

Sine-Directory Service esebenzayo, futhi sifuna ukuyiphatha kalula. Kunezinhlelo eziningi ezenzelwe lo msebenzi, njenge phpldapadmin, ldap-akhawunti-umphathi, njll., ezitholakala ngqo ezinqolobaneni. Futhi singaphatha i-Directory Service ngokusebenzisa i- I-Apache Directory Studio, okufanele siyidawunilode kuyi-Internet.

Ngeminye imininingwane, sicela uvakashele https://blog.desdelinux.net/ldap-introduccion/, kanye nezihloko eziyisithupha ezilandelayo.

Iklayenti le-LDAP

Isiteji:

Ithi sineqembu imeyili.swl.fan njengoba iseva yeposi isetshenziswe njengoba sibonile ku-athikili I-Postfix + Dovecot + Squirrelmail nabasebenzisi bendawo, okuthi yize yathuthukiswa ku-CentOS, ingasebenza njengesiqondisi se-Debian namanye ama-Linux distros amaningi. Sifuna lokho, ngaphezu kwabasebenzisi bendawo esivele sibamemezele, abasebenzisi abagcinwe ku-database ye-OpenLDAP ekhona ku- master.swl.fan. Ukufeza lokhu kumele «ibalazwe»Kubasebenzisi be-LDAP njengabasebenzisi bendawo kuseva imeyili.swl.fan. Lesi sixazululo sisebenza futhi kunoma iyiphi insizakalo esuselwa ekuqinisekisweni kwe-PAM. Inqubo ejwayelekile ye- Debian, okulandelayo:

impande @ imeyili: ~ # aptitude install libnss-ldap libpam-ldap ldap-utils

  ┌────────────────────┤ Ukucushwa kwe- libnss-ldap In the Faka i-URI ("Isikhombi Sezisetshenziswa Ezingafani", noma │ │ Isikhombi Sezisetshenziswa Esingafani) seseva ye-LDAP. Le ntambo ifana ne- │ │ «ldap: //: / ». Ungasebenzisa futhi i- «│ama-ldaps: // » noma "ldapi: //". Inombolo ethekwini ingakhethwa. │ │ │ │ Kunconywa ukuthi kusetshenziswe ikheli le-IP ukugwema ukwehluleka lapho izinsizakalo zegama lesizinda │ │ zingatholakali. Server │ │ │ iseva ye-LDAP URI: │ │ │ │ ldap: //master.swl.fan__________________________________________________ │ │ │ │ │ └────────────────────────────────────────────── ───────────────────────────┘ ┌───────────────────── ┤ Ukucushwa kwe- libnss-ldap │ │ Faka igama elivelele (DN) lesisekelo sosesho se-LDAP. Amasayithi amaningi asebenzisa izingxenye zegama lesizinda ngale njongo ye- │ │. Isibonelo, i-domain "example.net" izosebenzisa │ │ "dc = example, dc = net" njengegama elivelele lesisekelo sosesho. │ │ │ │ Igama elihlonishwayo (DN) lesisekelo sosesho: │ │ │ │ dc = swl, dc = fan ____________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libnss-ldap │ │ Faka inguqulo yephrothokholi ye-LDAP okufanele i-ldapns isebenzise. Kuyanconywa │ │ ukusebenzisa inombolo yenguqulo ephezulu kakhulu etholakalayo. Uhlobo lwe-LDAP ongalusebenzisa: │ │ │ │                                     3                                     │ │ 2 │ │ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libnss-ldap │ │ Khetha ukuthi iyiphi i-akhawunti ezosetshenziselwa imibuzo ye-nss enamalungelo ezimpande ze-│.. │ │ │ │ Qaphela: Ukuze le nketho isebenze, i-akhawunti idinga izimvume ukuze ikwazi ukufinyelela izimfanelo ze-LDAP ezihlotshaniswa nokufakwa komsebenzisi "isithunzi" kanye namaphasiwedi wabasebenzisi namaqembu │ │ . │ │ │ │ I-akhawunti ye-LDAP yezimpande: │ │ │ │ cn = admin, dc = swl, dc = fan _______________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libnss-ldap │ │ Faka iphasiwedi ezosetshenziswa lapho i-libnss-ldap izama │ │ ukuqinisekisa kwisikhombi se-LDAP nge-akhawunti ye-LDAP eyimpande. │ │ │ │ Iphasiwedi izogcinwa kufayela elihlukile │ │ ("/etc/libnss-ldap.secret") okungafinyelelwa yimpande kuphela. │ │ │ │ Uma ufaka iphasiwedi engenalutho, iphasiwedi endala izophinda isetshenziswe. │ │ │ │ Iphasiwedi ye-akhawunti ye-LDAP eyimpande: │ │ │ │ ******** ____________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── ─┤ Ukucushwa kwe- libnss-ldap ├──────────────────────┐ │ │ │ nsswitch.conf ayiphathwa ngokuzenzakalela │ │ │ │ Kufanele ushintshe ifayela lakho "/etc/nsswitch.conf "ukusebenzisa insiza yedatha ye-LDAP uma ufuna ukuthi iphakethe le-libnss-ldap lisebenze. │ │ Ungasebenzisa isampula lefayela │ │ ku "/ usr/share/doc/libnss-ldap/examples/nsswitch.ldap" njengesibonelo sokumiswa kwe-nsswitch noma i- │ │ ongakopisha phezu kokucushwa kwakho kwamanje. │ │ │ │ Qaphela ukuthi ngaphambi kokukhipha le phakheji kungahle kube lula │ │ ukususa okufakiwe kwe- "ldap" kufayela le-nsswitch.conf ukuze izinsizakalo eziyisisekelo │ │ ziqhubeke nokusebenza. │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libpam-ldap │ │ │ │ Le nketho ivumela amathuluzi wephasiwedi asebenzisa i-PAM ukushintsha amaphasiwedi asendaweni. │ │ │ │ Iphasiwedi ye-akhawunti yomlawuli we-LDAP izogcinwa kufayela elihlukile le- │ │ elingafundwa ngumlawuli kuphela. │ │ │ │ Le nketho kufanele ikhutshazwe, uma ifaka "/ njll" ngeNFS. │ │ │ │ Ngabe ufuna ukuvumela i-akhawunti yomlawuli we-LDAP ukuthi iziphathe njengo-│ │ umphathi wendawo? │ │ │                                            │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libpam-ldap │ │ │ │ Khetha ukuthi ngabe iseva ye-LDAP iphoqa ukuhlonza ngaphambi kokuthola okufakiwe kwe- entradas │. Setting │ │ │ Lokhu kulungiselelwa akuvamile ukuthi kudingeke. │ │ │ │ Ngabe umsebenzisi uyadingeka ukufinyelela ku-database ye-LDAP? │ │ │                                               │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libpam-ldap │ Faka igama le-akhawunti yomlawuli we-LDAP. │ │ │ │ Le akhawunti izosetshenziselwa ngokuzenzakalela ukuphathwa kwedatha │ │ ngakho-ke kufanele ibe namalungelo afanele okuphatha. │ │ │ │ I-akhawunti yomlawuli we-LDAP: │ │ │ │ cn = admin, dc = swl, dc = fan _______________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘ ┌─────────────────── ──┤ Ukucushwa kwe- libpam-ldap │ │ Faka iphasiwedi ye-akhawunti yomlawuli. │ │ │ │ Iphasiwedi izogcinwa kufayela "/etc/pam_ldap.secret". Umlawuli we-│ │ kuzoba yedwa okwazi ukufunda leli fayela, futhi uzovumela i- pam │ libpam-ldap ukulawula ngokuzenzakalela ukuphathwa kokuxhumeka ku-database ye-│ │. │ │ │ │ Uma ushiya le nkambu ingenalutho, iphasiwedi eyedlule elondoloziwe │ │ izosetshenziswa futhi. Password │ │ │ Iphasiwedi yomlawuli we-LDAP: │ │ │ │ ******** _________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

impande @ imeyili: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Isibonelo sokucushwa kokusebenza kwe-GNU Name Service Shintsha. # Uma unamaphakeji athi `glibc-doc-reference 'and` info', zama: #` info libc "Name Service switch" 'ukuthola ulwazi ngaleli fayela. passwd: ikhosi ldap
iqembu: i-compat ldap
isithunzi: i-compat ldap
gshadow: ukusingathwa kwamafayela: amanethiwekhi wefayela dns: izivumelwano zamafayela: izinsiza zamafayela e-db: amafayela we-db ethers: amafayela we-db rpc: amafayela we-db

