This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ntlm_аутентификация_в_microsoft_ad [2010/08/26 15:12] val |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== NTLM аутентификация в Microsoft AD ====== | ||
- | ===== Настройка службы winbindd ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # /usr/local/etc/rc.d/samba stop | ||
- | |||
- | [gate:~] # cat /etc/rc.conf | ||
- | … | ||
- | nmbd_enable="NO" | ||
- | smbd_enable="NO" | ||
- | winbindd_enable="YES" | ||
- | … | ||
- | |||
- | [gate:~] # cd /usr/local/etc/ | ||
- | </code> | ||
- | ==== Ubuntu (8.04) ==== | ||
- | <code> | ||
- | root@gate:~# /etc/init.d/samba stop | ||
- | </code> | ||
- | |||
- | ==== Ubuntu (10.04) ==== | ||
- | <code> | ||
- | root@gate:~# stop nmbd | ||
- | root@gate:~# stop smbd | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@gate:~# apt-get install winbind | ||
- | |||
- | root@gate:~# cd /etc/samba | ||
- | </code> | ||
- | ==== FreeBSD/Ubuntu ==== | ||
- | <code> | ||
- | gate# cat smb.conf | ||
- | </code><code> | ||
- | [global] | ||
- | workgroup = CORPX | ||
- | security = DOMAIN | ||
- | winbind use default domain = Yes | ||
- | </code> | ||
- | |||
- | ===== Регистрация службы winbindd в домене ===== | ||
- | <code> | ||
- | gate# net rpc join -U Administrator | ||
- | Administrators's password: | ||
- | Joined domain ADCORPX | ||
- | </code> | ||
- | |||
- | ===== Запуск службы winbindd ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # /usr/local/etc/rc.d/samba start | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@gate:~# /etc/init.d/bind9 restart | ||
- | |||
- | root@gate:~# /etc/init.d/winbind restart | ||
- | </code> | ||
- | |||
- | ==== Проверки ==== | ||
- | <code> | ||
- | gate# ntlm_auth --username=user | ||
- | password: | ||
- | NT_STATUS_OK: Success (0x0) | ||
- | </code> | ||
- | |||
- | ===== Использование NTLM аутентификации для proxy сервер squid ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # pkg_add -r squid | ||
- | |||
- | [gate:~] # chown root:squid /var/db/samba/winbindd_privileged/ | ||
- | |||
- | [gate:~] # cat /etc/rc.conf | ||
- | ... | ||
- | squid_enable=yes | ||
- | |||
- | [gate:~] # rehash | ||
- | [gate:~] # squid -z | ||
- | |||
- | [gate:~] # cd /usr/local/etc/squid | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@gate:~# apt-get install squid | ||
- | |||
- | root@gate:~# cd /etc/squid | ||
- | </code> | ||
- | ==== FreeBSD/Ubuntu ==== | ||
- | <code> | ||
- | gate# cat squid.conf | ||
- | ... | ||
- | # for linux uncomment | ||
- | # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp | ||
- | |||
- | # for freebsd uncomment | ||
- | # auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp | ||
- | ... | ||
- | acl inetuser proxy_auth REQUIRED | ||
- | http_access allow inetuser | ||
- | # http_access allow localnet | ||
- | </code> | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # /usr/local/etc/rc.d/squid start | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@gate:~# /etc/init.d/squid restart | ||
- | </code> | ||
- | |||
- | ==== Разрешение доступа в интернет на основании членства в группе ==== | ||
- | <code> | ||
- | gate# ntlm_auth --username=user --require-membership-of=CORPX\\inet | ||
- | </code> | ||
- | |||
- | ===== Настройка библиотеки pam на использование winbind ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # cat /etc/pam.d/sshd | ||
- | ... | ||
- | auth sufficient /usr/local/lib/pam_winbind.so | ||
- | auth required pam_unix.so no_warn try_first_pass | ||
- | </code> | ||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@gate:~# apt-get install libpam-modules | ||
- | |||
- | root@gate:~# more /etc/pam.d/sshd | ||
- | ... | ||
- | auth sufficient pam_winbind.so | ||
- | # Standard Un*x authentication. | ||
- | ... | ||
- | </code> |