Ƙirƙirar Littafi Mai-Tsarki akan Samba AD DC da Taswira zuwa Abokan Ciniki na Windows/Linux - Kashi na 7


Wannan koyawa za ta jagorance ku kan yadda ake ƙirƙirar kundin adireshi akan tsarin Samba AD DC, taswirar wannan Rarraba Ƙarar ga abokan cinikin Windows da aka haɗa cikin yankin ta hanyar GPO da sarrafa izinin raba daga hangen nesa mai kula da yankin Windows.

Hakanan zai rufe yadda ake samun dama da hawan raba fayil daga injin Linux da aka yi rajista cikin yanki ta amfani da asusun yankin Samba4.

  1. Ƙirƙiri Kayan Aikin Gida Mai Aiki tare da Samba4 akan Ubuntu

Mataki 1: Ƙirƙiri Raba Fayil na Samba

1. Tsarin ƙirƙirar rabo akan Samba AD DC aiki ne mai sauƙi. Da farko ƙirƙirar kundin adireshi da kuke son rabawa ta hanyar ka'idar SMB kuma ƙara waɗannan izini na ƙasa akan tsarin fayil don ba da damar ƙididdige ƙididdiga na Windows AD DC don canza izinin raba daidai da abin da izini ya kamata abokan cinikin Windows su gani.

Da ɗaukan sabon rabon fayil akan AD DC zai zama directory /nas, gudanar da waɗannan umarni na ƙasa don sanya madaidaicin izini.

# mkdir /nas
# chmod -R 775 /nas
# chown -R root:"domain users" /nas
# ls -alh | grep nas

2. Bayan kun ƙirƙiri directory ɗin da za a fitar dashi azaman rabo daga Samba4 AD DC, kuna buƙatar ƙara waɗannan bayanan zuwa fayil ɗin sanyi na samba domin samun rabon ta hanyar ka'idar SMB.

# nano /etc/samba/smb.conf

Jeka kasan fayil ɗin kuma ƙara layuka masu zuwa:

[nas]
	path = /nas
	read only = no

3. Abu na ƙarshe da kuke buƙatar yi shine sake kunna Samba AD DC daemon don amfani da canje-canje ta hanyar ba da umarnin da ke ƙasa:

# systemctl restart samba-ad-dc.service

Mataki 2: Sarrafa Izinin Raba Samba

4. Tun da muna samun damar wannan ƙarar da aka raba daga Windows, ta amfani da asusun yanki (masu amfani da ƙungiyoyi) waɗanda aka ƙirƙira akan Samba AD DC (rabo ba a nufin masu amfani da tsarin Linux za su iya shiga ba).

Ana iya aiwatar da tsarin sarrafa izini kai tsaye daga Windows Explorer, kamar yadda ake sarrafa izini ga kowane babban fayil a cikin Windows Explorer.

Da farko, shiga cikin injin Windows tare da asusun Samba4 AD tare da gata na gudanarwa akan yankin. Domin samun dama ga rabo daga Windows kuma saita izini, rubuta adireshin IP ko sunan mai watsa shiri ko FQDN na injin Samba AD DC a cikin filin hanyar Windows Explorer, wanda aka rigaya da slash biyu na baya, kuma rabon ya kamata a bayyane.

\\adc1
Or
\2.168.1.254
Or
\\adc1.tecmint.lan

5. Don canza izini kawai danna kan raba kuma zaɓi Properties. Kewaya zuwa shafin Tsaro kuma ci gaba tare da canza masu amfani da yanki da izini na rukuni daidai. Yi amfani da maɓallin ci gaba don daidaita izini.

Yi amfani da hoton hoton da ke ƙasa azaman yanki kan yadda ake daidaita izini don takamaiman asusun Samba AD DC ingantattun asusu.

6. Wata hanyar da za ku iya amfani da ita don sarrafa izinin raba ta fito ne daga Gudanar da Kwamfuta -> Haɗa zuwa wata kwamfuta.

Kewaya zuwa Hannun jari, danna dama akan rabon da kake son canza izini, zaɓi Properties kuma matsa zuwa shafin Tsaro. Daga nan zaku iya canza izini ta kowace hanya da kuke so kamar yadda aka gabatar a hanyar da ta gabata ta amfani da izinin raba fayil.

