Haɗa CentOS 7 zuwa Samba4 AD daga layin umarni - Kashi na 14
Wannan jagorar za ta nuna muku yadda zaku iya haɗa uwar garken CentOS 7 ba tare da Fahimtar Mai amfani ba zuwa Samba4 Active Directory Domain Controller daga layin umarni ta amfani da software na Authconfig.
Wannan nau'in saitin yana ba da madaidaitan bayanan asusu guda ɗaya wanda Samba ke riƙe kuma yana ba masu amfani da AD damar tantance sabar CentOS a cikin kayan aikin cibiyar sadarwa.
- Ƙirƙiri Kayan Aikin Gida Mai Aiki tare da Samba4 akan Ubuntu
- CentOS 7.3 Jagoran Shigarwa
Mataki 1: Sanya CentOS don Samba4 AD DC
1. Kafin fara shiga CentOS 7 Server zuwa cikin Samba4 DC kana buƙatar tabbatar da cewa an daidaita hanyar sadarwar cibiyar sadarwa yadda yakamata don neman yankin ta hanyar sabis na DNS.
Gudanar da umarnin adireshin IP don jera mu'amalar cibiyar sadarwar injin ku kuma zaɓi takamaiman NIC don gyarawa ta hanyar ba da umarnin editan nmtui akan sunan dubawa, kamar ens33 a cikin wannan misalin, kamar yadda aka kwatanta a ƙasa.
# ip address # nmtui-edit ens33
2. Da zarar an buɗe hanyar sadarwar cibiyar sadarwa don gyarawa, ƙara saitunan IPv4 masu tsayayyen da suka fi dacewa da LAN ɗin ku kuma tabbatar kun saita Samba AD Domain Controllers IP adireshi na sabobin DNS.
Hakanan, saka sunan yankinku a cikin wuraren bincike da aka shigar kuma kewaya zuwa maɓallin Ok ta amfani da maɓallin [TAB] don aiwatar da canje-canje.
Wuraren binciken da aka shigar suna tabbatar da cewa takwaran yankin ana haɗa shi ta atomatik ta ƙudurin DNS (FQDN) lokacin da kuke amfani da ɗan gajeren suna don rikodin yanki na DNS.
3. A ƙarshe, sake kunna daemon cibiyar sadarwa don amfani da canje-canje da gwada idan an daidaita ƙudurin DNS da kyau ta hanyar ba da jerin umarni na ping a kan sunan yanki da masu sarrafa yanki gajerun sunaye kamar yadda aka nuna a ƙasa.
# systemctl restart network.service # ping -c2 tecmint.lan # ping -c2 adc1 # ping -c2 adc2
4. Hakanan, saita sunan mai masaukin injin ku kuma sake kunna injin don aiwatar da saitunan daidai ta hanyar ba da umarni masu zuwa.
# hostnamectl set-hostname your_hostname # init 6
Tabbatar idan an yi amfani da sunan mai masauki daidai tare da umarnin da ke ƙasa.
# cat /etc/hostname # hostname
5. A ƙarshe, daidaita lokacin gida tare da Samba4 AD DC ta hanyar ba da umarnin da ke ƙasa tare da tushen gata.
# yum install ntpdate # ntpdate domain.tld
Mataki 2: Haɗa CentOS 7 Server zuwa Samba4 AD DC
6. Don shiga uwar garken CentOS 7 zuwa Samba4 Active Directory, da farko shigar da fakiti masu zuwa akan injin ku daga asusun da ke da tushen gata.
# yum install authconfig samba-winbind samba-client samba-winbind-clients
7. Domin haɗa uwar garken CentOS 7 zuwa mai sarrafa yanki gudanar da kayan aikin hoto na authconfig-tui tare da tushen gata kuma amfani da saitunan da ke ƙasa kamar yadda aka bayyana a ƙasa.
# authconfig-tui
A farkon allon faɗakarwa zaɓi:
- Akan Bayanin Mai Amfani:
- Yi amfani da Winbind
- Akan Tabbatarwa shafin zaɓi ta latsa maɓallin [Space]:
- Yi amfani da Kalmar wucewar Shadow
- Amfani da Tabbatar da Winbind
- Izinin gida ya isa
8. Danna Next don ci gaba zuwa Winbind Settings allon kuma saita kamar yadda aka kwatanta a kasa:
- Tsarin Tsaro: talla
- Domain = YOUR_DOMAIN (amfani da babban harsashi)
- Masu Sarrafa yanki = Injin yanki FQDN (waƙafi idan fiye da ɗaya)
- ADS Masarautar = YOUR_DOMAIN.TLD
- Template Shell = /bin/bash
9. Don aiwatar da haɗin yanki kewaya zuwa maɓallin Domain ta amfani da maɓallin [tab] kuma danna maɓallin [Enter] don shiga yankin.
A cikin faɗakarwar allo na gaba, ƙara takaddun shaida don asusun Samba4 AD tare da manyan gata don aiwatar da asusun injin ɗin shiga cikin AD kuma danna Ok don aiwatar da saiti kuma rufe hanzarin.
Ku sani cewa lokacin da kuka buga kalmar wucewar mai amfani, ba za a nuna bayanan shaidar a allon kalmar sirri ba. Akan sauran allon sake buga Ok don gama haɗin yanki don injin CentOS 7.
Don tilasta ƙara na'ura zuwa takamaiman Samba AD Organisation Unit, sami ainihin sunan injin ku ta amfani da umarnin sunan mai masauki kuma ƙirƙirar sabon abu na kwamfuta a cikin wannan OU tare da sunan injin ku.
