Jikọta Ubuntu na Samba4 AD DC na SSSD na Realm - Nkebi 15

Nkuzi a ga-eduzi gị otu esi esonyere igwe Desktọpụ Ubuntu n'ime ngalaba ndekọ aha Samba4 Active na SSSD na ọrụ Realmd iji gosi ndị ọrụ megide akwụkwọ ndekọ aha.

1. Mepụta akụrụngwa ndekọ aha na-arụ ọrụ na Samba4 na Ubuntu

Nzọụkwụ 1: Nhazi mbụ

1. Tupu ịmalite ịbanye na Ubuntu n'ime akwụkwọ ndekọ aha, jide n'aka na ahaziri aha nnabata ahụ nke ọma. Jiri iwu hostnamectl tọọ aha igwe ma ọ bụ jiri aka dezie faịlụ /etc/hostname.

$ sudo hostnamectl set-hostname your_machine_short_hostname
$ cat /etc/hostname
$ hostnamectl

2. Na nzọụkwụ ọzọ, dezie ntọala netwọk netwọk igwe ma gbakwunye nhazi IP kwesịrị ekwesị na adreesị IP DNS ziri ezi iji rụtụ aka na Samba AD ngalaba njikwa dị ka e gosiri na nseta ihuenyo dị n'okpuru.

Ọ bụrụ na ị haziela ihe nkesa DHCP n'ụlọ gị ka ị kenye ntọala IP na-akpaghị aka maka igwe LAN gị na adreesị IP AD DNS kwesịrị ekwesị mgbe ahụ ị nwere ike ịwụ nke a wee gaa n'ihu.

Na nseta ihuenyo dị n'elu, 192.168.1.254 na 192.168.1.253 na-anọchite anya adreesị IP nke Samba4 Domain Controllers.

3. Malitegharịa ọrụ netwọk ahụ ka itinye mgbanwe ndị ahụ site na iji GUI ma ọ bụ site na ahịrị iwu wee nye usoro iwu ping megide aha ngalaba gị iji nwalee ma ọ bụrụ na mkpebi DNS na-arụ ọrụ dị ka a tụrụ anya ya. Ọzọkwa, jiri iwu nnabata iji nwalee mkpebi DNS.

$ sudo systemctl restart networking.service
$ host your_domain.tld
$ ping -c2 your_domain_name
$ ping -c2 adc1
$ ping -c2 adc2

4. N'ikpeazụ, jide n'aka na oge igwe dị na Samba4 AD. Wụnye ngwugwu ntpdate na oge mmekọrịta na AD site na ịnye iwu ndị a.

$ sudo apt-get install ntpdate
$ sudo ntpdate your_domain_name

Nzọụkwụ 2: Wụnye ngwugwu achọrọ

5. Na nzọụkwụ a, wụnye ngwanrọ dị mkpa na ihe ndabere achọrọ iji sonyere Ubuntu n'ime Samba4 AD DC: Realmd na ọrụ SSSD.

$ sudo apt install adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1 

6. Tinye aha nke ndabara na nnukwu nnukwu ma pịa igodo Tinye ka ịga n'ihu nrụnye.

7. Ọzọ, mepụta faịlụ nhazi SSD na ọdịnaya ndị a.

$ sudo nano /etc/sssd/sssd.conf

Tinye ahịrị ndị a na faịlụ sssd.conf.

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[sssd]
domains = tecmint.lan
config_file_version = 2
services = nss, pam
default_domain_suffix = TECMINT.LAN


[domain/tecmint.lan]
ad_domain = tecmint.lan
krb5_realm = TECMINT.LAN
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = ad

auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600

Gbaa mbọ hụ na ị dochie ngalaba aha na paramita ndị a otu a:

domains = tecmint.lan
default_domain_suffix = TECMINT.LAN
[domain/tecmint.lan]
ad_domain = tecmint.lan
krb5_realm = TECMINT.LAN

8. Ọzọ, tinye ikike kwesịrị ekwesị maka faịlụ SSSD site n'inye iwu dị n'okpuru:

