Jikọta Ubuntu 16.04 na AD ka onye otu ngalaba na Samba na Winbind - Nkebi 8
Nkuzi a na-akọwa otu esi etinye igwe Ubuntu n'ime ngalaba Samba4 Active Directory iji gosipụta akaụntụ AD na ACL mpaghara maka faịlụ na akwụkwọ ndekọ aha ma ọ bụ mepụta na maapụ oke oke maka ndị ọrụ njikwa ngalaba (mee dị ka ihe nkesa faịlụ).
- Mepụta akụrụngwa ndekọ aha na-arụ ọrụ na Samba4 na Ubuntu
Kwụpụ 1: Nhazi izizi iji sonyere Ubuntu na Samba4 AD
1. Tupu ịmalite ịbanye na Ubuntu host n'ime Active Directory DC, ịkwesịrị ijide n'aka na a na-ahazi ụfọdụ ọrụ nke ọma na igwe mpaghara.
Akụkụ dị mkpa nke igwe gị na-anọchi anya aha nnabata. Tọlite aha igwe kwesịrị ekwesị tupu ịbanye na ngalaba site na enyemaka nke hostnamectl iwu ma ọ bụ site na iji aka dezie /etc/hostname file.
# hostnamectl set-hostname your_machine_short_name # cat /etc/hostname # hostnamectl
2. Na nzọụkwụ ọzọ, mepee ma jiri aka dezie ntọala netwọk igwe gị na nhazi IP kwesịrị ekwesị. Ntọala kachasị mkpa ebe a bụ adreesị IP DNS nke na-atụ aka azụ na njikwa ngalaba gị.
Dezie faịlụ /etc/network/interfaces wee tinye nkwupụta dns-nameservers na adreesị IP gị kwesịrị ekwesị na aha ngalaba dị ka egosiri na nseta ihuenyo dị n'okpuru.
Ọzọkwa, jide n'aka na agbakwunyere otu adreesị IP DNS na aha ngalaba na faịlụ /etc/resolv.conf.
Na nseta ihuenyo dị n'elu, 192.168.1.254 na 192.168.1.253 bụ adreesị IP nke Samba4 AD DC na Tecmint.lan na-anọchi anya aha ngalaba AD nke igwe niile agbakwunyere n'ime ala ga-ajụ.
3. Malitegharịa ọrụ netwọk ma ọ bụ malitegharịa igwe iji tinye nhazi netwọk ọhụrụ. Nye iwu ping megide aha ngalaba gị iji nwalee ma mkpebi DNS na-arụ ọrụ dịka a tụrụ anya ya.
AD DC kwesịrị iji FQDN megharịa ya. Ọ bụrụ na ị haziela ihe nkesa DHCP na netwọk gị ka ị kenye ntọala IP na-akpaghị aka maka ndị ọbịa LAN gị, jide n'aka na ị gbakwunye adreesị IP AD DC na nhazi DNS nkesa DHCP.
# systemctl restart networking.service # ping -c2 your_domain_name
4. Nhazi ikpeazụ dị mkpa achọrọ na-anọchi anya mmekọrịta oge. Wụnye ngwugwu ntpdate, ajụjụ na oge mmekọrịta na AD DC site na ịnye iwu ndị a.
$ sudo apt-get install ntpdate $ sudo ntpdate -q your_domain_name $ sudo ntpdate your_domain_name
5. Na nzọụkwụ ọzọ wụnye ngwanrọ nke igwe Ubuntu chọrọ ka ejikọta ya na ngalaba site na ịme iwu dị n'okpuru.
$ sudo apt-get install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
Mgbe ngwungwu Kerberos na-etinye, a ga-agwa gị ka itinye aha nke ebe ndabere gị. Jiri aha ngalaba gị nwere nnukwu akpa wee pịa igodo Tinye ka ịga n'ihu nrụnye.
6. Mgbe ngwugwu niile mechara wụnye, nwalee nyocha Kerberos megide akaụntụ nchịkwa AD wee depụta tiketi site na ịnye iwu ndị dị n'okpuru.
# kinit ad_admin_user # klist
Kwụpụ 2: Jikọọ Ubuntu na Samba4 AD DC
7. Nzọụkwụ mbụ iji jikọta igwe Ubuntu n'ime ngalaba Samba4 Active Directory bụ iji dezie faịlụ nhazi Samba.
Weghachite faịlụ nhazi ndabara nke Samba, nke onye njikwa ngwugwu nyere, ka ịmalite site na nhazi dị ọcha site na ịme iwu ndị a.
# mv /etc/samba/smb.conf /etc/samba/smb.conf.initial # nano /etc/samba/smb.conf
Na faịlụ nhazi Samba ọhụrụ tinye ahịrị ndị a:
[global]
workgroup = TECMINT
realm = TECMINT.LAN
netbios name = ubuntu
security = ADS
dns forwarder = 192.168.1.1
idmap config * : backend = tdb
idmap config *:range = 50000-1000000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
Dochie otu ọrụ, alaeze, aha netbios na ndị na-ebugharị dns na ntọala omenala nke gị.
Winbind na-eji ngalaba ndabara na-eme ka ọrụ winbind na-emeso aha njirimara AD ọ bụla na-erughị eru dị ka ndị ọrụ AD. Ị ga-ahapụ oke a ma ọ bụrụ na ị nwere aha akaụntụ sistemụ mpaghara nke jikọtara akaụntụ AD.
8. Ugbu a ịkwesịrị ịmalitegharị samba daemons niile wee kwụsị ma wepụ ọrụ ndị na-adịghị mkpa ma mee ka ọrụ samba rụọ ọrụ n'obosara site n'inye iwu ndị dị n'okpuru.