Hanya mafi kyau don ƙara sabon abu a cikin Samba4 AD shine ta amfani da kayan aikin ADUC daga na'urar Windows da aka haɗa cikin yankin tare da kayan aikin RSAT da aka sanya a kai.
Muhimmi: Wata hanya dabam ta shiga yanki ita ce ta amfani da layin umarni na authconfig wanda ke ba da iko mai yawa akan tsarin haɗin kai.
Koyaya, wannan hanyar tana da saurin yin kurakurai zuwa sigoginta masu yawa kamar yadda aka kwatanta akan sashin umarni na ƙasa. Dole ne a buga umarnin cikin layi mai tsawo guda ɗaya.
# authconfig --enablewinbind --enablewinbindauth --smbsecurity ads --smbworkgroup=YOUR_DOMAIN --smbrealm YOUR_DOMAIN.TLD --smbservers=adc1.yourdomain.tld --krb5realm=YOUR_DOMAIN.TLD --enablewinbindoffline --enablewinbindkrb5 --winbindtemplateshell=/bin/bash--winbindjoin=domain_admin_user --update --enablelocauthorize --savebackup=/backups
10. Bayan an haɗa na'ura zuwa yankin, tabbatar da idan sabis na winbind ya tashi kuma yana aiki ta hanyar ba da umarnin da ke ƙasa.
# systemctl status winbind.service
11. Sa'an nan, duba idan CentOS inji abu an samu nasarar ƙirƙira a Samba4 AD. Yi amfani da kayan aikin AD masu amfani da Kwamfutoci daga injin Windows tare da shigar da kayan aikin RSAT kuma kewaya zuwa gandun dajin Kwamfutoci na yankinku. Wani sabon abu na asusun kwamfuta na AD mai sunan uwar garken CentOS 7 ya kamata a jera shi a cikin jirgin da ya dace.
12. A ƙarshe, tweak ɗin daidaitawa ta buɗe babban fayil ɗin sanyi na samba (/etc/samba/smb.conf) tare da editan rubutu kuma saka layin da ke ƙasa a ƙarshen shingen daidaitawa na [duniya] kamar yadda aka kwatanta a ƙasa:
winbind use default domain = true winbind offline logon = true
13. Domin ƙirƙirar gidaje na gida akan na'ura don asusun AD a farkon tambarin su sai ku yi umarnin da ke ƙasa.
# authconfig --enablemkhomedir --update
14. A ƙarshe, sake kunna Samba daemon don yin la'akari da canje-canje da kuma tabbatar da shiga yankin ta hanyar yin logon akan uwar garke tare da asusun AD. Ya kamata a ƙirƙiri littafin adireshin gida na asusun AD ta atomatik.
# systemctl restart winbind # su - domain_account
15. Yi lissafin masu amfani da yanki ko ƙungiyoyin yanki ta hanyar ba da ɗayan umarni masu zuwa.
# wbinfo -u # wbinfo -g
16. Don samun bayani game da mai amfani da yanki gudanar da umarnin da ke ƙasa.
# wbinfo -i domain_user
17. Don nuna taƙaitaccen bayanin yanki bayar da umarni mai zuwa.
# net ads info
Mataki 3: Shiga CentOS tare da Samba4 AD DC Account
18. Don tantancewa tare da mai amfani da yanki a cikin CentOS, yi amfani da ɗayan layin umarni masu zuwa.
# su - ‘domain\domain_user’ # su - domain\\domain_user
Ko yi amfani da tsarin haɗin gwiwar da ke ƙasa idan winbind ya yi amfani da yankin tsoho = an saita siga na gaskiya zuwa fayil ɗin sanyi na samba.
# su - domain_user # su - [email
19. Domin ƙara tushen gata ga mai amfani da yanki ko rukuni, gyara fayil ɗin sudoers ta amfani da umarnin visudo kuma ƙara layin da ke gaba kamar yadda aka kwatanta a hoton da ke ƙasa.
YOUR_DOMAIN\\domain_username ALL=(ALL:ALL) ALL #For domain users %YOUR_DOMAIN\\your_domain\ group ALL=(ALL:ALL) ALL #For domain groups
Ko amfani da abin da ke ƙasa idan winbind yayi amfani da tsoho yanki = an saita siga na gaskiya zuwa fayil ɗin sanyi na samba.
domain_username ALL=(ALL:ALL) ALL #For domain users %your_domain\ group ALL=(ALL:ALL) ALL #For domain groups
20. Jerin umarni masu zuwa akan Samba4 AD DC na iya zama da amfani don dalilai na warware matsalar:
# wbinfo -p #Ping domain # wbinfo -n domain_account #Get the SID of a domain account # wbinfo -t #Check trust relationship
21. Don barin yankin gudanar da umarni mai zuwa a kan sunan yankinku ta amfani da asusun yanki tare da manyan gata. Bayan an cire asusun na'ura daga AD, sake kunna na'urar don dawo da canje-canje kafin tsarin haɗin kai.
# net ads leave -w DOMAIN -U domain_admin # init 6
Shi ke nan! Kodayake wannan hanya an fi mayar da hankali ne kan haɗa uwar garken CentOS 7 zuwa Samba4 AD DC, matakan da aka kwatanta anan suma suna aiki don haɗa uwar garken CentOS zuwa Microsoft Windows Server 2012 Active Directory.