$ sudo chmod 700 /etc/sssd/sssd.conf

9. Ugbu a, mepee ma dezie faịlụ nhazi Realmd ma tinye ahịrị ndị a.

$ sudo nano /etc/realmd.conf

Ezipụta faịlụ Realmd.conf:

[active-directory]
os-name = Linux Ubuntu
os-version = 17.04

[service]
automatic-install = yes

 [users]
default-home = /home/%d/%u
default-shell = /bin/bash

[tecmint.lan]
user-principal = yes
fully-qualified-names = no

10. Faịlụ ikpeazụ ịchọrọ ịgbanwe bụ nke Samba daemon. Mepee faịlụ /etc/samba/smb.conf maka idezi ma tinye ngọngọ koodu na mmalite nke faịlụ ahụ, mgbe ngalaba [ụwa] dị ka egosiri na foto dị n'okpuru.

 workgroup = TECMINT
   client signing = yes
   client use spnego = yes
   kerberos method = secrets and keytab
   realm = TECMINT.LAN
   security = ads

Jide n'aka na ị na-edochi uru aha ngalaba ahụ, karịsịa uru mpaghara iji kwekọọ na ngalaba aha gị wee mee iwu testparm iji lelee ma faịlụ nhazi ahụ enweghị njehie.

$ sudo testparm

11. Mgbe ịmechara mgbanwe niile achọrọ, nwalee nyocha Kerberos site na iji akaụntụ nchịkwa AD wee depụta tiketi site na ịnye iwu ndị a.

$ sudo kinit [email 
$ sudo klist

Kwụpụ 3: Jikọọ Ubuntu na Samba4 Realm

12. Iji sonyere igwe Ubuntu na mbipụta Samba4 Active Directory na-eso usoro iwu dị ka e gosipụtara n'okpuru. Jiri aha akaụntụ AD DC nwere ikike onye nchịkwa ka njikọ ahụ wee rụọ ọrụ dịka a tụrụ anya ma dochie uru ngalaba aha ya.

$ sudo realm discover -v DOMAIN.TLD
$ sudo realm list
$ sudo realm join TECMINT.LAN -U ad_admin_user -v
$ sudo net ads join -k

13. Mgbe ngalaba ngalaba ahụ mechara, mee iwu dị n'okpuru iji jide n'aka na anabatara akaụntụ ngalaba niile iji nyochaa igwe.

$ sudo realm permit --all

Mgbe nke ahụ gasịrị, ị nwere ike ịhapụ ma ọ bụ gọnarị ohere maka akaụntụ onye ọrụ ngalaba ma ọ bụ otu na-eji iwu obodo dị ka egosiri na ọmụmaatụ n'okpuru.

$ sudo realm deny -a
$ realm permit --groups ‘domain.tld\Linux Admins’
$ realm permit [email 
$ realm permit DOMAIN\\User2

14. Site na igwe Windows nwere ngwaọrụ RSAT arụnyere, ị nwere ike mepee AD UC wee gaa na akpa Kọmputa wee lelee ma emepụtala akaụntụ ihe nwere aha igwe gị.

Kwụpụ 4: Hazie nkwenye akaụntụ AD

15. Iji nyochaa na igwe Ubuntu na akaụntụ ngalaba, ịkwesịrị ịme iwu pam-auth-update na ikike mgbọrọgwụ ma mee ka profaịlụ PAM niile gụnyere nhọrọ iji mepụta akwụkwọ ndekọ ụlọ na-akpaghị aka maka akaụntụ ngalaba ọ bụla na nbanye mbụ.

Lelee ndenye niile site na ịpị igodo [space] wee pịa OK ka itinye nhazi.

$ sudo pam-auth-update

16. Na sistemu eji aka dezie /etc/pam.d/common-account faịlụ na ahịrị na-esonụ iji mepụta ụlọ na-akpaghị aka maka ndị ọrụ ngalaba.

session    required    pam_mkhomedir.so    skel=/etc/skel/    umask=0022

17. Ọ bụrụ na ndị ọrụ Directory Active enweghị ike ịgbanwe paswọọdụ ha site na ahịrị iwu na Linux, mepee /etc/pam.d/common-password faịlụ wee wepụ okwu use_authtok site na ahịrị okwuntughe ka emesịa dị ka nke dị n'okpuru ebe a.