Ake sihlele ifayela /etc/pam.d/okuvamile-iphasiwedi, siya kulayini 26 futhi sisuse inani «sebenzisa_authtok":

impande @ imeyili: ~ # nano /etc/pam.d/common-password
# # /etc/pam.d/common-password - amamojula ahlobene nephasiwedi ajwayelekile kuwo wonke amasevisi # # Leli fayela lifakiwe kusuka kwamanye amafayela wokuhlela we-PAM, # futhi kufanele abe nohlu lwamamojula achaza ukuthi izinsizakalo kufanele zibe # isetshenziselwe ukushintsha amaphasiwedi omsebenzisi. Okuzenzakalelayo yi-pam_unix. # Incazelo yezinketho ze-pam_unix: # # Inketho ye- "sha512" inika amandla amaphasiwedi we-SHA512 anosawoti. Ngaphandle kwalolu khetho, # okuzenzakalelayo yi-Unix crypt. Ukukhishwa kwangaphambilini kusetshenziswe inketho "md5". # # Inketho "engabonakali" ingena esikhundleni senketho endala ye-`OBSCURE_CHECKS_ENAB 'ku- # login.defs. # # Bona iphepha le-pam_unix ukuthola ezinye izinketho. # Kusukela ku-pam 1.0.1-6, leli fayela liphethwe yi-pam-auth-update ngokuzenzakalela. # Ukusizakala ngalokhu, kunconywa ukuthi ulungiselele noma yimaphi amamojula angu- # angaphambi noma ngemuva kwebhulokhi elizenzakalelayo, bese usebenzisa i- # pam-auth-update ukuphatha ukukhethwa kwamanye amamojula. Bona i- # pam-auth-update (8) ngemininingwane. # nanka amamojula ephakeji ngalinye (iphasiwedi "yebhulokhi" ye-block [impumelelo = 2 okuzenzakalelayo = ukunganaki] pam_unix.so kufihliwe sha512
iphasiwedi [success = 1 user_unknown = ignore the default = die] pam_ldap.so zama_first_pass
# nakhu ukubuyela emuva uma ingekho imodyuli elandela iphasiwedi edingekayo pam_deny.so # kuqala isitaki ngenani lokubuyisa elihle uma ingekho eyodwa; # lokhu kusigwema ukuthi sibuyise iphutha ngoba akukho okubeka ikhodi yokuphumelela # ngoba amamojula angenhla ngamunye azovele azungeze iphasiwedi edingekayo pam_permit.so # futhi nanka amamojula amaningi wephakeji ngalinye (ibhlokhi "Engeziwe") # ukuphela kwe-pam- isibuyekezo se-auth-update

Uma kwenzeka sidinga ukungena kwangaphakathi kwabasebenzisi okugcinwe ku-LDAP, futhi sifuna ukuthi amafolda abo adalwe ngokuzenzakalela ikhaya, kufanele sihlele ifayela /etc/pam.d/common-session bese ufaka umugqa olandelayo ekugcineni kwefayela:

isikhathi sokuzikhethela pam_mkhomedir.so skel = / etc / skel umask = 077

Esibonelweni se-OpenLDAP Directory Service esakhiwe ngaphambili, ukuphela komsebenzisi wasendaweni owadalwa ngumsebenzisi buzz, ngenkathi sikwi-LDAP sakha abasebenzisi igxathu, i-legolas, i-gandalf, futhi bilbo. Uma ukulungiselelwa okwenziwe kuze kube manje kulungile, lapho-ke kufanele sikwazi ukufaka kuhlu abasebenzisi bendawo nalabo ababalulwe njengabendawo kepha abagcinwe kuseva ekude ye-LDAP:

impande @ imeyili: ~ # getent passwd 
i-buzz: x: 1001: 1001: I-Buzz Debian First OS ,,,: / ikhaya / i-buzz: / bin / bash
Iziteleka: x: 10000: 10000: Iziteleka El Rey: / home / strides: / bin / bash
i-legolas: x: 10001: 10000: I-Legolas Archer: / ikhaya / i-legolas: / bin / bash
gandalf: x: 10002: 10000: Gandalf Isangoma: / home / gandalf: / bin / bash
bilbo: x: 10003: 10000: bilbo: / home / bilbo: / bin / bash

Ngemuva kwezinguquko ekuqinisekisweni kohlelo, kuvumelekile ukuqala kabusha iseva ngaphandle kwalokho sibhekene nensizakalo ebucayi:

impande @ imeyili: ~ # qala kabusha

Kamuva siqala iseshini yendawo kuseva imeyili.swl.fan ngemininingwane yomsebenzisi egcinwe ku-database ye-LDAP ye- master.swl.fan. Singazama futhi ukungena ngemvume nge-SSH.

 

buzz @ sysadmin: ~ $ ssh gandalf @ imeyili
Iphasiwedi ye-gandalf @ imeyili: Ukwenza umkhombandlela '/ ikhaya / gandalf'. Izinhlelo ezifakwe ohlelweni lwe-Debian GNU / Linux ziyisoftware yamahhala; imigomo eqondile yokusatshalaliswa kohlelo ngalunye ichazwe kumafayili ngamanye ku / usr / share / doc / * / copyright. I-Debian GNU / Linux iza ne-ABSOLUTELY NO WARRANTY, kuze kufike ezingeni elivunyelwe umthetho osebenzayo.
gandalf @ imeyili: ~ $ su
I-Contraseña:

izimpande @ imeyili: / ikhaya / gandalf # iqembu lokungena
i-buzz: x: 1001: abasebenzisi: *: 10000:

impande @ imeyili: / ikhaya / gandalf # ukuphuma
Phuma

gandalf @ imeyili: ~ $ ls -l / home /
inani elingu-8 drwxr-xr-x 2 i-buzz buzz     4096 Jun 17 12:25 buzz drwx ------ 2 abasebenzisi be-gandalf 4096 Jun 17 13:05 gandalf

I-Directory Service esebenze ezingeni leseva nelamakhasimende, isebenza kahle.

I-Kerberos

Kusuka kuWikipedia:

  • I-Kerberos yiphrothokholi yokufakazela ubuqiniso yenethiwekhi yekhompyutha eyenziwe yi MIT evumela amakhompyutha amabili kunethiwekhi engavikelekile ukufakazela ngokuphepha ubunikazi bawo komunye nomunye. Abaqambi bayo baqale bagxila kumodeli ye-client-server, futhi inikezela ukufakazela ubuqiniso bobabili: womabili amaklayenti neseva aqinisekisa ubunikazi bomunye nomunye. Imiyalezo yokufakazela ubuqiniso ivikelwe ukuvikela ukulalela indlebe y phinda uhlasele.

    I-Kerberos isuselwa ku-cryptography yokhiye ohambisanayo futhi idinga umuntu wesithathu othembekile. Ngaphezu kwalokho, kunezandiso ku-protocol ukuze zikwazi ukusebenzisa i-asymmetric key cryptography.

    I-Kerberos isuselwa ku Iphrothokholi ye-Needham-Schroeder. Isebenzisa umuntu wesithathu othembekile, obizwa nge- "Key Distribution Center" (KDC), equkethe izingxenye ezimbili eziqondakalayo ezinengqondo: i- "Authentication Server" (AS noma i-Authentication Server) kanye ne- «ithikithi ekhipha iseva» (i-TGS noma i-Ticket Granting Server ). I-Kerberos isebenza ngesisekelo "samathikithi", akhonza ukufakazela ubunikazi babasebenzisi.