Mataki 3: Taswirar Raba Fayil na Samba ta hanyar GPO

7. Don hawa fayil ɗin samba da aka fitar ta atomatik ta hanyar Manufofin Rukunin yanki, da farko akan na'ura tare da shigar da kayan aikin RSAT, buɗe AD UC utility, danna dama akan sunan yankin ku sannan, sannan, zaɓi Sabon -> Jaka Rarraba.

8. Ƙara suna don ƙarar da aka raba kuma shigar da hanyar sadarwar inda rabon ku yake kamar yadda aka kwatanta a hoton da ke ƙasa. Danna Ok lokacin da ka gama kuma rabon ya kamata a gani yanzu akan jirgin da ya dace.

9. Na gaba, buɗe na'ura mai ba da hanya tsakanin hanyoyin sadarwa na Rukuni, faɗaɗa zuwa rubutun Manufofin Domain Default kuma buɗe fayil ɗin don gyarawa.

A kan GPM Editan kewaya zuwa Kanfigareshan Mai amfani -> Preferences -> Saitunan Windows kuma danna dama akan Taswirar Drive kuma zaɓi Sabon -> Driver Taswira.

10. A cikin sabon taga bincika kuma ƙara wurin cibiyar sadarwa don rabawa ta danna maɓallin dama tare da dige guda uku, duba akwatin sake haɗawa, ƙara lakabin wannan rabon, zaɓi harafin wannan drive ɗin sannan danna maɓallin OK don adanawa da amfani da sanyi. .

11. A ƙarshe, don tilastawa da amfani da canje-canje na GPO akan na'ura na gida ba tare da sake kunna tsarin ba, buɗe Umurnin Umurnin kuma gudanar da umarni mai zuwa.

gpupdate /force

12. Bayan an yi nasarar aiwatar da manufofin akan injin ku, buɗe Windows Explorer kuma ƙarar cibiyar sadarwar da aka raba ya zama bayyane kuma ana iya samun damar yin amfani da shi, gwargwadon irin izinin da kuka bayar don rabawa akan matakan da suka gabata.

Rabon zai bayyana ga sauran abokan ciniki a kan hanyar sadarwar ku bayan sun sake yin aiki ko sake shiga cikin tsarin su idan manufofin rukuni ba za a tilasta su daga layin umarni ba.

Mataki 4: Shiga Samba Shared Volume daga Linux Clients

13. Masu amfani da Linux daga injinan da aka yi rajista a cikin Samba AD DC suna iya samun dama ko hawan rabon a cikin gida ta hanyar tantancewa cikin tsarin tare da asusun Samba.

Da farko, suna buƙatar tabbatar da cewa ana shigar da abokan cinikin samba masu zuwa da abubuwan amfani akan tsarin su ta hanyar ba da umarnin da ke ƙasa.

$ sudo apt-get install smbclient cifs-utils

14. Domin lissafin hannun jarin da yankinku ke bayarwa don takamaiman na'ura mai sarrafa yanki yi amfani da umarnin da ke ƙasa:

$ smbclient –L your_domain_controller –U%
or
$ smbclient –L \\adc1 –U%

15. Don haɗa haɗin kai zuwa rabon samba daga layin umarni tare da asusun yanki yi amfani da umarni mai zuwa:

$ sudo smbclient //adc/share_name -U domain_user

A layin umarni zaka iya jera abubuwan da ke cikin rabo, zazzagewa ko loda fayiloli zuwa rabawa ko yin wasu ayyuka. Amfani ? don jera duk samuwan umarnin smbclient.

16. Don hawa rabon samba akan na'urar Linux yi amfani da umarnin da ke ƙasa.

$ sudo mount //adc/share_name /mnt -o username=domain_user

Maye gurbin mai watsa shiri, suna raba, wurin dutse da mai amfani da yanki daidai da haka. Yi amfani da umarnin dutsen bututu tare da grep don tace kawai ta hanyar cifs.

A matsayin wasu ƙarshe na ƙarshe, hannun jari da aka saita akan Samba4 AD DC za su yi aiki tare da lissafin ikon samun damar Windows (ACL), ba POSIX ACLs ba.

Sanya Samba a matsayin memba na Domain tare da hannun jari don cimma wasu iyakoki don rabon hanyar sadarwa. Hakanan, akan Ƙarin Mai Kula da Domain yana saita Windbindd daemon - Mataki na Biyu - kafin ka fara fitar da hannun jarin cibiyar sadarwa.