Ƙirƙiri Kayan Aikin Gida mai Aiki tare da Samba4 akan Ubuntu - Kashi na 1

Samba software ce ta Bude tushen kyauta wacce ke ba da daidaitaccen aiki tsakanin Windows OS da Linux/Unix Operating Systems.

Samba na iya aiki azaman fayil ɗin kadaici da bugu uwar garken don abokan ciniki na Windows da Linux ta hanyar SMB/CIFS protocol suite ko kuma yana iya aiki azaman Mai Gudanar da Domain Directory Active Directory ko shiga cikin Mulki a matsayin Memba na Domain. Mafi girman yankin AD DC da matakin daji wanda a halin yanzu Samba4 zai iya yin koyi shine Windows 2008 R2.

Za a yi wa jerin lakabin Saitin Samba4 Active Directory Domain Controller, wanda ya shafi batutuwa masu zuwa na Ubuntu, CentOS, da Windows:

Wannan koyawa za ta fara ne da bayyana duk matakan da kuke buƙatar ɗauka don shigarwa da kuma daidaita Samba4 a matsayin Mai Gudanar da Domain akan Ubuntu 16.04 da Ubuntu 14.04.

Wannan saitin zai samar da wurin gudanarwa na tsakiya don masu amfani, inji, hannun jari, izini da sauran albarkatu a cikin haɗin gwiwar Windows - kayan aikin Linux.

1. Ubuntu 16.04 Sabar Sabar.
2. Ubuntu 14.04 Sabar Sabar.
3. Adireshin IP na tsaye wanda aka saita don uwar garken AD DC ɗin ku.

Mataki 1: Kanfigareshan Farko don Samba4

1. Kafin a ci gaba da shigarwa na Samba4 AD DC da farko bari mu gudanar da wasu matakan da aka riga aka buƙata. Da farko tabbatar cewa tsarin ya sabunta tare da fasali na tsaro na ƙarshe, kernels da fakiti ta hanyar ba da umarnin da ke ƙasa:

$ sudo apt-get update 
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade

2. Na gaba, buɗe na'ura/sauransu/fstab fayil kuma tabbatar da cewa tsarin fayil ɗin ɓangarorinku yana kunna ACLs kamar yadda aka kwatanta a hoton da ke ƙasa.

Yawancin lokaci, tsarin fayilolin Linux na zamani na yau da kullun kamar ext3, ext4, xfs ko btrfs suna goyan bayan kuma suna da ACLs ta tsohuwa. Idan ba haka lamarin yake ba tare da tsarin fayil ɗin ku kawai buɗe /etc/fstab fayil don gyarawa kuma ƙara acl kirtani a ƙarshen shafi na uku kuma sake kunna injin don aiwatar da canje-canje.

3. A ƙarshe saitin sunan mai masaukin injin ku tare da suna mai bayyanawa, kamar adc1 da aka yi amfani da shi a cikin wannan misalin, ta hanyar gyara /etc/hostname file ko ta hanyar bayarwa.

$ sudo hostnamectl set-hostname adc1

Sake yi ya zama dole bayan kun canza sunan injin ku don aiwatar da canje-canje.

Mataki 2: Shigar da Fakitin da ake buƙata don Samba4 AD DC

4. Domin canza uwar garken ku zuwa Mai Kula da Domain Directory Active, shigar da Samba da duk fakitin da ake buƙata akan injin ku ta hanyar ba da umarnin da ke ƙasa tare da tushen gata a cikin na'ura wasan bidiyo.

$ sudo apt-get install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind

5. Yayin da shigarwa ke gudana jerin tambayoyi za a yi ta mai sakawa don saita mai sarrafa yanki.

A allon farko kuna buƙatar ƙara suna don tsohowar Kerberos REALM a cikin babban harafi. Shigar da sunan da za ku yi amfani da shi don yankinku a cikin manyan haruffa kuma danna Shigar don ci gaba..

6. Na gaba, shigar da sunan mai masaukin uwar garken Kerberos don yankinku. Yi amfani da suna iri ɗaya da na yankinku, tare da ƙananan haruffa wannan lokacin kuma danna Shigar don ci gaba.

7. A ƙarshe, saka sunan mai masauki don uwar garken gudanarwa na yankin ku na Kerberos. Yi amfani da iri ɗaya da yankinku kuma danna Shigar don gama shigarwa.