    IKerberos igcina imininingwane yokhiye abayimfihlo; Ibhizinisi ngalinye kunethiwekhi - kungaba iklayenti noma iseva - labelana ngokhiye oyimfihlo owaziwa wedwa kuphela noKerberos. Ulwazi lwale khiye lusebenza ukufakazela ubunikazi bebhizinisi. Ukuxhumana phakathi kwezinhlangano ezimbili, iKerberos ikhiqiza ukhiye weseshini, abangayisebenzisa ukuvikela izinkinga zabo.

Okubi kweKerberos

De Kuthuthukisiwe:

Noma kunjalo I-Kerberos iqeda usongo olujwayelekile lwezokuphepha, kungaba nzima ukukusebenzisa ngezizathu ezahlukahlukene:

  • Ukuhambisa amaphasiwedi womsebenzisi kusuka ku-database ejwayelekile ye-password UNIX, njenge / etc / passwd or / etc / shadow, ku-database ye-Kerberos password, kungaba yisicefe futhi ayikho indlela esheshayo yokufeza lo msebenzi.
  • I-Kerberos ithatha ukuthi umsebenzisi ngamunye uyathenjwa, kepha usebenzisa umshini ongathenjiwe kunethiwekhi engathembekile. Inhloso yalo enkulu ukuvikela amaphasiwedi angabhalwanga ukuthi angathunyelwa ngenethiwekhi. Kodwa-ke, uma omunye umsebenzisi, ngaphandle komsebenzisi ofanele, ekwazi ukufinyelela umshini wethikithi (i-KDC) wokuqinisekiswa, iKerberos ingaba Sengozini.
  • Ukuze uhlelo lokusebenza lusebenzise i-Kerberos, ikhodi kufanele iguqulwe ukwenza amakholi afanele kwimitapo yolwazi yaseKerberos. Izicelo eziguqulwa ngale ndlela zithathwa njengezibiwe. Kwezinye izinhlelo zokusebenza, lokhu kungaba ngumzamo wokuqamba ngokweqile wohlelo, ngenxa yosayizi wohlelo lokusebenza noma uMklamo walo. Kwezinye izinhlelo zokusebenza ezingahambelani, kufanele kwenziwe izinguquko endleleni iseva yenethiwekhi namakhasimende ayo exhumana ngayo; futhi, lokhu kungathatha kancane uhlelo. Ngokuvamile, izinhlelo zokusebenza zomthombo ovaliwe ezingenakho ukwesekwa kweKerberos imvamisa ziyinkinga kakhulu.
  • Ekugcineni, uma uthatha isinqumo sokusebenzisa iKerberos kunethiwekhi yakho, kufanele wazi ukuthi konke kungukukhetha konke noma akukho. Uma uthatha isinqumo sokusebenzisa i-Kerberos kunethiwekhi yakho, kufanele ukhumbule ukuthi uma kukhona amaphasiwedi adluliselwe kusevisi engasebenzisi i-Kerberos ukugunyaza, ubeka engcupheni yokuthi iphakethe lingabanjwa. Ngakho-ke, inethiwekhi yakho ngeke ithole nzuzo ngokusebenzisa i-Kerberos. Ukuvikela inethiwekhi yakho ngeKerberos, kufanele usebenzise kuphela izinguqulo ezinamakhompiyutha azo zonke izinhlelo zeklayenti / zeseva ezithumela amaphasiwedi angabhalwanga noma angasebenzisi noma yiziphi zalezi zinhlelo zokusebenza kunethiwekhi.

Ukwenza mathupha nokulungisa i-OpenLDAP njengeKerberos Back-End akuyona umsebenzi olula. Kodwa-ke, ngokuhamba kwesikhathi sizobona ukuthi iSamba 4 Active Directory - Domain Controller ihlangana ngendlela esobala yeSysadmin, iseva ye-DNS, iMicrosoft Network neDomain Controller yayo, iseva ye-LDAP njenge-Back-End cishe zonke izinto zayo, kanye insizakalo yokufakazela ubuqiniso esekwe ku-Kerberos njengezinto eziyisisekelo zohlu lwemibhalo olusebenzayo lwesitayela se-Microsoft.

Kuze kube manje besingenaso isidingo sokusebenzisa i- "Kerberized Network". Kungakho singabhalanga ngendlela yokusebenzisa iKerberos.

I-Samba 4 Directory Esebenzayo - Isilawuli Sesizinda

Okubalulekile:

Akukho mibhalo engcono ukwedlula isayithi wiki.samba.org. ISysadmin efanele usawoti wayo kufanele ivakashele leyo sayithi - ngesiNgisi- bese ibhekabheka inani elikhulu lamakhasi azinikele ngokuphelele kuSamba 4, abhalwe yiTeam Samba uqobo. Angikholwa ukuthi kunemibhalo etholakalayo kwi-Intanethi ukuyishintsha. By the way, bheka inani lokuvakashelwa okuboniswe ezansi kwekhasi ngalinye. Isibonelo salokhu ukuthi ikhasi lakho eliyinhloko noma i- «Main Page» livakashelwe 276,183 izikhathi kuze kube namuhla ngoJuni 20, 2017 ngo-10: 10 Isikhathi Esijwayelekile saseMpumalanga. Ngaphezu kwalokho, imibhalo igcinwa isesikhathini kakhulu, njengoba lelo khasi laguqulwa ngoJuni 6.

Kusuka kuWikipedia:

I-Samba ukuqaliswa kwamahhala kwe-Microsoft Windows File Sharing Protocol (eyayibizwa nge-SMB, esanda kuqanjwa kabusha i-CIFS) yezinhlelo ezifana ne-UNIX. Ngale ndlela, kungenzeka ukuthi amakhompyutha ane-GNU / Linux, Mac OS X noma i-Unix ngokujwayelekile abukeke njengamaseva noma asebenze njengamakhasimende kumanethiwekhi weWindows. I-Samba futhi ivumela ukuqinisekisa abasebenzisi njenge-Primary Domain Controller (PDC), njengelungu lesizinda, futhi nanjengesizinda soHlelo Olusebenzayo lamanethiwekhi asekelwe ku-Windows; Ngaphandle kokukwazi ukusebenzela ulayini wokuphrinta, izinkomba ezabiwe futhi uqinisekise ngesilondolozi sayo somsebenzisi.

Phakathi kwezinhlelo ezifana ne-Unix lapho i-Samba ingasebenza khona kukhona ukusatshalaliswa kwe-GNU / Linux, iSolaris kanye nokuhlukahluka okuhlukile kwe-BSD phakathi ukuthi singathola i-Apple Mac OS X Server.

I-Samba 4 AD-DC ene-DNS yangaphakathi

  • Siqala ngokufakwa okuhlanzekile -ngaphandle kwesibonisi sokuqhafaza- kwe-Debian 8 "Jessie".

Ukuhlolwa kokuqala

impande @ master: ~ # igama lomgcini
master
impande @ master: ~ # igama lomethuleli --fqdn
master.swl.fan
impande @ master: ~ # ip addr
1: yini: umuntu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1 inet 8/6 scope host lo valid_lft forever preferred_lft forever inet1 :: 128/2 ububanzi bokubamba i-valid_lft unomphela oyithandayo_lft unomphela 0: eth1500: umuntu 1000 qdisc pfifo_fast state UNKNOWN group default qlen 00 link / ether 0: 29c: 80: 3: 3b: XNUMXf brd ff: ff: ff: ff: ff: ff
    inet 192.168.10.5/24 brd 192.168.10.255 ububanzi global eth0
       I-valid_lft uncamela unomphela_lft unomphela inet6 fe80 :: 20c: 29ff: fe80: 3b3f / 64 scope link valid_lft forever preferred_lft forever
impande @ master: ~ # ikati /etc/resolv.conf
sesha i-swl.fan nameserver 127.0.0.1
  • Esimemezela ngalo igatsha main kuphela, kungaphezu kokwanele izinhloso zethu.
impande @ master: ~ # ikati /etc/apt/source.list
i-deb http://192.168.10.1/repos/jessie-8.6/debian/ jessie main
i-deb http://192.168.10.1/repos/jessie-8.6/debian/security/ jessie / izibuyekezo main

