以下是以 ubuntu 環境建置,其他發行版本應該也差不多。
apt -y install samba libpam-winbind libnss-winbind
apt -y install \
winbind libpam-winbind \
libnss-winbind krb5-config samba-dsdb-modules\
samba-vfs-modules samba acl
[libdefaults]
default_realm = ERILAB.COM.TW
dns_lookup_realm = false
dns_lookup_kdc = true
...略
passwd: compat systemd winbind
group: compat systemd winbind
...略
刪除或改名原本的 smb.conf , 新增 /etc/samba/smb.conf 內容大致如下
[global]
#bind interfaces only = yes
#interfaces = lo eth0
workgroup = ERILAB
realm = ERILAB.COM.TW
# 實際註冊進網域時用的名稱,沒設定的話會直接用HostName
# netbios name = XXXFileServer
security = ads
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config ERI : backend = rid
idmap config ERI : range = 10000-999999
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
min protocol = SMB3_11
#分享設定 , 是需要可以在往下加.
[DockerVol]
path = /DockerVol
admin users = @sudo
#valid users = @"domain admins"
browsable = yes
writable = yes
read only = no
net ads join -U Administrator
systemctl restart smbd.service winbind.service
net ads join osname=`uname -s` osver=`uname -r` -U admin...
# 完成上面動作後可以用下面指令取得網域帳號列表.
(如果加入有成功的話應該可以看到清清單)
wbinfo -u
wbinfo -g
...略
# 只允許本機 adm , sudo 群組 , ssh 遠端登入
AllowGroups adm sudo
...略
usermod -G sudo peter
groupmems -l -g sudo
cat << END > /etc/pam.d/groupmems
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth(common-password)
END
gpasswd -d olduser -g sudo
安裝必要套件 sudo apt install libpam-google-authenticator 編輯 /etc/ssh/sshd_config 調整 KbdInteractiveAuthentication , ChallengeResponseAuthentication 設定 略.. # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) KbdInteractiveAuthentication yes ChallengeResponseAuthentication yes
Mar 20, 2025LogServer跑 ubuntu server , 預計佈署 rsyslog server 收計 AP 送來的Log資料。
Mar 6, 2025在實務應用上<
Feb 11, 2025Ubuntu 24.04 的版本預設的套件來源就有docker相關軟體,所以安裝就相對簡單。apt install docker-compose-v2 一行指就可以完成安裝了。
Jan 20, 2025or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up