Jikọọ CentOS 7 na Samba4 AD site na Commandline - Nkebi 14
Ntuziaka a ga-egosi gị otu ị ga-esi jikọta sava CentOS 7 na-enweghị Interface User Graphical na Samba4 Active Directory Domain Controller site na ahịrị iwu site na iji ngwanrọ Authconfig.
Ụdị nhazi a na-enye otu nchekwa data nchekwa data etiti nke Samba nwere ma na-enye ndị ọrụ AD ohere ịchọpụta na sava CentOS n'ofe akụrụngwa netwọkụ.
- Mepụta akụrụngwa ndekọ aha na-arụ ọrụ na Samba4 na Ubuntu
- Ntụziaka nwụnye CentOS 7.3
Kwụpụ 1: Hazie CentOS maka Samba4 AD DC
1. Tupu ịmalite ịbanye na CentOS 7 Server n'ime Samba4 DC, ịkwesịrị ijide n'aka na a na-ahazi netwọk netwọk nke ọma ka ọ bụrụ ngalaba ajụjụ site na ọrụ DNS.
Gbaa iwu adreesị IP ka ịdepụta oghere netwọkụ igwe gị wee họrọ NIC akọwapụtara nke ọma ka ị dezie site na ịnye nmtui-edit iwu megide aha interface, dị ka ens33 na ihe atụ a, dị ka egosiri n'okpuru.
# ip address # nmtui-edit ens33
2. Ozugbo e mepere interface netwọk maka edezi, gbakwunye nhazi IPv4 static kacha mma maka LAN gị wee jide n'aka na ị na-edozi adreesị IP Samba AD Domain Controllers IP maka sava DNS.
Ọzọkwa, tinye aha ngalaba gị na ngalaba ọchụchọ etinyere wee gaa na bọtịnụ OK site na iji igodo [TAB] iji tinye mgbanwe.
Ngalaba ọchụchọ a gbara akwụkwọ na-emesi obi ike na mkpebi DNS (FQDN) na-agbakwunye ngalaba ngalaba na-akpaghị aka mgbe ị na-eji naanị aha dị mkpirikpi maka ndekọ ngalaba DNS.
3. N'ikpeazụ, malitegharịa daemon netwọk ka itinye mgbanwe wee nwalee ma ọ bụrụ na ahaziri mkpebi DNS nke ọma site na ịnye usoro ping iwu megide aha ngalaba yana ndị na-ahụ maka ngalaba aha mkpirisi aha dị n'okpuru.
# systemctl restart network.service # ping -c2 tecmint.lan # ping -c2 adc1 # ping -c2 adc2
4. Ọzọkwa, hazie igwe hostname gị wee malitegharịa igwe ka itinye ntọala ahụ nke ọma site n'inye iwu ndị a.
# hostnamectl set-hostname your_hostname # init 6
Nyochaa ma ọ bụrụ na etinyere aha nnabata nke ọma site na iwu ndị dị n'okpuru.
# cat /etc/hostname # hostname
5. N'ikpeazụ, mekọrịta oge mpaghara na Samba4 AD DC site n'inye iwu ndị dị n'okpuru na ikike mgbọrọgwụ.
# yum install ntpdate # ntpdate domain.tld
Kwụpụ 2: Jikọọ CentOS 7 Server na Samba4 AD DC
6. Iji sonyere sava CentOS 7 na Samba4 Active Directory, buru ụzọ wụnye ngwugwu ndị a na igwe gị site na akaụntụ nwere ikike mgbọrọgwụ.
# yum install authconfig samba-winbind samba-client samba-winbind-clients
7. Iji jikọta ihe nkesa CentOS 7 na ngalaba nchịkwa na-agba ọsọ authconfig-tui graphical utility na mgbọrọgwụ mgbọrọgwụ ma jiri nhazi ndị dị n'okpuru dị ka akọwara n'okpuru.
# authconfig-tui
Na ihuenyo ngwa ngwa mbụ họrọ:
- Na ozi onye ọrụ:
- Jiri Winbind
- Na njirimara taabụ họrọ site na ịpị igodo [Space]:
- Jiri okwuntughe Shadow
- Jiri nyocha Winbind
- Ikike mpaghara ezuola
8. Pịa Ọzọ ka ịga n'ihu na ihuenyo Ntọala Winbind wee hazie dị ka e gosipụtara n'okpuru:
- Ụdị nchekwa: mgbasa ozi
- Ngalaba = YOU_DOMAIN (jiri nke ukwu)
- Ngalaba njikwa = ngalaba ngalaba FQDN (rịkọm kewara ma ọ bụrụ ihe karịrị otu)
- ADS Realm= YOUR_DOMAIN.TLD
- Shell template = /bin/bash
9. Iji rụọ ngalaba nbanye gaa na Jikọọ ngalaba bọtịnụ iji [taabụ] igodo wee kụọ [Tinye] igodo iji sonyere ngalaba.
Na ihuenyo ọzọ ozugbo, tinye nzere maka akaụntụ Samba4 AD nke nwere oke dị elu iji rụọ akaụntụ igwe ịbanye na AD wee pịa OK ka itinye ntọala wee mechie ngwa ngwa.
Mara na mgbe ị pịnyere okwuntughe onye ọrụ, agaghị egosi nzere ya na ihuenyo okwuntughe. Na ihuenyo nke fọdụrụ kụrụ OK ọzọ iji mechaa ntinye ngalaba maka igwe CentOS 7.
Iji manye ịgbakwunye igwe n'ime otu ngalaba nhazi Samba AD, nweta aha igwe gị kpọmkwem site na iji iwu aha nnabata wee mepụta ihe Kọmputa ọhụrụ n'ime OU ahụ nke nwere aha igwe gị.