I-Postfix nge-Exim nezinsiza

impande @ master: ~ # ukufaneleka ukufaka i-postfix htop mc deborphan

  Conf Ukucushwa kwe-Postfix ├───────────────────── │ │ Khetha uhlobo lokumiswa kweseva yeposi olulungele izidingo zakho ze- │ │. │ │ │ │ Akukho ukumiswa: │ │ Kugcina ukumiswa kwamanje kuphelele. Site │ Isiza se-Inthanethi: │ │ Imeyili ithunyelwa futhi yamukelwe ngqo kusetshenziswa i-SMTP. │ │ Inthanethi nge «smarthost»: │ │ Imeyili yamukelwa ngqo kusetshenziswa i-SMTP noma ngokusebenzisa ithuluzi le-como like njenge «fetchmail». Imeyili ephumayo ithunyelwa kusetshenziswa │ │ a "smarthost". Mail │ Imeyili yasendaweni kuphela: │ │ Okuwukuphela kweposi elethwayo elenzelwe abasebenzisi bendawo. Cha │ │ kukhona inethiwekhi. │ │ │ │ Uhlobo olujwayelekile lokumiswa kweposi: │ │ │ │ Alukho ukumiswa │ │ Isiza se-inthanethi │ │ I-inthanethi ene- "smarthost" │ system Isethelayithi uhlelo │ │                         Imeyili yasendaweni kuphela                                │ │ │ │ │ │                                     │ │ └────────────────────────────────────────────── ────────────────────────────┘ ┌──────────────────── Conf Ukucushwa kwe-Postfix ├─────────────────────────┐ │ "Igama lesistimu yeposi" igama lesizinda │ Used isetshenziselwa "ukufaneleka" _ALL_ amakheli e-imeyili ngaphandle kwegama lesizinda. Lokhu kufaka phakathi iposi eliya noma eliya "empandeni": sicela ungenzi ama-máquina │ umshini wakho uthumele ama-imeyili kusuka izimpande@example.org ku- │ │ ngaphansi kuka- izimpande@example.org kubuza. Programs │ │ │ Ezinye izinhlelo zizosebenzisa leli gama. Kumele kube igama eliyingqayizivele lesizinda se-│ │ eliqeqeshiwe (FQDN). │ │ │ │ Ngakho-ke, uma ikheli le-imeyili kumshini wendawo lingu- │ │ okuthile@example.org, inani elifanele lale nketho lizoba yisibonelo.org. │ │ │ │ Igama lesistimu yeposi: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ─────────────────────────────┘  

Siyahlanza

impande @ master: ~ # ukufaneleka purge ~ c
impande @ master: ~ # aptitude install -f
impande @ master: ~ # ukufaneleka kuhlanzekile
impande @ master: ~ # i-aptitude autoclean

Sifaka izidingo zokuhlanganisa iSamba 4 ne amanye amaphakheji adingekayo

impande @ master: ~ # ukufaneleka ukufaka i-acl attr autoconf bison \
ukwakha okubalulekile kokudonsela phansi kwednsutils docbook-xml docbook-xsl flex gdb \
i-krb5-umsebenzisi libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
i-libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
i-libpopt-dev libreadline-dev perl perl-modules pkg-config \
I-python-all-dev python-dev python-dnspython python-crypto
xsltproc zlib1g-dev libgpgme11-dev python-gpgme python-m2crypto
amabhulet28-dbg gnutls-dev I-ldap-utils krb5-config

 ┌───────────────┤ Ukulungiselela ukuqinisekiswa kweKerberos ├───────────────┐ │ Lapho abasebenzisi bezama ukusebenzisa iKerberos futhi bacacise igama │ │ uthishanhloko noma umsebenzisi ngaphandle kokucacisa ukuthi isizinda somphathi se-Kerberos siyinhloko yiphi, │, uhlelo luthatha indawo ezenzakalelayo │ │.  Umbuso ozenzakalelayo ungasetshenziswa futhi njengombuso │ │ wensizakalo yeKerberos esebenza kumshini wendawo.  │ │ Ngokuvamile, indawo ezenzakalelayo yigama elingunobumba wesizinda sendawo se-DNS │ │.  │ │ │ │ Kerberos version 5 indawo ezenzakalelayo: │ │ │ │ SWL.FAN __________________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────┤ ┌───────────────┤ Ilungiselela ukuqinisekiswa kweKerberos │ │ Faka amagama amaseva weKerberos ku-SWL.FAN indawo ye-│ │ Kerberos, ehlukaniswe ngezikhala.  │ │ │ │ amaseva we-Kerberos embusweni wakho: │ │ │ │ master.swl.fan ___________________________________________________________ │ │ │ │ │ │ └────────────────────────────────────────────── ┌───────────────┤ ┌───────────────┤ Ilungiselela ukuqinisekiswa kweKerberos │ Faka igama le-server lokuphatha (ushintsho lwephasiwedi) │ │ lombuso weKerberos SWL.FAN.   

Inqubo engenhla ithathe isikhashana ngoba asinazo izinsizakalo ze-DNS ezifakiwe okwamanje. Noma kunjalo, ukhethe isizinda kahle ngezilungiselelo zefayela / njll / amabamba. Khumbula lokho kufayela /etc/resolv.conf simemezele njengeseva yegama lesizinda ku-IP 127.0.0.1.

Manje sesilungiselela ifayela le- / etc / ldap / ldap / conf

impande @ master: ~ # nano /etc/ldap/ldap.conf
IBASE dc = swl, dc = fan URI ldap: //master.swl.fan

Ngemibuzo usebenzisa umyalo ldapsearch ezenziwe kumsebenzisi wezimpande zohlobo I-ldapsearch -x -W cn = xxxx, kufanele sakhe ifayili /impande/.ldapsearc ngokuqukethwe okulandelayo:

impande @ master: ~ # nano .ldaprc
I-BINDDN CN = Umphathi, CN = Abasebenzisi, DC = swl, DC = fan

Uhlelo lwefayela kufanele lusekele i-ACL - Uhlu Lokulawula Ukufinyelela

impande @ master: ~ # nano / etc / fstab
# / etc / fstab: imininingwane yohlelo lwefayela le-static. # # Sebenzisa i-'blkid 'ukuphrinta okokuhlonza okuhlukile emhlabeni jikelele kwedivayisi engu- #; lokhu kungasetshenziswa ne-UUID = njengendlela enamandla yokuqamba amadivayisi # asebenzayo noma ngabe amadiski ayengezwa futhi asuswa. Bona i-fstab (5). # # # / was on / dev / sda1 ngesikhathi sokufakwa UUID = 33acb024-291b-4767-b6f4-cf207a71060c / ext4 i-user_xattr, i-acl, isithiyo = 1, isikhathi sasemini, amaphutha = i-remount-ro 0 1
# swap was on / dev / sda5 ngesikhathi sokufakwa UUID = cb73228a-615d-4804-9877-3ec225e3ae32 none swap sw 0 0 / dev / sr0 / media / cdrom0 udf, iso9660 user, noauto 0 0

impande @ master: ~ # ukukhweza -a

impande @ master: ~ # touch testing_acl.txt
impande @ master: ~ # setfattr -n user.test -v test test_acl.txt
impande @ master: ~ # setfattr -n security.test -v test2 test_acl.txt
impande @ master: ~ # getfattr -d testing_acl.txt
# ifayela: testing_acl.txt user.test = "test"

impande @ master: ~ # getfattr -n security.test -d testing_acl.txt
# ifayela: testing_acl.txt security.test = "test2"

impande @ master: ~ # setfacl -mg: adm: rwx testing_acl.txt

impande @ master: ~ # getfacl testing_acl.txt
# ifayela: test_acl.txt # umnikazi: izimpande # iqembu: umsebenzisi wezimpande :: rw- iqembu :: r-- iqembu: adm: rwx mask :: rwx other :: r--

Sithola umthombo weSamba 4, siwuhlanganise, bese siwufaka

Kunconywa kakhulu ukulanda ifayili lomthombo wenguqulo Iqinile kusuka kusayithi https://www.samba.org/. Esibonelweni sethu silanda inguqulo samba-4.5.1.tar.gz ubheke kufolda / opt.