password       [success=1 default=ignore]      pam_winbind.so try_first_pass

18. N'ikpeazụ, malitegharịa ma mee ka ọrụ Realmd na SSSD tinye mgbanwe site n'inye iwu ndị a:

$ sudo systemctl restart realmd sssd
$ sudo systemctl enable realmd sssd

19. Iji nwalee ma ọ bụrụ na ejikọtara igwe Ubuntu nke ọma ka ọ rụọ ọrụ na-agba ọsọ wụnye ngwugwu winbind ma mee iwu wbinfo iji depụta akaụntụ ngalaba na otu dị ka e gosipụtara n'okpuru.

$ sudo apt-get install winbind
$ wbinfo -u
$ wbinfo -g

20. Ọzọkwa, lelee Winbind nsswitch modul site n'inye iwu getent megide otu onye ọrụ ma ọ bụ otu ngalaba.

$ sudo getent passwd your_domain_user
$ sudo getent group ‘domain admins’

21. I nwekwara ike iji Linux id iwu nweta ozi gbasara akaụntụ AD dị ka e gosiri na n'okpuru iwu.

$ id tecmint_user

22. Iji nyochaa na Ubuntu host na Samba4 AD akaụntụ jiri ngalaba aha njirimara parameter after su - Command. Gbaa iwu id iji nweta ozi ndị ọzọ gbasara akaụntụ AD.

$ su - your_ad_user

Jiri pwd iwu ịhụ onye ọrụ ngalaba gị ndekọ ndekọ aha ugbu a na iwu passwd ma ọ bụrụ na ị chọrọ ịgbanwe paswọọdụ.

23. Iji jiri akaụntụ ngalaba nwere ikike mgbọrọgwụ na igwe Ubuntu gị, ịkwesịrị ịgbakwunye aha njirimara AD na otu sudo system site n'inye iwu dị n'okpuru:

$ sudo usermod -aG sudo [email 

Jiri akaụntụ ngalaba wee banye na Ubuntu wee melite sistemụ gị site na iji iwu mmelite dabara adaba iji lelee ikike mgbọrọgwụ.

24. Iji tinye ihe ùgwù mgbọrọgwụ maka ngalaba ngalaba, mepee njedebe edit /etc/sudoers faịlụ site na iji iwu visudo ma gbakwunye akara na-esonụ dị ka e gosipụtara.

%domain\ [email        		 ALL=(ALL:ALL) ALL

25. Iji jiri njirimara akaụntụ ngalaba maka Ubuntu Desktop gbanwee njikwa ngosi LightDM site na edezi /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf faịlụ, tinye ahịrị abụọ ndị a wee malite ọrụ lightdm ma ọ bụ malitegharịa igwe tinye. mgbanwe.

greeter-show-manual-login=true
greeter-hide-users=true

Jiri akaụntụ ngalaba banye na Desktọpụ Ubuntu site na iji ma your_domain_username ma ọ bụ [email echebe]_domain.tld syntax.

26. Iji jiri ụdị aha dị mkpirikpi maka akaụntụ Samba AD, dezie faịlụ /etc/sssd/sssd.conf, tinye akara na-esonụ na ngọngọ [sssd] dị ka e gosiri n'okpuru.

full_name_format = %1$s

ma malitegharịa SSD daemon iji tinye mgbanwe.

$ sudo systemctl restart sssd

Ị ga-achọpụta na ngwa ngwa bash ga-agbanwe na aha dị mkpirikpi nke onye ọrụ AD na-etinyeghị ngalaba aha ngalaba.

27. Ọ bụrụ na ịnweghị ike ịbanye n'ihi enumerate=ezigbo arụmụka edobere na sssd.conf ị ga-ekpochapụ sssd cached database site n'inye iwu dị n'okpuru:

$ rm /var/lib/sss/db/cache_tecmint.lan.ldb

Ọ gwụla! Agbanyeghi na ntuziaka a gbadoro anya na ntinye aka na Samba4 Active Directory, enwere ike itinye otu usoro ahụ iji jikọta Ubuntu na ọrụ Realmd na SSSD na Microsoft Windows Server Active Directory.