Ụzọ kachasị mma isi tinye ihe ọhụrụ n'ime Samba4 AD bụ iji ADUC ngwá ọrụ sitere na igwe Windows etinyere n'ime ngalaba nke ejiri ngwaọrụ RSAT arụnyere na ya.
Ihe dị mkpa: Ụzọ ọzọ nke ịbanye na ngalaba bụ site na iji authconfig ahịrị iwu nke na-enye njikwa dị ukwuu na usoro ntinye.
Otú ọ dị, usoro a na-enwekarị mmejọ ime n'ọtụtụ parampat ya dị ka e gosipụtara na nchịkọta iwu dị n'okpuru. A ghaghị pịnye iwu ahụ n'ime otu ahịrị ogologo.
# authconfig --enablewinbind --enablewinbindauth --smbsecurity ads --smbworkgroup=YOUR_DOMAIN --smbrealm YOUR_DOMAIN.TLD --smbservers=adc1.yourdomain.tld --krb5realm=YOUR_DOMAIN.TLD --enablewinbindoffline --enablewinbindkrb5 --winbindtemplateshell=/bin/bash--winbindjoin=domain_admin_user --update --enablelocauthorize --savebackup=/backups
10. Mgbe ejikọtara igwe na ngalaba, chọpụta ma ọ bụrụ na ọrụ winbind na-arụ ọrụ site na ịnye iwu dị n'okpuru.
# systemctl status winbind.service
11. Mgbe ahụ, lelee ma ọ bụrụ na emepụtara ihe igwe CentOS nke ọma na Samba4 AD. Jiri ihe ndị ọrụ AD na Kọmputa si na igwe Windows arụnyere ngwaọrụ RSAT wee gaa na ngalaba Kọmputa gị. Ekwesịrị ka edepụta ihe akaụntụ kọmputa AD ọhụrụ nwere aha nkesa CentOS 7 n'ime ụgbọ elu ziri ezi.
12. N'ikpeazụ, tweak nhazi ahụ site na imepe samba isi nhazi faịlụ (/etc/samba/smb.conf) na onye na-edezi ederede ma tinye ahịrị ndị dị n'okpuru na njedebe nke ngọngọ nhazi [global] dị ka e gosipụtara n'okpuru:
winbind use default domain = true winbind offline logon = true
13. Iji mepụta ebe obibi na igwe maka akaụntụ AD na logon mbụ ha na-agba iwu n'okpuru.
# authconfig --enablemkhomedir --update
14. N'ikpeazụ, Malitegharịa ekwentị Samba daemon na-egosipụta mgbanwe na nyochaa ngalaba na-esonyere site n'ịrụ a logon na ihe nkesa na akaụntụ AD. Ekwesịrị ịmepụta ndekọ ụlọ maka akaụntụ AD na-akpaghị aka.
# systemctl restart winbind # su - domain_account
15. Depụta ngalaba ndị ọrụ ma ọ bụ ngalaba ngalaba site na ịnye otu n'ime iwu ndị a.
# wbinfo -u # wbinfo -g
16. Iji nweta ozi gbasara onye ọrụ ngalaba gbasoro iwu dị n'okpuru.
# wbinfo -i domain_user
17. Iji gosi nchịkọta ngalaba ozi inye iwu na-esonụ.
# net ads info
Kwụpụ 3: Banye na CentOS na akaụntụ Samba4 AD DC
18. Iji gosi onye ọrụ ngalaba na CentOS, jiri otu n'ime ahịrị ahịrị iwu ndị a.
# su - ‘domain\domain_user’ # su - domain\\domain_user
Ma ọ bụ jiri syntax dị n'okpuru ma ọ bụrụ na winbind jiri ngalaba ndabara = ezi paramita atọrọ na faịlụ nhazi samba.
# su - domain_user # su - [email
19. Iji tinye ihe ùgwù mgbọrọgwụ maka onye ọrụ ngalaba ma ọ bụ otu, dezie faịlụ sudoers site na iji iwu visudo ma tinye ahịrị ndị a dị ka e gosipụtara na nseta ihuenyo dị n'okpuru.
YOUR_DOMAIN\\domain_username ALL=(ALL:ALL) ALL #For domain users %YOUR_DOMAIN\\your_domain\ group ALL=(ALL:ALL) ALL #For domain groups
Ma ọ bụ jiri ihe dị n'okpuru ebe a ma ọ bụrụ na winbind jiri ngalaba ndabara = ezi paramita atọrọ na faịlụ nhazi samba.
domain_username ALL=(ALL:ALL) ALL #For domain users %your_domain\ group ALL=(ALL:ALL) ALL #For domain groups
20. Usoro iwu ndị a megide Samba4 AD DC nwekwara ike ịba uru maka ebumnuche nchọpụta nsogbu:
# wbinfo -p #Ping domain # wbinfo -n domain_account #Get the SID of a domain account # wbinfo -t #Check trust relationship
21. Ka ịhapụ ngalaba na-eme iwu na-esonụ megide aha ngalaba gị site na iji akaụntụ ngalaba nwere ikike dị elu. Mgbe ewepụchara akaụntụ igwe na AD, malitegharịa igwe ka ị tụgharịa mgbanwe tupu usoro ntinye.
# net ads leave -w DOMAIN -U domain_admin # init 6
Ọ gwụla! Agbanyeghị na usoro a gbadoro anya na isonye na sava CentOS 7 na Samba4 AD DC, otu usoro ahụ akọwara ebe a dịkwa mma maka itinye sava CentOS n'ime Microsoft Windows Server 2012 Active Directory.