impande @ master: ~ # cd / opt
impande @ master: / opt # wget https://download.samba.org/pub/samba/stable/samba-4.5.1.tar.gz
impande @ master: / opt # tar xvfz samba-4.5.1.tar.gz
impande @ master: / opt # cd samba-4.5.1 /

Izinketho zokuhlela

Uma sifuna ukwenza ngokwezifiso izinketho zokumisa, sisebenzisa:

impande @ master: /opt/samba-4.5.1# ./configure --help

futhi ngokukhulu ukucophelela khetha lezo esizidingayo. Kunconywa ukuthi uhlole ukuthi ngabe iphakethe elilandiwe lingafakwa ekusabalalisweni kwe-Linux esikusebenzisayo, okuthi thina kube yi-Debian 8.6 Jessie:

impande @ master: /opt/samba-4.5.1# ./configure qhafaza

Silungiselela, sihlanganisa futhi sifake i-samba-4.5.1

  • Kusuka kuzimfuneko ezifakwe ngaphambilini namafayela angama-8604 (akha i-compact samba-4.5.1.tar.gz) anesisindo esingama-megabyte ayi-101.7 -kubandakanya amafolda e-source3 nama-source4 anesisindo esingama-megabytes ayi-61.1- sizothola okunye esikhundleni se Isitayela Esisebenzayo seMicrosoft, esekhwalithi kanye nokuqina okungaphezu kokwamukelekayo kunoma iyiphi indawo yokukhiqiza. Kufanele sigqamise umsebenzi weThimba Samba ekuletheni iFree Software Samba 4.

Imiyalo engezansi ingeyakudala yokuhlanganisa nokufaka amaphakheji emithonjeni yabo. Kufanele sibekezele ngenkathi yonke inqubo isekhona. Yindlela kuphela yokuthola imiphumela evumayo nenembile.

impande @ master: /opt/samba-4.5.1# ./configure --with-systemd izinkomishi ezingabizi
impande @ master: /opt/samba-4.5.1# ukwenza
impande @ master: /opt/samba-4.5.1# yenza ukufaka

Ngesikhathi senqubo yomyalo ukwenza, siyabona ukuthi imithombo ye-Samba 3 ne-Samba 4 ihlanganisiwe. Yingakho i-Team Samba iqinisekisa ukuthi inguqulo yayo engu-4 ingukuvuselelwa kwemvelo kwenguqulo 3, zombili ze-Domain Controllers ezisuselwa ku-Samba 3 + OpenLDAP, nama-server server, noma ngaphezulu izinhlobo zeSamba 4.

Ukunikezela ngeSamba

Sizosebenzisa njenge-DNS the SAMBA_INTERNAL. e https://wiki.samba.org/index.php?title=Samba_Internal_DNS_Back_End sizothola eminye imininingwane. Lapho besicela iphasiwedi yomsebenzisi we-Administrator, kufanele sithayiphe ubuncane bobude obuncane bezinhlamvu eziyi-8 futhi nezinhlamvu - izinhlamvu eziphezulu nezincane - nezinombolo.

Ngaphambi kokuqhubeka nokuhlinzekelwa nokwenza impilo ibe lula, sifaka ifayela le- indlela okwenziwa yi-Samba kufayela lethu .bashrcNgemuva kwalokho siyavala bese singena ngemvume futhi.

impande @ master: ~ # nano .bashrc
# ~ / .bashrc: yenziwe yi-bash (1) yamagobolondo angangeni ngemvume. # Qaphela: I-PS1 ne-umask sezivele zisethwe ku- / etc / profile. Akufanele # udinga lokhu ngaphandle kokuthi ufuna okuzenzakalelayo okwehlukile kwempande. # PS1 = '$ {debian_chroot: + ($ debian_chroot)} \ h: \ w \ $' # umask 022 # Ungasusa umugqa kulayini olandelayo uma ufuna ukuthi `ls 'ifakwe umbala: # thekelisa i-LS_OPTIONS =' - umbala = auto '# eval "` dircolors` "# alias ls =' ls $ LS_OPTIONS '# alias ll =' ls $ LS_OPTIONS -l '# alias l =' ls $ LS_OPTIONS -lA '# # Ezinye izibizo zokugwema ukwenza amaphutha: # alias rm = 'rm -i' # alias cp = 'cp -i' # alias mv = 'mv -i'
memezela -x PATH = "/ usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: \ / sbin: / bin: / usr / local / samba / sbin: / usr / local / samba / bin "

impande @ master: ~ # ukuphuma kokuphuma kokuxhuma ku-master kuvaliwe. xeon @ sysadmin: ~ $ ssh izimpande @ master

impande @ master: ~ # samba-ithuluzi lokuhlinzekwa kwesizinda --use-rfc2307 --interactive
Umbuso [SWL.FAN]: I-SWL.FAN
 Isizinda [SWL]: I-SWL
 Indima Yeseva (dc, ilungu, ezimele yodwa) [dc]: dc
 Ukubuyela emuva kwe-DNS (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
 Ikheli le-IP lokudlulisela phambili le-DNS (bhala 'none' ukuze ukhubaze ukudluliselwa phambili) [192.168.10.5]: 8.8.8.8
Iphasiwedi yomlawuli: I-TuPassword2017
Thayipha kabusha iphasiwedi: I-TuPassword2017
Ukubheka amakheli e-IPv4 Ukubheka amakheli e-IPv6 Alikho ikheli le-IPv6 elizonikezwa Ukusetha i-share.ldb Ukusetha izimfihlo.ldb Ukusetha irejista Ukusetha i-database yamalungelo Ukusetha i-idmap db Ukusetha i-SAM db Ukusetha ukwahlukanisa kwe-sam.ldb nezilungiselelo Ukusetha up sam.ldb rootDSE Kulayishwa kuqala i-schema Samba 4 ne-AD Ukungeza i-DomainDN: DC = swl, DC = fan Ukungeza isitsha sokumisa Ukusetha i-sam.ldb schema Ukusetha idatha yokumiswa kwe-sam.ldb Ukusetha ama-specifiers wokubonisa Ukushintsha imininingwane yokubonisa Ukungeza isitsha sabasebenzisi Ukuguqula isitsha sabasebenzisi Ukungeza isitsha samakhompyutha Ukuguqula isitsha samakhompyutha Ukusetha idatha ye-sam.ldb Ukusetha othishanhloko bezokuphepha abaziwayo Ukusetha abasebenzisi be-sam.ldb namaqembu Ukuzibophezela ukujoyina Ukungeza ama-akhawunti e-DNS Ukudala i-CN = MicrosoftDNS, CN = System, DC = swl, DC = fan Ukwakha ama-DomainDnsZones neForestDnsZones ukwahlukaniswa kwe-Populating DomainDnsZones neForestDnsZones ukwahlukanisa Ukusetha ukumaka kwe-sam.ldb rootDSE njengama-GUID wokuhlinzeka ngokuvumelanisaUkucushwa kweKerberos efanele iSamba 4 kukhiqizwe ku- / usr/local/samba/private/krb5.conf Ukusetha amasethingi enkohliso eyp server Uma nje amafayela angenhla efakiwe, iseva yakho ye-Samba4 izobe isilungele ukusebenzisa i-Server Role: domain directory directory isilawuli Igama lomethuleli: isizinda se-master NetBIOS: I-SWL DNS Domain: swl.fan DOMAIN SID: S-1-5-21-32182636-2892912266-1582980556

Masingakhohlwa ukukopisha ifayela lokumiswa kweKerberos njengoba kukhonjisiwe ngokukhishwa kwefayela le- Ukuhlinzekela:

impande @ master: ~ # cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

Ukungathayiphi umyalo ithuluzi le-samba ngegama lakho eligcwele, sakha isixhumanisi esingokomfanekiso negama elifushane ithuluzi:

impande @ master: ~ # ln -s / usr / wendawo / samba / bin / samba-tool / usr / local / samba / bin / tool

