Ukoliko imate računalo u virtualnoj okolini i dodate novi disk na server, nije potrebno restartati server kako bi vaš operativni sustav vidio disk. Dovoljno je napraviti svega par koraka:
echo "- - -" > /sys/class/scsi_host/host#/scan
fdisk -l
tail -f /var/log/message
Zamjenite host# sa pravom vrijednosti , popis hostova možete vidjeti sa:
ls /sys/class/scsi_host
Zadnji korak je napraviti particiju i formatirati je.
Ukoliko želite koristiti zadnju službenu inčicu Subversion, preporuka je svakako koristiti pakete sa WanDisco web stranice.
1. Dodati liniju u datoteku /etc/apt/sources.list
deb http://opensource.wandisco.com/debian squeeze svn17
2. Preuzeti GPG ključ i dodati u apt:
cd ~ wget http://opensource.wandisco.com/wandisco-debian.gpg apt-key add wandisco-debian.gpg
3. Ažuritati repositorij i instalacija:
apt-get update apt-get install subversion
1. Prvo ponovo skenirajte SCSI Bus:
echo “- – -” > /sys/class/scsi_host/host#/scan
fdisk -l
tail -f /var/log/message
host# – zamjenite sa diskom kojeg želite skenirati, pregled svih dostupnih diskova možete pogledati sa:
ls /sys/class/scsi_host
2. Dodavanje diska:
echo “scsi add-single-device <H> <B> <T> <L>” > /proc/scsi/scsi
Primjer(dodati /dev/sdc , host # 0, bus # 0, target # 2, and LUN # 0):
echo “scsi add-single-device 0 0 2 0″>/proc/scsi/scsi
fdisk -l
cat /proc/scsi/scsi
3. Potrebno formatirati dodjeljen disk, u našem primjeru formatirat ćemo swap fs (sa fdiskom napravi se particija tipa swap).
fdisk /dev/sdc
mkswap -f /dev/sdc1
4. Deaktiviranje aktivnog swap-a:
swapoff -a
5. Urediti /etc/fstab :
/dev/sdc1 swap swap defaults 0 0
6. Aktivirati swap:
swapon -a
1. Uvod
U ovom kratkom primjeru demonstrirat ćemo kako pridružiti Debian na Windows Active Directory domain.
Koje pakete koristim:
Debian squeeze
samba 3.5.6
winbind 3.5.6
krb5-config 2.2
krb5-user 1.8.3
192.168.0.100 – Windows AD Server
192.168.0.200 – Debian server
MOJA.DOMENA – moja domena
2. Instalacija upravljačkih programa:
1 |
aptitude install libkrb53 krb5-config krb5-user samba winbind ntpdate ntp |
3. Poslje instalacije zaustavite servise:
1 2 3 |
/etc/init.d/samba stop /etc/init.d/winbind stop /etc/init.d/ntp stop |
4. Podešavanje Kerberos-a:
Active Directory koristi Kerberos protokol za svoje upite. Potreno je ažurirati datoteku /etc/krb5.conf.
Prva stvar koju trebate podesiti je Kerberos realm od vaše domene.
Primjer postavki:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
[libdefaults]
default_realm = MOJA.DOMENA
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MOJA.DOMENA = {
kdc = 192.168.0.100
admin_server = 192.168.0.100
}
[domain_realm]
.moja.domena = MOJA.DOMENA
moja.domena = MOJA.DOMENA
[login]
krb4_convert = true
krb4_get_tickets = false
|
5. Podesiti NTP
Kerberos protokol ovisi o protokolu NTP. Ako vrijeme na Debian serveru nije sinhronizirano sa “primary domain controller”, prijava neće biti dostupna. Vrijeme možete ručno sinhronizirati primjerom:
1 |
ntpdate 192.168.11.100 |
Dodajte u /etc/ntp.conf vaš NTP server:
1 2 |
# Moja domena server 192.168.0.100 |
Zatim pokrenite NTP sa:
1 |
/etc/init.d/ntp start |
6. Podesite vaš DNS
Dodajte ActiveDirectory IP adresu u /etc/resolv.conf
1 |
nameserver 192.168.0.100 |
7. Podesite Winbind
Uredite postavke pod grupom [global] u datoteci /etc/samba/smb.conf.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# Global parameters [global] workgroup = MOJA realm = MOJA.DOMENA load printers = no preferred master = no local master = no server string = debian server password server = 192.168.0.100 encrypt passwords = true security = domain netbios name = debian client signing = Yes dns proxy = No wins server = 192.168.0.100 wins proxy = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /home/%D/%U template shell = /bin/bash invalid users = root winbind separator = / winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
8. Podesi Nsswitch:
Postavke se nalaze u datoteci /etc/nsswitch.conf:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis |
Promjene možete aktivirati sa:
1 |
ldconfig |
9. Dodjelite računalo domeni:
1 |
net ads join -U Administrator |
10. Uredite PAM postavke:
1 2 3 4 |
nano /etc/pam.d/common-account # treba imati sljedeće linije: account sufficient pam_winbind.so account required pam_unix.so |
1 2 3 4 |
nano /etc/pam.d/common-auth # treba imati sljedeće linije: auth sufficient pam_unix.so auth required pam_winbind.so use_first_pass |
1 2 3 |
nano /etc/pam.d/common-password # treba imati sličnu liniju - parametri password required pam_unix.so nullok obscure min=4 max=50 md5 |
1 2 3 |
nano /etc/pam.d/common-session # treba imati sljedeću liniju: session required pam_mkhomedir.so umask=0022 skel=/etc/skel |
11. Restartajte servise sljedećim redosljedom;
1 2 3 4 5 |
/etc/init.d/samba stop /etc/init.d/winbind stop /etc/init.d/samba start /etc/init.d/winbind start /etc/init.d/ssh restart |
12. Provjera
Provjerite dali imate pristup korisnicima wbinfo -u i grupama wbinfo -g sa vašeg AD-a
Korisne informacije o vašem statusu:
1 |
net ads status |
Sad se možete probati prijaviti na AD sa ssh korisnik@192.168.0.200
Ako želite napustit domenu, koristite:
1 |
net ads leave -U Administrator |
Na web adresi “Subversion 1.7 Debian” možete pogledati kako brzo i jednostavno instalirati subversion.
