Sarrafa Samba4 AD Domain Controller DNS da Policy Group from Windows - Part 4

Ci gaba da koyaswar da ta gabata game da yadda ake gudanar da Samba4 daga Windows 10 ta hanyar RSAT, a cikin wannan bangare za mu ga yadda ake sarrafa sabar sabar Domain na Samba AD daga nesa daga Manajan DNS na Microsoft, yadda ake ƙirƙirar bayanan DNS, yadda ake ƙirƙirar Binciken Reverse. Yanki da yadda ake ƙirƙirar manufofin yanki ta hanyar kayan aikin Gudanar da Manufofin Ƙungiya.

1. Ƙirƙiri Kayan Aikin AD tare da Samba4 akan Ubuntu 16.04 - Kashi na 1
2. Sarrafa Samba4 AD Kayayyakin Kaya daga Layin Umurnin Linux - Kashi na 2
3. Sarrafa Samba4 Active Directory Infrastructure daga Windows10 ta hanyar RSAT – Sashe na 3

Mataki 1: Sarrafa Samba DNS Server

Samba4 AD DC yana amfani da na'ura mai warwarewar DNS na ciki wanda aka ƙirƙira yayin tanadin yanki na farko (idan ba a yi amfani da tsarin BIND9 DLZ musamman ba).

Samba4 na ciki na DNS yana goyan bayan ainihin fasalulluka da ake buƙata don Mai Kula da Domain AD. Za a iya sarrafa uwar garken yankin DNS ta hanyoyi biyu, kai tsaye daga layin umarni ta hanyar samba-tool interface ko daga nesa daga wurin aiki na Microsoft wanda wani yanki ne na yankin ta hanyar RSAT DNS Manager.

A nan, za mu rufe hanya ta biyu saboda ta fi hankali kuma ba ta dace da kurakurai ba.

1. Don gudanar da sabis na DNS don mai sarrafa yankinku ta hanyar RSAT, je zuwa injin Windows ɗin ku, buɗe Control Panel -> System and Security -> Kayan Gudanarwa kuma gudanar da utilities Manager DNS.

Da zarar kayan aiki ya buɗe, zai tambaye ku akan menene uwar garken DNS da kuke son haɗawa. Zaɓi Kwamfuta mai zuwa, rubuta sunan yankinku a cikin filin (ko Adireshin IP ko FQDN kuma za a iya amfani da shi), duba akwatin da ke cewa 'Haɗa zuwa takamaiman kwamfutar yanzu' kuma danna Ok don buɗe sabis na DNS na Samba.

2. Domin ƙara rikodin DNS (misali za mu ƙara rikodin A wanda zai nuna zuwa gateway na LAN), kewaya zuwa yankin Neman Gaba, danna dama akan jirgin da ya dace kuma zaɓi. Sabon Mai watsa shiri (A ko AAA).

3. A kan Sabuwar rundunar bude taga, rubuta sunan da IP Address na DNS albarkatun. Za a rubuta muku FQDN ta atomatik ta mai amfani na DNS. Lokacin da aka gama, danna maɓallin Ƙara Mai watsa shiri kuma taga mai tasowa zai sanar da ku cewa an yi nasarar ƙirƙirar rikodin DNS ɗin ku.

Tabbatar kun ƙara bayanan DNS A kawai don waɗancan albarkatun da ke cikin hanyar sadarwar ku da aka saita tare da adiresoshin IP na tsaye. Kar a ƙara bayanan DNS don runduna waɗanda aka saita don siyan saitunan cibiyar sadarwa daga sabar DHCP ko Adireshin IP ɗin su suna canzawa sau da yawa.

Don sabunta rikodin DNS kawai danna shi sau biyu kuma rubuta gyare-gyarenku. Don share rikodin dama danna kan rikodin kuma zaɓi sharewa daga menu.

Hakanan zaka iya ƙara wasu nau'ikan bayanan DNS don yankinku, kamar CNAME (wanda kuma aka sani da rikodin sunan DNS) MX records (mai amfani sosai ga sabar saƙon imel) ko wasu nau'ikan rikodin (SPF, TXT, SRV da sauransu).

Mataki 2: Ƙirƙiri Yankin Neman Juya

Ta hanyar tsoho, Samba4 Ad DC ba ya ƙara yankin dubawa ta atomatik da bayanan PTR don yankin ku saboda waɗannan nau'ikan bayanan ba su da mahimmanci ga mai sarrafa yanki ya yi aiki daidai.

Madadin haka, yankin juzu'i na DNS da bayanansa na PTR suna da mahimmanci ga ayyukan wasu mahimman ayyukan cibiyar sadarwa, kamar sabis na imel saboda ana iya amfani da waɗannan nau'ikan bayanan don tabbatar da asalin abokan ciniki da ke neman sabis.

A zahiri, bayanan PTR kawai akasin daidaitattun bayanan DNS ne. Abokan ciniki sun san adireshin IP na wata hanya kuma suna tambayar uwar garken DNS don gano sunan DNS ɗin su mai rijista.