Sifaka i-NTP

Ucezu olubalulekile ku-Directory Osebenzayo yi-Network Time Service. Njengoba ukuqinisekiswa kwenziwa nge-Kerberos namathikithi ayo, ukuvumelanisa kwesikhathi ne-Samba 4 AD-DC kubalulekile.

impande @ master: ~ # aptitude install ntp
impande @ master: ~ # mv /etc/ntp.conf /etc/ntp.conf.original

impande @ master: ~ # nano /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift ntpsigndsocket / usr / local / samba / var / lib / ntp_signd statistics loopstats peerstats clockstats filegen loopstats file loopstats type day sikwazi filegen peerstats file peerstats type day sikwazi filegenstats file clockstats iwashi day day sikwazi iseva 192.168.10.1.

impande @ master: ~ # service ntp restart
impande @ master: ~ # service ntp status

impande @ master: ~ # umsila -f / var / log / syslog

Uma uhlola i- syslog usebenzisa umyalo ongenhla noma usebenzisa iphephabhuku -f sithola umyalezo:

UJun 19 12:13:21 master ntpd_intres [1498]: umzali ushone singakaqedi, ephuma

kufanele siqale kabusha insiza bese sizama futhi. Manje sakha ifolda ntp_signd:

impande @ master: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
ls: / usr / local / samba / var / lib / ntp_signd ayikwazi ukufinyelelwa: Ifayela noma umkhombandlela awukho

impande @ master: ~ # mkdir / usr / local / samba / var / lib / ntp_signd
impande @ master: ~ # impande ekhethiwe: ntp / usr / yendawo / samba / var / lib / ntp_signd /
impande @ master: ~ # chmod 750 / usr / local / samba / var / lib / ntp_signd / root @ master: ~ # chmod gs, g + x / usr / local / samba / var / lib / ntp_signd /

# Njengoba kuceliwe ku-samba.wiki.org
impande @ master: ~ # ls -ld / usr / local / samba / var / lib / ntp_signd
i-drwxr-x --- 2 impande ntp 4096 Jun 19 12:21 / usr / wendawo / samba / var / lib / ntp_signd

Silungiselela ukuqala kweSamba ukusebenzisa i-systemd

impande @ master: ~ # nano /lib/systemd/system/samba-ad-dc.service
[Service] Type = forking PIDFile = / usr / local / samba / var / run / samba.pid LimitNOFILE = 16384 # EnvironmentFile = - / etc / conf.d / samba ExecStart = / usr / local / samba / sbin / samba ExecReload = / usr / bin / kill -HUP $ MAINPID [Faka] WantedBy = multi-user.target

impande @ master: ~ # systemctl vumela i-samba-ad-dc
impande @ master: ~ # qala kabusha

impande @ master: ~ # systemctl isimo samba-ad-dc
impande @ master: ~ # systemctl isimo ntp

Izindawo zefayela le-Samba 4 AD-DC

KONKE -khipha i-samba-ad-dc.service esanda kudalwa- amafayela aku:

impande @ master: ~ # ls -l / usr / wendawo / samba /
inani lama-32 drwxr-sr-x 2 izimpande zabasebenzi 4096 Jun 19 11:55 am
I-drwxr-sr-x 2 izimpande zabasebenzi 4096 Jun 19 11:50 njll
I-drwxr-sr-x 7 izimpande zabasebenzi 4096 Jun 19 11:30 Faka
drwxr-sr-x 15 izimpande zabasebenzi 4096 Jun 19 11:33 lib
I-drwxr-sr-x 7 izimpande zabasebenzi 4096 Jun 19 12:40 yangasese
I-drwxr-sr-x 2 izimpande zabasebenzi 4096 Jun 19 11:33 sbin
I-drwxr-sr-x 5 izimpande zabasebenzi 4096 Jun 19 11:33 share
I-drwxr-sr-x 8 izimpande zabasebenzi 4096 Jun 19 12:28 i-var

ngesitayela esihle kakhulu se-UNIX. Kuyalulekwa ngaso sonke isikhathi ukuthi udlulise amehlo kumafolda ahlukahlukene bese uhlola okuqukethwe kuwo.

/Usr/local/samba/etc/smb.conf ifayela

impande @ master: ~ # nano /usr/local/samba/etc/smb.conf 
# Amapharamitha we-Global [global] netbios name = MASTER realm = SWL.FAN workgroup = SWL dns forwarder = 8.8.8.8 services services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate , dns server role = esebenzayo isilawuli sesizinda senkomba vumela i-dns updates = iphephe kuphela i-idmap_ldb: sebenzisa i-rfc2307 = yebo idmap config *: backend = tdb idmap config *: range = 1000000-1999999 ldap server idinga i-auth eqinile = alikho igama le-printcap = / dev / null [netlogon] path = / usr/local/samba/var/locks/sysvol/swl.fan/script funda kuphela = Cha [sysvol] path = / usr / local / samba / var / locks / sysvol funda kuphela = Cha

impande @ master: ~ # testparm
Layisha amafayela we-smb config kusuka / usr/local/samba/etc/smb.conf Isigaba sokucubungula "[netlogon]" Isigaba sokucubungula "[sysvol]" Ifayela lezinsizakalo ezilayishiwe KULUNGILE. Indima yeseva: ROLE_ACTIVE_DIRECTORY_DC Cindezela u-enter ukuze ubone ukulahla izincazelo zensizakalo yakho # Imingcele yomhlaba wonke [global] realm = SWL.FAN iqembu leqembu = SWL dns forwarder = 192.168.10.1 ldap server idinga i-auth eqinile = Ayikho i-passdb backend = samba_dsdb server role = directory directory isilawuli sesizinda rpc_server: tcpip = ayikho i-rpc_daemon: i-rpc_server efakiwe : amapayipi angaphandle = i-idmap config yeqiniso *: range = 1000000-1999999 idmap_ldb: sebenzisa i-rfc2307 = yebo idmap config *: backend = tdb map archive = Ayikho imephu readonly = azikho izimfanelo zesitolo = Yebo vfs objects = dfs_samba4 acl_xattr [netlogon] path = / usr / local / samba / var / locks / sysvol / swl.fan / scripts read only = No [sysvol] path = / usr / local / samba / var / locks / sysvol funda kuphela = Cha

Amasheke amancane

impande @ master: ~ # ithuluzi lesizinda sezinga lombukiso
Izinga lokusebenza kwesizinda nehlathi lesizinda 'DC = swl, DC = fan' Izinga lokusebenza kwehlathi: (Windows) 2008 R2 Izinga lomsebenzi wesizinda: (Windows) 2008 R2 Izinga eliphansi lomsebenzi weDC: (Windows) 2008 R2

impande @ master: ~ # ldapsearch -x -W

impande @ master: ~ # ithuluzi dbcheck
Ukuhlola izinto ezingama-262 Kuhlolwe izinto ezingama-262 (0 error)

impande @ master: ~ # kinit Administrator
Iphasiwedi Administrator@SWL.FAN: 
impande @ master: ~ # klist -f
Inqolobane yamathikithi: FILE: / tmp / krb5cc_0
Okuzenzakalelayo okuyinhloko: Administrator@SWL.FAN

Ukuqala kokusebenza okuphelelwe yisikhathi okuyinhloko 19/06/17 12:53:24 19/06/17 22:53:24  krbtgt/SWL.FAN@SWL.FAN
    vuselela kuze kube 20/06/17 12:53:18 PM, Amafulegi: RIA

impande @ master: ~ # kdestroy
impande @ master: ~ # klist -f
klist: Ifayela le-cache le-Credentials '/ tmp / krb5cc_0' alitholakali

impande @ master: ~ # smbclient -L localhost -U%
Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC $ IPC IPC Insiza (Samba 4.5.1) Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1] Amazwana Weseva --------- ------- Mastergroup Master ---- ----- -------

impande @ master: ~ # smbclient // localhost / netlogon -UAdministrator -c 'ls'
Faka iphasiwedi yoMlawuli: Domain = [SWL] OS = [Windows 6.1] Server = [Samba 4.5.1]. D 0 Mon Jun 19 11:50:52 2017 .. D 0 Mon Jun 19 11:51:07 2017 19091584 amabhlogo osayizi 1024. 16198044 amabhulokhi atholakalayo

impande @ master: ~ # ithuluzi dns serverinfo master -U umphathi

impande @ master: ~ # host -t SRV _ldap._tcp.swl.fan
_ldap._tcp.swl.fan inerekhodi le-SRV 0 100 389 master.swl.fan.