Uredite datoteku /etc/samba/smb.conf (zamjenite korisnicko_ime sa nekim stvarnim korisnikom):
[global]
netbios name = debian
workgroup = WORKGROUP
server string = Public File Server
security = share
guest account = korisnicko_ime
[public]
comment = Public Folder
path = /home/korisnicko_ime/Public
public = yes
create mask = 0777
directory mask = 0777
force user = korisnicko_ime
force group = korisnicko_ime
writable = yes
guest ok = yes
guest only = yes
guest account = korisnicko_ime
browsable = yes
Restartajte sambu /etc/init.d/samba restart i možete pristupiti svome poslužitelju bez ograničenja
# Kernel
echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
# Uglavno servisi koji koriste ipv6, treba se posebno podesiti, evo par primjera:
# Exim4 - postaviti dc_local_interfaces='127.0.0.1' zatim pokrenuti:
update-exim4.conf
# ssh - dododati u /etc/ssh/sshd_config
echo "AddressFamily inet" >> /etc/ssh/sshd_config
Ako se želite spojiti na računalo koje se nalazi u domeni (active directory) potrebno je napraviti pripremu :
1. Instalirati pakete:
apt-get install krb5-config samba winbind ntpdate
2. Zaustaviti procese:
/etc/init.d/samba stop
/etc/init.d/winbind stop
3. Dodati svoju domenu u datoteku /etc/krb5.conf
Pronađite [realms] i dodajte ispod (REALMNAME – puno ime vaše domene – pisati sa velikim slovima):
REALMNAME {
kdc = pdc_ip_address
}
Pronađite [libdefaults] i postavite vašu domenu:
default_realm = REALMNAME
4. Podesite winbind , dodajte u datoteku /etc/samba/smb.conf
realm = REALMNAME
workgroup = DOMAINNAME[global]
realm = REALMNAME
workgroup = DOMAINNAME
load printers = no
preferred master = no
local master = no
server string = fileserver
password server = DOMAINNAME
encrypt passwords = yes
security = ADS
netbios name = nameofserver
client signing = Yes
dns proxy = No
wins server = DOMAINNAME
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes[public]
comment = Public Folder
path = /home/username/public
public = yes
create mask = 0777
directory mask = 0777
force user = username
force group = username
writable = yes
guest ok = yes
guest only = yes
guest account = username
browsable = yes
5. Podesite Nsswitch /etc/nsswitch.conf :
Pronađite i zamjenite postavke sa:
passwd: files winbind
group: files winbind
6. Pristupite domeni:
net ads join -U “DOMAINADMIN”
7. Pokrenite servise:
/etc/init.d/samba start
/etc/init.d/winbind start
1. prvo instalirajte pakete:
apt-get install apache2 openssl ssl-cert
2. generirajte certfikat:
cd ~
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
cp server.key /etc/apache2
cp server.crt /etc/apache2
Napomena: Prilikom svakog startanja servera morate upisati tajni ključ a ako želite zaobići upisivanje ključa napravite sljedeće:
openssl rsa -in server.key -out server.key
3. aktivirajte ssl modul
a2enmod ssl
4. uključite web site za ssl
a2ensite default-ssl
5. podesite side – ssl
zakomentirajte postojeće linije koda (/etc/apache2/sites-enabled/default-ssl) i dodajte:
# SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.k
Debian novosti Ubuntu (HR) novosti Linux Mint novosti Nacionalni CERT