Otu esi ejikwa Samba4 AD akụrụngwa sitere na Linux Command Line - Part 2
Nkuzi a ga-ekpuchi ụfọdụ iwu kwa ụbọchị ịchọrọ iji iji jikwaa akụrụngwa njikwa ngalaba Samba4 AD, dị ka ịgbakwunye, iwepu, gbanyụọ ma ọ bụ depụta ndị ọrụ na otu.
Anyị ga-elebakwa anya ka esi ejikwa amụma nchekwa ngalaba yana otu esi ejikọta ndị ọrụ AD na nyocha PAM mpaghara ka ndị ọrụ AD nwee ike ịme nbanye mpaghara na Linux Domain Controller.
- Mepụta akụrụngwa AD na Samba4 na Ubuntu 16.04 - Nkebi 1 Jikwaa Samba4 Active Directory Infrastructure from Windows10 site na RSAT – Nkebi nke 3
- Jikwaa Samba4 AD ngalaba njikwa DNS na amụma otu sitere na Windows – Nkebi 4
Kwụpụ 1: Jikwaa Samba AD DC site na Line Command
1. Samba AD DC nwere ike jikwaa site samba-ngwaọrụ iwu akara utility nke awade a oké interface maka administrating gị ngalaba.
Site n'enyemaka nke samba-tool interface ị nwere ike ijikwa ndị ọrụ ngalaba na ndị otu, ngalaba ngalaba ngalaba, saịtị ngalaba, ọrụ DNS, ngalaba mmegharị na ọrụ ngalaba ndị ọzọ dị oke mkpa.
Ka inyochaa ọrụ niile nke samba-tool dị nnọọ pịnye iwu na ikike mgbọrọgwụ na-enweghị nhọrọ ma ọ bụ oke.
# samba-tool -h
2. Ugbu a, ka anyị malite iji samba-tool utility iji nye Samba4 Active Directory ma jikwaa ndị ọrụ anyị.
Iji mepụta onye ọrụ na AD jiri iwu a:
# samba-tool user add your_domain_user
Ka ịgbakwunye onye ọrụ nwere ọtụtụ mpaghara dị mkpa nke AD chọrọ, jiri syntax a:
--------- review all options --------- # samba-tool user add -h # samba-tool user add your_domain_user --given-name=your_name --surname=your_username [email --login-shell=/bin/bash
3. Enwere ike nweta ndepụta nke ndị ọrụ ngalaba samba AD niile site n'inye iwu a:
# samba-tool user list
4. Iji ihichapụ onye ọrụ ngalaba samba AD jiri syntax dị n'okpuru:
# samba-tool user delete your_domain_user
5. Tọgharịa paswọọdụ onye ọrụ ngalaba samba site na ime iwu dị n'okpuru:
# samba-tool user setpassword your_domain_user
6. Iji gbanyụọ ma ọ bụ mee ka akaụntụ onye ọrụ samba AD jiri iwu dị n'okpuru:
# samba-tool user disable your_domain_user # samba-tool user enable your_domain_user
7. N'otu aka ahụ, enwere ike ijikwa otu samba site na iji syntax iwu a:
--------- review all options --------- # samba-tool group add –h # samba-tool group add your_domain_group
8. Hichapụ otu ngalaba samba site n'inye iwu dị n'okpuru:
# samba-tool group delete your_domain_group
9. Iji gosipụta otu ngalaba samba niile na-agbaso iwu a:
# samba-tool group list
10. Iji depụta ndị otu ngalaba samba niile n'otu otu, jiri iwu a:
# samba-tool group listmembers "your_domain group"
11. Ịgbakwunye/wepụ onye otu na ngalaba samba nwere ike ime site n'inye otu n'ime iwu ndị a:
# samba-tool group addmembers your_domain_group your_domain_user # samba-tool group remove members your_domain_group your_domain_user
12. Dị ka e kwuru na mbụ, samba-tool iwu akara interface nwekwara ike iji jikwaa gị samba ngalaba amụma na nchekwa.
Iji nyochaa ntọala paswọọdụ samba gị jiri iwu dị n'okpuru:
# samba-tool domain passwordsettings show
13. Iji gbanwee ụkpụrụ okwuntughe ngalaba samba, dị ka ọkwa mgbagwoju anya okwuntughe, paswọọdụ ịka nká, ogologo oge, okwuntughe ochie ole ị ga-echeta na njirimara nchekwa ndị ọzọ achọrọ maka onye njikwa ngalaba jiri nseta ihuenyo dị n'okpuru dị ka ntuziaka.
