User Tools
использование_unix_как_контроллера_домена
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
использование_unix_как_контроллера_домена [2010/09/29 15:03] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Использование UNIX как контроллера домена ====== | ||
| - | |||
| - | ===== Подготовка стенда ===== | ||
| - | |||
| - | ==== WindowsXP xp ==== | ||
| - | |||
| - | Вывести из домена corpX.un | ||
| - | |||
| - | ==== Unix ==== | ||
| - | |||
| - | Вывести gate из домена CORPX | ||
| - | |||
| - | === Win2003 === | ||
| - | |||
| - | Удаляем gate из списка компьютеров в AD | ||
| - | |||
| - | === Ubuntu/FreeBSD === | ||
| - | <code> | ||
| - | gate# cat /etc/nsswitch.conf | ||
| - | ... | ||
| - | passwd: files | ||
| - | group: files | ||
| - | shadow: files | ||
| - | ... | ||
| - | </code> | ||
| - | |||
| - | ==== Windows 2003 (AD) ==== | ||
| - | |||
| - | Остановить | ||
| - | |||
| - | ===== Настройка сервера SAMBA как PDC ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # pkg_add -r samba3 | ||
| - | |||
| - | [server:~] # сd /usr/local/etc/ | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@server:~# apt-get install samba | ||
| - | |||
| - | root@server:~# cd /etc/samba/ | ||
| - | </code> | ||
| - | ==== FreeBSD/Ubuntu ==== | ||
| - | <code> | ||
| - | server# cat smb.conf | ||
| - | </code><code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | os level = 33 | ||
| - | domain master = yes | ||
| - | security = user | ||
| - | domain logons = yes | ||
| - | logon path = \\%L\profiles\%U | ||
| - | [netlogon] | ||
| - | path = /home/samba | ||
| - | [profiles] | ||
| - | path = /home/ | ||
| - | read only = no | ||
| - | </code><code> | ||
| - | server# testparm | ||
| - | |||
| - | server# mkdir /home/samba | ||
| - | </code> | ||
| - | |||
| - | ===== Связываем группы windows c группами unix и запускаем контроллер домена ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # pw groupadd users | ||
| - | |||
| - | [server:~] # net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d | ||
| - | [server:~] # net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d | ||
| - | [server:~] # net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d | ||
| - | |||
| - | [server:~] # net groupmap list | ||
| - | |||
| - | [server:~] # more /etc/rc.conf | ||
| - | … | ||
| - | nmbd_enable="YES" | ||
| - | smbd_enable="YES" | ||
| - | winbindd_enable="NO" | ||
| - | … | ||
| - | [server:~] # /usr/local/etc/rc.d/samba start | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@server:~# net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d | ||
| - | root@server:~# net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d | ||
| - | root@server:~# net groupmap add ntgroup="Domain Guests" unixgroup=nogroup rid=514 type=d | ||
| - | |||
| - | root@server:~# net groupmap list | ||
| - | |||
| - | root@server:~# restart smbd | ||
| - | root@server:~# restart nmbd | ||
| - | </code> | ||
| - | |||
| - | ===== Добавляем суперпользователя root в домен ===== | ||
| - | <code> | ||
| - | server# smbpasswd -a root | ||
| - | Smb password: password | ||
| - | … | ||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # pw usermod root -G users | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@server:~# usermod -G users root | ||
| - | </code> | ||
| - | |||
| - | ===== Добавляем компьютер xp в домен ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # pw useradd xp$ -d /tmp -s /usr/sbin/nologin | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@server:~# adduser --force-badname --home /tmp --shell /bin/false xp$ | ||
| - | ... | ||
| - | Enter new UNIX password: Pa$$w0rd | ||
| - | </code> | ||
| - | |||
| - | ==== Windows XP ==== | ||