Mataki 3: Samar da Samba AD DC don Yankin ku

8. Kafin fara saita Samba don yankinku, fara aiwatar da umarnin da ke ƙasa don tsayawa da kashe duk samba daemons.

$ sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service
$ sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service

9. Na gaba, sake suna ko cire samba na asali na asali. Ana buƙatar wannan matakin gaba ɗaya kafin samar da Samba AD domin a lokacin samarwa Samba zai ƙirƙiri sabon fayil ɗin daidaitawa daga karce kuma zai jefa wasu kurakurai idan ya sami tsohon fayil na smb.conf.

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.initial

10. Yanzu, fara samar da yanki ta hanyar sadarwa ta hanyar ba da umarnin da ke ƙasa tare da tushen gata kuma karɓi tsoffin zaɓuɓɓukan da Samba ke ba ku.

Hakanan, tabbatar cewa kun samar da adireshin IP don mai tura DNS a wuraren ku (ko na waje) kuma zaɓi kalmar sirri mai ƙarfi don asusun Gudanarwa. Idan ka zaɓi kalmar sirri ta mako guda don asusun Gudanarwa tanadin yankin zai gaza.

$ sudo samba-tool domain provision --use-rfc2307 --interactive

11. A ƙarshe, sake suna ko cire babban fayil ɗin Kerberos daga/sauransu directory kuma musanya shi ta amfani da symlink tare da sabon fayil ɗin Kerberos Samba wanda ke cikin /var/lib/samba/hanyar sirri ta hanyar ba da umarnin da ke ƙasa:

$ sudo mv /etc/krb5.conf /etc/krb5.conf.initial
$ sudo ln -s /var/lib/samba/private/krb5.conf /etc/

12. Fara kuma kunna Samba Active Directory Domain Controller daemons.

$ sudo systemctl start samba-ad-dc.service
$ sudo systemctl status samba-ad-dc.service
$ sudo systemctl enable samba-ad-dc.service

13. Na gaba, yi amfani da umarnin netstat don tabbatar da jerin duk ayyukan da Active Directory ke buƙata don yin aiki da kyau.

$ sudo netstat –tulpn| egrep ‘smbd|samba’

Mataki na 4: Kanfigareshan Samba na ƙarshe

14. A wannan lokacin Samba ya kamata ya kasance cikakke aiki a harabar ku. Mafi girman matakin yanki Samba yana kwaikwayon ya kamata ya zama Windows AD DC 2008 R2.

Ana iya tabbatar da shi tare da taimakon kayan aikin samba-kayan aiki.

$ sudo samba-tool domain level show

15. Domin ƙudurin DNS ya yi aiki a cikin gida, kuna buƙatar buɗe ƙarshen gyare-gyaren saitunan cibiyar sadarwa da nuna ƙudurin DNS ta hanyar gyara bayanin dns-nameservers zuwa Adireshin IP na Mai sarrafa Domain ku (amfani da 127.0.0.1 don ƙudurin DNS na gida) kuma bayanin dns-search don nuna mulkin ku.

$ sudo cat /etc/network/interfaces
$ sudo cat /etc/resolv.conf

Lokacin da aka gama, sake kunna sabar ɗin ku kuma duba fayil ɗin mai warwarewa don tabbatar da cewa yana komawa zuwa sabar sunan DNS daidai.

16. A ƙarshe, gwada mai warwarewar DNS ta hanyar ba da tambayoyi da pings akan wasu mahimman bayanai na AD DC, kamar yadda a cikin bayanan da ke ƙasa. Sauya sunan yankin daidai.

$ ping -c3 tecmint.lan         #Domain Name
$ ping -c3 adc1.tecmint.lan   #FQDN
$ ping -c3 adc1               #Host

Gudu bin ƴan tambayoyi akan Samba Active Directory Domain Controller..

$ host -t A tecmint.lan
$ host -t A adc1.tecmint.lan
$ host -t SRV _kerberos._udp.tecmint.lan  # UDP Kerberos SRV record
$ host -t SRV _ldap._tcp.tecmint.lan # TCP LDAP SRV record

17. Har ila yau, tabbatar da amincin Kerberos ta hanyar neman tikitin asusun mai gudanarwa na yanki kuma jera tikitin da aka adana. Rubuta yankin sunan yankin tare da babban harafi.

$ kinit [email 
$ klist

Shi ke nan! Yanzu kuna da cikakken Mai sarrafa Domain AD wanda aka shigar a cikin hanyar sadarwar ku kuma zaku iya fara haɗa injin Windows ko Linux cikin Samba AD.

A jerin na gaba za mu rufe wasu batutuwan Samba AD, kamar yadda ake sarrafa ku ne mai sarrafa yanki daga layin umarni na Samba, yadda ake haɗawa Windows 10 cikin sunan yankin da sarrafa Samba AD daga nesa ta amfani da RSAT da sauran muhimman batutuwa.