---------- List all command options ---------- # samba-tool domain passwordsettings -h
Ejila iwu okwuntughe dị ka egosiri n'elu na gburugburu mmepụta. A na-eji ntọala ndị a dị n'elu naanị maka ebumnuche ngosi.
Kwụpụ 2: Nyocha mpaghara Samba Iji Akaụntụ ndekọ aha na-arụ ọrụ
14. Site na ndabara, ndị ọrụ AD enweghị ike ịme logins mpaghara na sistemụ Linux na mpụga Samba AD DC gburugburu.
Iji jiri akaụntụ Active Directory banye na sistemụ ị ga-eme mgbanwe ndị a na gburugburu sistemụ Linux gị wee gbanwee Samba4 AD DC.
Nke mbụ, mepee faịlụ nhazi samba ma tinye ahịrị ndị dị n'okpuru, ọ bụrụ na ọ na-efu, dị ka egosiri na nseta ihuenyo dị n'okpuru.
$ sudo nano /etc/samba/smb.conf
Gbaa mbọ hụ na nkwupụta ndị a pụtara na faịlụ nhazi:
winbind enum users = yes winbind enum groups = yes
15. Mgbe ịmechara mgbanwe ndị ahụ, jiri testparm utility iji jide n'aka na ọ dịghị njehie na-ahụ na faịlụ nhazi samba ma malitegharịa samba daemons site n'inye iwu n'okpuru.
$ testparm $ sudo systemctl restart samba-ad-dc.service
16. Ọzọ, anyị kwesịrị ịgbanwe faịlụ nhazi PAM mpaghara ka Samba4 Active Directory akaụntụ wee nwee ike nyochaa ma mepee nnọkọ na usoro mpaghara ma mepụta ndekọ ụlọ maka ndị ọrụ na nbanye mbụ.
Jiri pam-auth-update iwu imepe ngwa ngwa nhazi PAM wee hụ na ị na-eme profaịlụ PAM niile site na iji igodo [space] dị ka egosiri na nseta ihuenyo dị n'okpuru.
Mgbe emechara pịa igodo [Tab] ka ịkwaga OK wee tinye mgbanwe.
$ sudo pam-auth-update
17. Ugbu a, mepee /etc/nsswitch.conf faịlụ na onye editọ ederede wee tinye nkwupụta winbind na njedebe nke paswọọdụ na ahịrị otu dị ka e gosipụtara na nseta ihuenyo dị n'okpuru.
$ sudo vi /etc/nsswitch.conf
18. N'ikpeazụ, dezie /etc/pam.d/common-password faịlụ, chọọ n'okpuru akara dị ka e gosiri na n'okpuru nseta ihuenyo na-ewepụ use_authtok nkwupụta.
Ntọala a na-emesi obi ike na ndị ọrụ ndekọ aha nwere ike ịgbanwe okwuntughe ha site na ahịrị iwu ka emebere ya na Linux. Site na ntọala a, ndị ọrụ AD kwadoro na mpaghara na Linux enweghị ike ịgbanwe paswọọdụ ha site na njikwa.
password [success=1 default=ignore] pam_winbind.so try_first_pass
Wepu use_authtok nhọrọ oge ọ bụla arụnyere mmelite PAM ma tinye ya na modul PAM ma ọ bụ oge ọ bụla ị na-eme iwu pam-auth-update.
19. Samba4 ọnụọgụ abụọ na-abịa na winbindd daemon arụnyere na ndabara.
N'ihi nke a, ọ dịghịzi mkpa ka ị nwee ike iche iche ma mee winbind daemon nke winbind ngwugwu sitere na ebe nchekwa Ubuntu gọọmentị nyere.
Ọ bụrụ na amalitere ọrụ winbind ochie na arụrụala na sistemụ, jide n'aka na ị gbanyụọ ya wee kwụsị ọrụ ahụ site na ịnye iwu ndị a:
$ sudo systemctl disable winbind.service $ sudo systemctl stop winbind.service
Agbanyeghị, anyị achọkwaghị ịgba ọsọ winbind daemon ochie, anyị ka kwesịrị ịwụnye ngwugwu Winbind site na ebe nchekwa iji wụnye na iji wbinfo tool.