impande @ master: ~ # host -t SRV _kerberos._udp.swl.fan
_kerberos._udp.swl.fan unerekhodi le-SRV 0 100 88 master.swl.fan.

impande @ master: ~ # umphathi -t A master.swl.fan
master.swl.fan inekheli 192.168.10.5

impande @ master: ~ # umphathi -t SOA swl.fan
i-swl.fan ine-SOA irekhodi master.swl.fan. umphathi wesikhungo.swl.fan. 1 900 600 86400 3600

impande @ master: ~ # host -t NS swl.fan
swl.fan igama leseva master.swl.fan.

impande @ master: ~ # umphathi -t MX swl.fan
swl.fan ayinayo irekhodi le-MX

impande @ master: ~ # samba_dnsupdate --verbose

impande @ master: ~ # uhlu lomsebenzisi lwamathuluzi
Umphathi krbtgt Isivakashi

impande @ master: ~ # uhlu lwamaqembu wamathuluzi
# Okukhiphayo kuyinqwaba yamaqembu. ;-)

Siphatha iSamba 4 AD-DC esanda kufakwa

Uma sifuna ukuguqula ukuphela kwezinsuku ngezinsuku ze-Administrator; ubunzima bama-password; ubude obuncane be-password; ubuncane nobude besikhathi - ezinsukwini- zephasiwedi; bese ushintsha iphasiwedi yoMlawuli emenyezelwe ngesikhathi se- Ukuhlinzekela, kufanele senze imiyalo elandelayo nge amanani ahlelelwe izidingo zakho:

impande @ master: ~ # ithuluzi
Ukusetshenziswa: samba-tool Ithuluzi lokuphatha elikhulu le-samba. Izinketho: -h, --help bonisa lo mlayezo wosizo bese uphuma Izinketho zenguqulo: -V, --version Khombisa inombolo yenguqulo Imiyalo engezansi etholakalayo: dbcheck - Bheka amaphutha e-AD yangakini. ukuthunyelwa - ukuphathwa kokuthunyelwa. dns - Ukuphathwa kwe-Domain Name Service (DNS). isizinda - Ukuphathwa kwesizinda. drs - Ukuphathwa kwe-Directory Replication Services (DRS). dsacl - DS ACL ukukhohlisa. fsmo - Flexible Single Master Operations (FSMO) izindima zokuphatha. gpo - Ukuphathwa kwe-Group Policy Object (GPO). iqembu - Ukuphathwa kweqembu. ldapcmp - Qhathanisa imininingwane emibili ye-ldap. ukukhohlisa kwe-ntacl - NT ACLs. izinqubo - Izinqubo zohlu (ukusiza ukulungisa iphutha kumasistimu ngaphandle kwe-setproctitle). i-rodc - Ukuphathwa kwe-Read-Only Domain Controller (RODC). amasayithi - Ukuphathwa kwamasayithi. spn - Ukuphathwa kwegama leNhloko Yesevisi (SPN). testparm - I-Syntax hlola ifayela lokumiswa. time - Buyisa isikhathi kuseva. umsebenzisi - Ukuphathwa komsebenzisi. Ukuthola usizo olwengeziwe kwi-subcommand ethile, sicela uthayiphe: samba-tool (-h | - usizo)

impande @ master: ~ # ithuluzi lomsebenzisi setexpiry administrator --noexpiry
impande @ master: ~ # ithuluzi lesizinda setsetset setsetset --min-pwd-length = 7
impande @ master: ~ # ithuluzi lesizinda setsetset setsetset --min-pwd-age = 0
impande @ master: ~ # ithuluzi lesizinda setsetset setsetset --max-pwd-age = 60
impande @ master: ~ # ithuluzi lomsebenzisi setasswordword --filter = samaccountname = Administrator --newpassword = Passw0rD

Sifaka amarekhodi amaningi e-DNS

impande @ master: ~ # ithuluzi dns
Ukusetshenziswa: i-samba-tool dns Ukuphathwa kwe-Domain Name Service (DNS). Izinketho: -h, --help khombisa lo mlayezo wosizo bese uphuma imiyalo engezansi etholakalayo: engeza - Faka ukususa irekhodi le-DNS - Susa umbuzo werekhodi le-DNS - Buza igama. ama-roothints - Amacebo ezimpande zombuzo. i-serverinfo - Umbuzo wolwazi lwe-Server. buyekeza - Vuselela irekhodi le-DNScreate - Dala indawo. zonedelete - Susa indawo. zoneinfo - Umbuzo wolwazi lwendawo. i-zonelist - Umbuzo wezindawo. Ukuthola usizo olwengeziwe kwi-subcommand ethile, sicela uthayiphe: i-samba-tool dns (-h | - usizo)

Iseva yemeyili

impande @ master: ~ # ithuluzi le-dns engeza i-master swl.fan mail A 192.168.10.9 -U administrator
impande @ master: ~ # ithuluzi dns engeza i-master swl.fan swl.fan MX "mail.swl.fan 10" -U umphathi

I-IP ehleliwe yamanye amaseva

impande @ master: ~ # ithuluzi le-dns engeza i-master swl.fan sysadmin A 192.168.10.1 -U umphathi
impande @ master: ~ # ithuluzi dns engeza i-master swl.fan fileserver A 192.168.10.10 -U administrator
impande @ master: ~ # ithuluzi le-dns engeza ummeleli we-master swl.fan A 192.168.10.11 -U administrator
impande @ master: ~ # ithuluzi le-dns engeza ingxoxo ye-master swl.fan A 192.168.10.12 -U umphathi

Indawo ebuyela emuva

impande @ master: ~ # ithuluzi le-dns zonecreate master 10.168.192.in-addr.arpa -U umphathi
Iphasiwedi ye- [SWL \ administrator]: iZone 10.168.192.in-addr.arpa idalwe ngempumelelo

impande @ master: ~ # ithuluzi le-dns engeza i-master 10.168.192.in-addr.arpa 5 PTR master.swl.fan. Umphathi
impande @ master: ~ # ithuluzi le-dns engeza i-master 10.168.192.in-addr.arpa 9 PTR mail.swl.fan. Umphathi
impande @ master: ~ # ithuluzi le-dns engeza i-master 10.168.192.in-addr.arpa 1 PTR sysadmin.swl.fan. Umphathi
impande @ master: ~ # ithuluzi le-dns engeza i-master 10.168.192.in-addr.arpa 10 PTR fileserver.swl.fan. Umphathi
impande @ master: ~ # ithuluzi le-dns engeza i-master 10.168.192.in-addr.arpa 11 PTR proxy.swl.fan. Umphathi
impande @ master: ~ # ithuluzi le-dns engeza i-master 10.168.192.in-addr.arpa 12 PTR chat.swl.fan. Umphathi

Amasheke

impande @ master: ~ # ithuluzi le-dns query master swl.fan imeyili YONKE -U umlawuli
Iphasiwedi ye- [SWL \ administrator]: Name =, Records = 1, Children = 0 A: 192.168.10.9 (flags = f0, serial = 2, ttl = 900)

impande @ master: ~ # umphathi omkhulu
master.swl.fan inekheli 192.168.10.5
impande @ master: ~ # host sysadmin
sysadmin.swl.fan inekheli 192.168.10.1
impande @ master: ~ # imeyili yokubamba
i-mail.swl.fan inekheli 192.168.10.9
impande @ master: ~ # ingxoxo yokusingathwa
chat.swl.fan inekheli 192.168.10.12
impande @ master: ~ # umphathi we-proxy
proxy.swl.fan unekheli 192.168.10.11
impande @ master: ~ # umphathi wefayela
fileserver.swl.fan inekheli 192.168.10.10
impande @ master: ~ # Umsingathi 192.168.10.1
1.10.168.192.in-addr.arpa isizinda segama lesikhombi sysadmin.swl.fan.
impande @ master: ~ # Umsingathi 192.168.10.5
5.10.168.192.in-addr.arpa isizinda segama lesikhombi master.swl.fan.
impande @ master: ~ # Umsingathi 192.168.10.9
9.10.168.192.in-addr.arpa isizinda segama lesikhombi mail.swl.fan.
impande @ master: ~ # Umsingathi 192.168.10.10
10.10.168.192.in-addr.arpa isizinda segama lesikhombi fileserver.swl.fan.
impande @ master: ~ # Umsingathi 192.168.10.11
11.10.168.192.in-addr.arpa igama lesikhombi proxy.swl.fan.
impande @ master: ~ # Umsingathi 192.168.10.12
12.10.168.192.in-addr.arpa isizinda segama lesikhombi chat.swl.fan.

