Haɗa CentOS 7 Desktop zuwa Zentyal PDC (Mai Kula da Yankin Farko) - Kashi na 14


Wannan koyaswar za ta jagorance ku kan yadda zaku iya haɗa CentOS 7 Desktop zuwa Zentyal 3.4 Mai Kula da Domain Primary kuma ku amfana da madaidaicin wurin tantancewa guda ɗaya ga duk masu amfani da ku a duk faɗin hanyoyin sadarwar ku. tare da taimakon Samba fakitin haɗin gwiwar Windows - wanda ya haɗa da nmbd - NetBios akan sabis na IP da Winbind - amincin sabis ta hanyar samfuran PAM, Kerberos abokin ciniki tsarin cibiyar sadarwa da sigar hoto na Authconfig kunshin da aka samar daga ma'ajin CentOS na hukuma.

  1. Shigar kuma Sanya Zentyal azaman PDC (Mai Kula da Yanki na Farko)
  2. Tsarin Shigar da Desktop na CentOS 7

Lura: Sunan yankin \mydomain.com da aka yi amfani da shi akan wannan koyawa (ko wasu labaran linux-console.net) almara ne kuma yana zaune ne kawai akan saitin gida na cibiyar sadarwa mai zaman kansa - duk wani kama da sunan yanki na gaskiya shine. tsantsar daidaituwa.

Mataki 1: Sanya hanyar sadarwa don isa Zentyal PDC

1. Kafin fara shigarwa da daidaita ayyukan da ake buƙata don shiga CentOS 7 Desktop zuwa PDC Active kuna buƙatar tabbatar da cewa hanyar sadarwar ku zata iya isa kuma sami amsa daga Zentyal PDC ko Windows Active Directory DNS uwar garken.

A mataki na farko je zuwa CentOS Network Settings, kashe mahaɗin ku Wired Connections, ƙara DNS IPs masu nuni zuwa ga Zentyal PDCko Windows AD sabobin DNS, Aiwatar da saitunan kuma kunna Katin Wired na cibiyar sadarwa. Tabbatar kun yi duk saitunan kamar yadda aka gabatar akan hotunan kariyar kwamfuta na ƙasa.

2. Idan cibiyar sadarwar ku tana da uwar garken DNS guda ɗaya kawai wanda ke warware PDC ɗin ku, kuna buƙatar tabbatar da cewa wannan IP shine farkon daga jerin sabobin DNS ɗin ku. Hakanan buɗe fayil ɗin resolv.conf da ke cikin /da sauransu directory tare da izinin gyara tushen sai a saka layi mai zuwa a ƙasa, bayan jerin server.

search your_domain.tld

3. Bayan kun saita haɗin yanar gizon CentOS 7, ba da umarni ping akan PDC FQDN ɗin ku kuma tabbatar ya amsa daidai da adireshin IP ɗin sa.

# ping pdc_FQDN

4. A mataki na gaba, saita na'ura hostname a matsayin cikakken Sunan Domain da Ya cancanta (amfani da sunan da ba a saba ba don tsarin ku kuma saka sunan yankinku bayan digo na farko) sannan ku tabbatar da shi ta hanyar ba da umarni masu zuwa. tare da tushen gata.

# hostnamectl set-hostname hostname.domain.tld
# cat /etc/hostname
# hostname

Sunan mai masaukin tsarin hagu wanda aka saita akan wannan matakin, shine sunan da zai bayyana akan Zentyal PDC ko Windows AD akan sunayen Kwamfutoci.

5. Mataki na ƙarshe da za ku buƙaci aiwatarwa kafin shigar da buƙatun da ake buƙata don shiga PDC shine tabbatar da cewa lokacin tsarin ku yana aiki tare da Zentyal PDC. Gudun umarni mai zuwa tare da tushen gata akan yankin ku don daidaita lokaci tare da sabar.

$ sudo ntpdate -ud domain.tld

Mataki 2: Shigar da Samba, Kerberos da Authconfig-gtk kuma Sanya Abokin Ciniki na Kerberos

6. Duk fakitin da aka ambata a sama ana kiyaye su kuma suna bayarwa ta wurin ma'ajiyar CentOS, don haka babu buƙatar ƙara ƙarin ajiya kamar Epel, Elrepo ko wasu.

Samba da Winbind suna ba da kayan aikin da ake buƙata waɗanda ke ba wa CentOS 7 damar haɗawa da zama memba tare da cikakken haƙƙi akan Kayan Aiki na PDC na Zentyal ko Sabar Windows AD. Ba da umarni mai zuwa don shigar da fakitin Samba da Winbind.

$ sudo yum install samba samba-winbind

7. Na gaba shigar da Kerberos Workstation Client, wanda ke ba da ingantacciyar hanyar sadarwa ta hanyar sadarwa mai ƙarfi dangane da Cibiyar Rarraba Maɓalli (KDC) wanda duk tsarin hanyar sadarwa ke amincewa, ta hanyar ba da umarni mai zuwa. .

$ sudo yum install krb5-workstation

8. Kunshin ƙarshe da kuke buƙatar shigar shine Authconfig-gtk, wanda ke samar da Interface mai hoto wanda ke sarrafa fayilolin Samba don tantancewa zuwa Primary Domain Controller. Yi amfani da umarni mai zuwa don shigar da wannan kayan aikin.