4. Domin ƙirƙirar yankin bincike na baya don Samba AD DC, buɗe Manajan DNS, danna dama akan Reverse Lookup Zone daga jirgin hagu kuma zaɓi New Zone daga menu.

5. Na gaba, danna Next button kuma zaɓi Primary zone daga Zone Type Wizard.

6. Na gaba, zaɓi Zuwa duk sabobin DNS da ke gudana akan masu kula da yanki a cikin wannan yanki daga Matsakaicin Juyin Juya Halin AD, zaɓi IPV4 Reverse Lookup Zone kuma danna Next don ci gaba.

7. Na gaba, rubuta adireshin cibiyar sadarwar IP don LAN ɗin ku a cikin ID ɗin hanyar sadarwa da aka shigar kuma danna Next don ci gaba.

Duk bayanan PTR da aka ƙara a wannan yanki don albarkatun ku za su koma baya ne kawai zuwa sashin cibiyar sadarwa na 192.168.1.0/24. Idan kana son ƙirƙirar rikodin PTR don uwar garken da ba ya zama a cikin wannan sashin cibiyar sadarwa (misali sabar saƙon da ke cikin cibiyar sadarwar 10.0.0.0/24), to kuna buƙatar ƙirƙirar sabon yankin bincike na baya don hakan. sashin cibiyar sadarwa kuma.

8. A na gaba allo zabi zuwa Bada kawai m tsauri updates, buga gaba don ci gaba da, a karshe buga a kan gama don kammala yankin halitta.

9. A wannan lokacin kuna da ingantaccen yankin bincike na baya na DNS wanda aka saita don yankinku. Domin ƙara rikodin PTR a cikin wannan yanki, danna dama akan jirgin da ya dace kuma zaɓi ƙirƙirar rikodin PTR don albarkatun cibiyar sadarwa.

A wannan yanayin, mun ƙirƙiri mai nuni ga ƙofar mu. Don gwada idan an ƙara rikodin da kyau kuma yana aiki kamar yadda ake tsammani daga ra'ayi na abokin ciniki, buɗe Umurnin Umurni kuma ku fitar da tambayar nslookup akan sunan albarkatun da wata tambaya ta Adireshin IP ɗin sa.

Duk tambayoyin biyu yakamata su dawo da amsar daidai don albarkatun DNS ɗin ku.

nslookup gate.tecmint.lan
nslookup 192.168.1.1
ping gate

Mataki 3: Gudanar da manufofin Rukunin yanki

10. Wani muhimmin al'amari na mai kula da yanki shine ikonsa na sarrafa albarkatun tsarin da tsaro daga tsakiya guda ɗaya. Ana iya samun irin wannan nau'in aiki cikin sauƙi a cikin mai sarrafa yanki tare da taimakon Manufofin Ƙungiya na Domain.

Abin takaici, hanya ɗaya tilo don gyara ko sarrafa manufofin ƙungiya a cikin mai sarrafa yanki na samba ita ce ta RSAT GPM console wanda Microsoft ke bayarwa.

A cikin misalin da ke ƙasa za mu ga yadda sauƙi zai iya zama don sarrafa manufofin rukuni don yankin samba don ƙirƙirar banner na tambari mai ma'amala ga masu amfani da yankin mu.

Domin samun damar na'ura mai ba da hanya tsakanin hanyoyin sadarwa, je zuwa Sarrafa Panel -> Tsari da Tsaro -> Kayan aikin Gudanarwa kuma buɗe na'ura mai ba da hanya tsakanin hanyoyin sadarwa.

Fadada filayen don yankinku kuma danna dama akan Manufofin Domain Default. Zaɓi Shirya daga menu kuma zai bayyana sabon windows.

11. Akan Tagar Editan Gudanar da Manufofin Rukuni je zuwa Kan Kanfigareshan Kwamfuta -> Manufofin -> Saitunan Windows -> Saitunan Tsaro -> Manufofin gida -> Zaɓuɓɓukan Tsaro kuma sabon jerin zaɓuɓɓuka yakamata su bayyana a cikin jirgin da ya dace.

A cikin madaidaicin jirgin sama bincika kuma shirya tare da saitunanku na al'ada bin shigarwar guda biyu da aka gabatar akan hoton allo na ƙasa.

12. Bayan kammala editin shigarwar guda biyu, rufe dukkan windows, buɗe umarni mai girma da kuma tilasta tsarin rukuni don yin amfani da injin ku ta hanyar ba da umarnin da ke ƙasa:

gpupdate /force

13. A ƙarshe, sake kunna kwamfutarka kuma za ku ga banner na logon yana aiki lokacin da kuke ƙoƙarin yin logon.

Shi ke nan! Manufar Rukuni abu ne mai sarƙaƙiya da mahimmanci kuma yakamata a kula dashi tare da matsakaicin kulawa ta masu gudanar da tsarin. Hakanan, ku sani cewa saitunan manufofin rukuni ba za su yi amfani da kowace hanya ba ga tsarin Linux da aka haɗa cikin daula.