Okokufuna ukwazi

impande @ master: ~ # ldbsearch -H /usr/local/samba/private/sam.ldb.d/
DC = DOMAINDNSZONES, DC = SWL, DC = FAN.ldb | grep dn:

Sengeza abasebenzisi

impande @ master: ~ # umsebenzisi wethuluzi
Ukusetshenziswa: umsebenzisi we-samba-tool Ukuphathwa komsebenzisi. Izinketho: -h, --help khombisa lo mlayezo wosizo bese uphuma Imiyalo engezansi etholakalayo: engeza - Dala umsebenzisi omusha. dala - Dala umsebenzisi omusha. susa - Susa umsebenzisi. khubaza - Khubaza umsebenzisi. nika amandla - Nika amandla umsebenzisi. igama elidlula - Thola izinkambu zephasiwedi ze-akhawunti yomsebenzisi / yekhompyutha. uhlu - Bhala bonke abasebenzisi. iphasiwedi - Shintsha iphasiwedi ye-akhawunti yomsebenzisi (leyo enikezwe ukuqinisekiswa). setexpiry - Setha ukuphela kwe-akhawunti yomsebenzisi. setpassword - Setha noma setha kabusha iphasiwedi ye-akhawunti yomsebenzisi. amagama wokuvumelanisa - Vumelanisa iphasiwedi yama-akhawunti womsebenzisi. Ukuthola usizo olwengeziwe kwi-subcommand ethile, sicela uthayiphe: umsebenzisi we-samba-tool (-h | - usizo)

impande @ master: ~ # ithuluzi lomsebenzisi lenza amagxathu e-Trancos01
Umsebenzisi 'ama-trancos' adalwe ngempumelelo
impande @ master: ~ # ithuluzi lomsebenzisi lakha i-gandalf Gandalf01
Umsebenzisi 'gandalf' udalwe ngempumelelo
impande @ master: ~ # ithuluzi lomsebenzisi lakha i-legolas Legolas01
Umsebenzisi 'i-legolas' idalwe ngempumelelo
impande @ master: ~ # uhlu lomsebenzisi lwamathuluzi
Umphathi u-gandalf legolas uthathe isinyathelo se-krbtgt Guest

Ukuphatha ngokusebenzisa isikhombimsebenzisi sokuqhafaza noma ngeklayenti lewebhu

Vakashela i-wiki.samba.org ukuthola imininingwane enemininingwane yokuthi ungayifaka kanjani i- IMicrosoft RSAT o Amathuluzi Wokuphatha Kweseva Ekude. Uma ungadingi izinqubomgomo zakudala ezinikezwe yi-Microsoft Active Directory, ungafaka iphakheji ldap-akhawunti-umphathi enikezela isikhombimsebenzisi esibonakalayo sokuphatha ngokusebenzisa isiphequluli sewebhu.

Iphakethe lohlelo lweMicrosoft Remote Server Tools (RSAT) lifakiwe ezinhlelweni ezisebenzayo zeWindows Server.

Sijoyina isizinda kwiklayenti le-Windows 7 eligama "ayisikhombisa"

Njengoba singenayo iseva ye-DHCP kunethiwekhi, into yokuqala okufanele siyenze ukulungisa ikhadi lenethiwekhi yekhasimende nge-IP engaguquki, simemezele ukuthi i-DNS eyinhloko izoba yi-IP ye samba-ad-dc, futhi uhlole ukuthi inketho "Bhalisa ikheli lalokhu kuxhuma ku-DNS" iyasebenza. Akukhona ukungenzi lutho ukuhlola ukuthi igama «Isikhombisa»Ayikabhaliswa ku-Samba Internal DNS.

Ngemuva kokuthi sijoyine ikhompyutha esizindeni bese siyiyiqala kabusha, ake sizame ukungena ngemvume nomsebenzisi «igxathu«. Sizobheka ukuthi konke kusebenza KULUNGILE. Kuyalulekwa futhi ukuthi ubheke izingodo zeKlayenti leWindows futhi uhlole ukuthi isikhathi sivumelaniswe kahle kanjani.

Abaphathi abanokuhlangenwe nakho okuthile kweWindows bazothola ukuthi noma yikuphi ukuhlola abakwenzayo kuklayenti kuzoletha imiphumela egculisayo.

Isifingqo

Ngiyethemba ukuthi i-athikili iyasebenziseka kubafundi be-FromLinux Community.

Hamba kahle!


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-8, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   Gonzalo Martinez kusho

    Indatshana ende kepha enemininingwane, igxathu negxathu elihle lokuthi ungakwenza kanjani konke.

    Ngigcizelela i-NIS, iqiniso ukuthi yize ngazi ukuthi ikhona, angikaze ngazi ngempela ukuthi isebenza kanjani, ngoba uma ngikhuluma iqiniso ngaso sonke isikhathi ibinginika isithombe sokuthi ifile eduze kwe-LDAP neSamba 4.

    PS: Siyakuhalalisela ngomsebenzi wakho omusha! Kuyadabukisa ukuthi ngeke uqhubeke ukubhala lapha, kepha okungenani kunendawo ongakulandela kuyo.

  2.   I-HO2Gi kusho

    Isifundo esikhulu njengokuhlala kwenzeka kuzintandokazi zami, Sanibonani uFico.
    Siyakuhalalisela ngale phrojekthi.

  3.   IWO kusho

    Isigaba se-NIS sihle, ngiyazwelana noGonzalo Martinez, bengisazi kafushane kepha bengingazi ukuthi ngiwusebenzisa kanjani futhi usetshenziswa kuziphi izimo.
    Ngiyabonga kanye "ngesiqu" esikhulu sendatshana efundiswayo neyenziwayo.
    Ekugcineni impumelelo emisha kuphrojekthi yakho entsha «gigainside».

  4.   frederico kusho

    Ngiyabonga kakhulu nonke ngokuphawula !!!.
    Phendula ngokucaphuna

  5.   mussol kusho

    i-smb.conf oyikhombisayo ayinakho ukuxhumana ne-LDAP, ngabe lokhu kwenziwa ngamabomu noma kukhona engikushiyile?

  6.   phico kusho

    i-mussol: Le yi-Samba 4 Active Directory Domain Controler esivele inesiphakeli sayo se-LDAP.

  7.   Vincent kusho

    Ngabe ungaphawula ngokuthi ungajoyina kanjani i-mac (i-apula) ku-samba 4 AD-DC?
    Ngiyabonga

  8.   umabhebhana kusho

    Unjani;

    Siyabonga ngencwajana, kuhle. Nginombuzo mayelana nomlayezo ovela kimi.

    impande @ AD: ~ # nping –tcp -p 53 -c 3 ad.rjsolucionessac.com
    Yehlulekile ukuxazulula igama lomethuleli / i-IP elinikeziwe: ad.rjsolucionessac.com. Qaphela ukuthi awukwazi ukusebenzisa amabanga we-IP we - '/ mask' FUTHI '1-4,7,100-'
    Ayikwazi ukuthola ithagethi evumelekile. Sicela uqinisekise ukuthi ababungazi ababekiwe bangamakheli e-IP ngokwazi okujwayelekile noma ngamagama abasingathi angaxazululwa nge-DNS
    impande @ AD: ~ #