$ sudo systemctl restart smbd nmbd winbind $ sudo systemctl stop samba-ad-dc $ sudo systemctl enable smbd nmbd winbind
9. Jikọọ Ubuntu igwe na Samba4 AD DC site n'inye iwu na-esonụ. Jiri aha akaụntụ AD DC nwere ikike onye nchịkwa ka njide na-arụ ọrụ dị ka a tụrụ anya ya.
$ sudo net ads join -U ad_admin_user
10. Site na igwe Windows nwere ngwaọrụ RSAT arụnyere ị nwere ike mepee AD UC wee gaa na akpa Kọmputa. N'ebe a, ekwesịrị ịdepụta igwe ejikọtara Ubuntu gị.
Kwụpụ 3: Hazie nkwenye akaụntụ AD
11. Iji mee nyocha maka akaụntụ AD na igwe mpaghara, ịkwesịrị ịgbanwe ụfọdụ ọrụ na faịlụ na igwe mpaghara.
Nke mbụ, mepee ma dezie faịlụ nhazi aha ọrụ mgbanwe (NSS).
$ sudo nano /etc/nsswitch.conf
Na-esote gbakwunye uru winbind maka passwd na ahịrị otu dị ka egosiri n'akwụkwọ dị n'okpuru.
passwd: compat winbind group: compat winbind
12. Iji nwalee ma ọ bụrụ na igwe Ubuntu na-arụ ọrụ nke ọma ka ọ banye n'ógbè ahụ na-agba ọsọ wbinfo iwu iji depụta akaụntụ ngalaba na otu.
$ wbinfo -u $ wbinfo -g
13. Ọzọkwa, lelee Winbind nsswitch modul site n'inye iwu getent na ọkpọkọ nsonaazụ site na nzacha dị ka grep iji belata mmepụta naanị maka ndị ọrụ ngalaba ma ọ bụ otu.
$ sudo getent passwd| grep your_domain_user $ sudo getent group|grep 'domain admins'
14. Iji nyochaa na igwe Ubuntu na akaụntụ ngalaba, ịkwesịrị ịme iwu pam-auth-update na ikike mgbọrọgwụ wee tinye ndenye niile achọrọ maka ọrụ winbind na iji mepụta akwụkwọ ndekọ aha ụlọ maka akaụntụ ngalaba ọ bụla na ntinye mbụ.
Lelee ndenye niile site na ịpị igodo [space] wee pịa OK ka itinye nhazi.
$ sudo pam-auth-update
15. Na sistemụ Debian ịkwesịrị iji aka dezie faịlụ /etc/pam.d/common-account na ahịrị ndị a iji mepụta ụlọ na-akpaghị aka maka ndị ọrụ ngalaba.
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
16. N'ihi na Active Directory ọrụ na-enwe ike ịgbanwe paswọọdụ si iwu akara na Linux oghe /etc/pam.d/common-password faịlụ ma wepụ use_authtok nkwupụta si paswọọdụ akara n'ikpeazụ anya dị ka na n'okpuru wepụ.
password [success=1 default=ignore] pam_winbind.so try_first_pass
17. Iji nyochaa na Ubuntu host na Samba4 AD akaụntụ jiri ngalaba aha njirimara parameter after su - Command. Gbaa iwu id iji nweta ozi ndị ọzọ gbasara akaụntụ AD.
$ su - your_ad_user
Jiri pwd iwu ịhụ ndekọ onye ọrụ ngalaba gị ugbu a yana iwu passwd ma ọ bụrụ na ịchọrọ ịgbanwe paswọọdụ.
18. Iji jiri akaụntụ ngalaba nwere ikike mgbọrọgwụ na igwe Ubuntu gị, ịkwesịrị ịgbakwunye aha njirimara AD na otu sudo system site n'inye iwu dị n'okpuru:
$ sudo usermod -aG sudo your_domain_user
Jiri akaụntụ ngalaba banye na Ubuntu wee melite sistemụ gị site na iji iwu mmelite apt-nweta iji lelee ma onye ọrụ ngalaba nwere ikike mgbọrọgwụ.
19. Iji tinye ihe ùgwù mgbọrọgwụ maka ngalaba ngalaba, mepee njedebe edit /etc/sudoers faịlụ site na iji iwu visudo ma gbakwunye akara na-esonụ dị ka e gosipụtara na nseta ihuenyo dị n'okpuru.
%YOUR_DOMAIN\\your_domain\ group ALL=(ALL:ALL) ALL
Jiri backslashes gbanarị oghere dị n'ime aha ngalaba gị ma ọ bụ gbanarị azụ azụ mbụ. N'ọmụmaatụ dị n'elu, a na-akpọ ngalaba ngalaba maka mpaghara TECMNT\ngalaba admins.
Akara akara pasentị bu ụzọ (%) na-egosi na anyị na-ekwu maka otu, ọ bụghị aha njirimara.
20. Ọ bụrụ na ị na-agba ọsọ ụdị Ubuntu nke eserese na ịchọrọ ịbanye na sistemụ na onye ọrụ ngalaba, ịkwesịrị ịgbanwe njikwa ngosi LightDM site na dezie /usr/share/lightdm/lightdm.conf.d/50-ubuntu. .conf faịlụ, gbakwunye ahịrị ndị a ma malitegharịa igwe iji gosipụta mgbanwe.
greeter-show-manual-login=true greeter-hide-users=true
Ugbu a, ọ ga-enwe ike iji akaụntụ ngalaba rụọ nbanye na Desktọpụ Ubuntu site na iji ma your_domain_username ma ọ bụ [email _domain.tld ma ọ bụ your_domain\your_domain_username usoro.