$ sudo yum install authconfig-gtk

9. Bayan an shigar da duk fakitin da ake buƙata kuna buƙatar yin wasu canje-canje zuwa Kerberos Client babban fayil ɗin sanyi. Bude /etc/krb5.conf fayil tare da editan rubutu da kuka fi so ta amfani da asusu tare da tushen gata da
gyara layin masu zuwa.

# nano /etc/krb5.conf

Anan ka tabbata ka maye gurbin wannan layin daidai - Yi amfani da manyan haruffa, ɗigo da sarari kamar yadda aka ba da shawara a cikin wannan misalan.

[libdefaults]
default_realm = YOUR_DOMAIN.TLD

[realms]
YOUR_DOMAIN.TLD = {
kdc = your_pdc_server_fqdn
}

[domain_realm]
.your_domain.tld = YOUR_DOMAIN.TLD
your_domain.tld = YOUR_DOMAIN.TLD

Mataki 3: Haɗa CentOS 7 zuwa Zentyal PDC

10. Bayan kun yi duk saitunan da ke sama da tsarin ku ya kamata ku kasance a shirye don zama cikakken memba na Zentyal PDC. Bude kunshin Authconfig-gtk tare da tushen gata kuma ku yi gyare-gyare masu zuwa kamar yadda aka gabatar anan.

$ sudo authconfig-gtk

  1. Dabarun Asusu na Mai amfani = zaɓi Winbind
  2. Winbind Domain = rubuta sunan YOUR_DOMAIN
  3. Tsarin Tsaro = zaɓi ADS
  4. Winbind ADS Realm = rubuta sunan YOUR_DOMAIN
  5. Masu kula da yanki = rubuta Zentyal PDC FQDN
  6. naku
  7. Template Shell = zaɓi /bin/bash
  8. Ba da izinin shiga layi = aka duba

  1. Zaɓuɓɓukan Tabbatarwa na Gida = duba Kaddamar da tallafin karatun karatun yatsa
  2. Sauran Zaɓuɓɓukan Tabbatarwa = duba Ƙirƙiri kundayen adireshi a farkon shiga

11. Yanzu, bayan gyara Authentication Configuration shafuka tare da ƙimar da ake buƙata kar a rufe taga kuma koma zuwa Identity & Authentication tab. Danna maballin Haɗa Domain da Ajiye da sauri Alert don ci gaba gaba.

12. Idan an yi nasarar adana tsarin tsarin ku, tsarin ku zai tuntuɓi PDC kuma wani sabon faɗakarwa zai bayyana yana buƙatar ku shigar da bayanan mai gudanarwa na yanki domin shiga yankin.

Shigar da mai amfani da sunan yankin ku da kalmar wucewa, danna maballin Ok don rufe hanzarin sannan, sannan, danna maballin Aiwatar don aiwatar da tsari na ƙarshe.

Idan an yi amfani da canje-canje cikin nasara, sai taga Authentication Configuration yakamata a rufe sannan saƙo ya bayyana akan Terminal wanda zai sanar da kai cewa an haɗa kwamfutarka cikin yankinka.

13. Domin tabbatarwa, idan an ƙara tsarin ku zuwa Zentyal PDC, shiga Zentyal Web Administrative Tool, je zuwa Masu amfani da Kwamfuta -> Sarrafa menu kuma duba idan Sunan mai masaukin injin ku yana bayyana a jerin Computer.

Mataki 4: Shiga CentOS 7 tare da Masu amfani da PDC

14. A wannan lokacin duk masu amfani da aka jera a cikin kayan aikin Zentyal PDC ya kamata yanzu su sami damar yin shiga cikin injin ku na CentOS daga Terminal na gida ko na nesa ko ta amfani da allon Shiga na farko. Don shiga daga Console ko Terminal tare da mai amfani da PDC yi amfani da tsarin haɗin gwiwa.

$ su - your_domain.tld\\pdc_user

15. Tsoffin $HOME ga duk masu amfani da PDC shine /gida/YOUR_DOMAIN/pdc_user.

16. Domin yin shigar GUI fita zuwa babban CentOS 7 Allon shiga, danna mahaɗin Ba a lissafta?, ba da mai amfani da PDC da kalmar wucewa ta hanyar your_domain\pdc_userkuma yakamata ku iya shiga cikin injin ku azaman mai amfani da PDC.

Mataki 5: Kunna Tsarin Haɗin PDC-Faɗi

17. Don isa kai tsaye da tabbatarwa zuwa Zentyal PDC bayan kowane tsarin sake kunnawa kuna buƙatar kunna Samba da Winbind daemons a faɗin tsarin ta hanyar ba da umarni masu zuwa tare da tushen gata.

# systemctl enable smb
# systemctl enable nmb
# systemctl enable winbind

Wannan ke nan, yana ɗaukar injin ku ya zama memba Zentyal PDC. Kodayake an fi mayar da hankali kan wannan hanyar don haɗa CentOS 7 zuwa Zentyal PDC, ana kuma buƙatar aiwatar da matakan guda ɗaya don amfani da amincin Active Directory na Windows Server da haɗewar yanki. .