Enwere ike iji uru Wbinfo jụọ ndị ọrụ na ndị otu na-arụ ọrụ ndekọ site na echiche winbindd daemon.
Iwu ndị a na-egosi otu esi ajụ ndị ọrụ AD na otu dị iche iche site na iji wbinfo.
$ wbinfo -g $ wbinfo -u $ wbinfo -i your_domain_user
20. E wezụga wbinfo utility ị nwekwara ike iji getent iwu akara utility na-ajụ Active Directory nchekwa data si Aha Service ịgbanwee ọba akwụkwọ nke na-anọchi anya na /etc/nsswitch.conf faịlụ.
Pipe getent nyere iwu site na nzacha grep iji wedata nsonaazụ gbasara naanị onye ọrụ AD ma ọ bụ nchekwa data otu gị.
# getent passwd | grep TECMINT # getent group | grep TECMINT
Kwụpụ 3: Jiri onye ọrụ ndekọ aha banye Linux
21. Iji jiri onye ọrụ Samba4 AD nyochaa sistemụ ahụ, jiri naanị aha njirimara AD mgbe iwu su - gasịrị.
Na nbanye nke mbụ, a ga-egosipụta ozi na console nke na-eme ka ị mata na emebere akwụkwọ ndekọ ụlọ na /home/$DOMAIN/ sistemu ya na aha njirimara AD gị.
Jiri iwu id iji gosipụta ozi agbakwunyere gbasara onye ọrụ akwadoro.
# su - your_ad_user $ id $ exit
22. Ka ịgbanwee okwuntughe maka ezigbo onye ọrụ AD pịnye iwu passwd na console mgbe ị banyechara nke ọma na sistemụ.
$ su - your_ad_user $ passwd
23. Site na ndabara, Active Directory anaghị enye ndị ọrụ mgbọrọgwụ ohere iji rụọ ọrụ nhazi na Linux.
Iji nye onye ọrụ AD ikike mgbọrọgwụ ị ga-agbakwunye aha njirimara na otu sudo mpaghara site na ịnye iwu dị n'okpuru.
Jide n'aka na ị jikọtara mpaghara, slash na aha njirimara AD n'otu nhota ASCII.
# usermod -aG sudo 'DOMAIN\your_domain_user'
Iji nwalee ma ọ bụrụ na onye ọrụ AD nwere ikike mgbọrọgwụ na sistemụ mpaghara, nbanye wee mee iwu, dị ka nwelite apt-nweta, yana ikike sudo.
# su - tecmint_user $ sudo apt-get update
24. Ọ bụrụ na ịchọrọ ịgbakwunye ohere mgbọrọgwụ maka akaụntụ niile nke otu Active Directory, dezie/wdg/sudoers faịlụ site na iji iwu visudo ma tinye akara dị n'okpuru mgbe akara ohere mgbọrọgwụ, dị ka e gosipụtara na nseta ihuenyo dị n'okpuru:
%DOMAIN\\your_domain\ group ALL=(ALL:ALL) ALL
Lezienụ anya na syntax sudoers ka ị ghara imebi ihe.
Faịlụ Sudoers anaghị ejikwa nke ọma iji akara ngụ ASCII, yabụ gbaa mbọ hụ na ị na-eji % iji gosi na ị na-ezo aka na otu ma jiri azụ azụ iji gbanarị slash mbụ mgbe ngalaba ahụ gasịrị. aha na azụ azụ ọzọ iji gbanarị oghere ma ọ bụrụ na aha otu gị nwere oghere (ọtụtụ n'ime otu AD wuru na-enwe oghere na ndabara). Ọzọkwa, dee alaeze na nnukwu akpa.
Nke ahụ bụ ihe niile ugbu a! Ijikwa akụrụngwa Samba4 AD nwekwara ike nweta ọtụtụ ngwaọrụ sitere na gburugburu Windows, dị ka ADUC, Onye njikwa DNS, GPM ma ọ bụ ndị ọzọ, nke enwere ike nweta site na ịwụnye ngwugwu RSAT na ibe nbudata Microsoft.
Iji nye Samba4 AD DC site na ngwa RSAT, ọ dị oke mkpa ịbanye na sistemụ Windows n'ime Samba4 Active Directory. Nke a ga-abụ isiokwu nkuzi anyị na-esote, ruo mgbe ahụ nọrọ na nche na TecMint.