| - | |||
| - | Регистрируем в домене CORPX используя учетную запись root | ||
| - | |||
| - | ===== Добавляем пользователей user1 и user2 в домен ===== | ||
| - | <code> | ||
| - | server# adduser user1 | ||
| - | ... | ||
| - | ...Password: password1 | ||
| - | |||
| - | server# adduser user2 | ||
| - | ... | ||
| - | ...Password: password2 | ||
| - | |||
| - | |||
| - | server# smbpasswd -a user1 | ||
| - | ... | ||
| - | ...Password: Pa$$W0rd1 | ||
| - | |||
| - | server# smbpasswd -a user2 | ||
| - | ... | ||
| - | ...Password: Pa$$W0rd2 | ||
| - | |||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # pw usermod user -G users | ||
| - | |||
| - | [server:~] # id user | ||
| - | uid=10003(user) gid=10004(user) groups=10004(user),10002(users) | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@server:~# usermod -G users user1 | ||
| - | |||
| - | root@server:~# id user1 | ||
| - | uid=1002(user1) gid=1002(user1) groups=1002(user1),100(users) | ||
| - | </code> | ||
| - | |||
| - | Сделайте администратором XP пользователя user1 | ||
| - | |||
| - | Зарегистрируйтесь как пользователь user1 в XP, cоздайте папку на рабочем столе и отключитесь от системы | ||
| - | <code> | ||
| - | server# ls ~user1 | ||
| - | </code> | ||
| - | |||
| - | ===== Использование Logon скрипта ===== | ||
| - | |||
| - | ==== Настройка PDC ==== | ||
| - | <code> | ||
| - | server# cat smb.conf | ||
| - | ... | ||
| - | logon script = logon.cmd | ||
| - | [netlogon] | ||
| - | ... | ||
| - | </code> | ||
| - | |||
| - | ==== Создание скрипта ==== | ||
| - | |||
| - | === FreeBSD === | ||
| - | <code> | ||
| - | [server:~] # pkg_add -r unix2dos | ||
| - | |||
| - | [server:~] # rehash | ||
| - | </code> | ||
| - | |||
| - | === Ubuntu === | ||
| - | <code> | ||
| - | root@server:~# apt-get install tofrodos | ||
| - | </code> | ||
| - | |||
| - | === FreeBSD/Ubuntu === | ||
| - | <code> | ||
| - | server# cat /home/samba/logon.cmd | ||
| - | net use M: \\gate\group_write | ||
| - | rem M:\Thunderbird.msi | ||
| - | |||
| - | server# unix2dos /home/samba/logon.cmd | ||
| - | или | ||
| - | server# todos /home/samba/logon.cmd | ||
| - | </code> | ||
| - | Примечание: для установки ПО user должен либо входить в группу локальных админисраторов xp, либо входить в группу администраторов домена wheel (FreeBSD) или root (Ubuntu) | ||
| - | |||
| - | ===== Использование SAMBA PDC для идентификация доступа к сервисам ===== | ||
| - | |||
| - | ==== Регистрация сервера в PDC ==== | ||
| - | |||
| - | === FreeBSD === | ||
| - | <code> | ||
| - | [server:~] # pw useradd gate$ -d /tmp -s /usr/sbin/nologin | ||
| - | </code> | ||
| - | |||
| - | === Ubuntu === | ||
| - | <code> | ||
| - | root@server:~# adduser --force-badname --home /tmp --shell /bin/false gate$ | ||
| - | ... | ||
| - | ...Password: Pa$$w0rd | ||
| - | </code> | ||
| - | |||
| - | ==== Настройка сервера на использование PDC ==== | ||
| - | |||
| - | [[NTLM аутентификация в Microsoft AD]] | ||
| - | |||
| - | [[NTLM авторизация в Microsoft AD]] | ||
| - | |||
| - | ===== GSSAPI ===== | ||
| - | <code> | ||
| - | add -r cifs/gate.corp13.un | ||
| - | add -r cifs/gate.CORP13.UN | ||
| - | |||
| - | ext -k gatecifs.keytab cifs/gate.corp13.un | ||
| - | ext -k gatecifs.keytab cifs/gate.CORP13.UN | ||
| - | |||
| - | kadmin.local: addprinc -randkey cifs/gate.corp13.un | ||
| - | kadmin.local: addprinc -e rc4-hmac:normal -randkey cifs/gate.CORP13.UN | ||
| - | |||
| - | kadmin.local: ktadd -k gatecifs.keytab cifs/gate.corp13.un | ||
| - | kadmin.local: ktadd -k gatecifs.keytab cifs/gate.CORP13.UN | ||
| - | </code> | ||
использование_unix_как_контроллера_домена.1285758221.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
