2018年7月30日 星期一

proxmox 5.2 sssd + windows ad 認證

安裝相關軟體
apt-get -y install realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs

resolvconf

啟動相關軟體
systemctl start realmd

編輯 /etc/pam.d/common-session
# add to the end if need (create home directory automatically at initial login)
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

CentOS7 使用 sssd + windows ad 認證

安裝相關軟體
yum -y install krb5-workstation realmd sssd oddjob oddjob-mkhomedir adcli samba-common oddjob oddjob-mkhomedir sssd samba-common-tools

開啟相關服務
systemctl enable realm
systemctl start realm

加入網域
realm discover domainname
realm join domainname

realm 相關指令
查詢 AD 相關資訊
realm discover domain
realm list

加入網域
realm join domain --user administrator

退出網域
realm leave domain --user administrator

網域限制可登入的使用者:
realm permit --all  #允許任何帳號登入
realm deny --all    #拒絕任何帳號登入
realm permit user@domain      #允許使用UPN格式的 user 帳號登入
realm permit domain\\User2  #允許使用SAM格式的 user2 帳號登入
realm permit --withdraw user@domain     #從主機刪除可登入的帳號
realm permit -g mis   #mis 群組可登入主機

查詢使用者帳號資訊
id user\\donain
getent passwd
getent group

相關設定檔案
/etc/sssd/sssd.conf
/etc/nsswitch.conf
/etc/pam.d/fingerprint-auth
/etc/pam.d/fingerprint-auth-ac
/etc/pam.d/password-auth
/etc/pam.d/password-auth-ac
/etc/pam.d/system-auth
/etc/pam.d/system-auth-ac
/etc/pam.d/smartcard-auth
/etc/pamd./smartcard-auth-ac

/etc/sssd/sssd.conf  設定檔
[sssd]
domains = ad.example
config_file_version = 2
services = nss, pam

[domain/tw.example]
ad_domain = ad.example
krb5_realm = AD.EXAMPLE
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False    #登入時,不需輸入網域
fallback_homedir = /home/%d/%u       #自動建立的 home 目錄不會加上 @DomainName
enumerate = True                     #可 使用 getent 查詢帳號資訊
access_provider = ad

相關指令

2018年7月27日 星期五

debian 9 出現 QSslSocket: cannot resolve CRYPTO_num_locks

出現以下訊息
QSslSocket: cannot resolve CRYPTO_num_locks
QSslSocket: cannot resolve CRYPTO_set_id_callback
QSslSocket: cannot resolve CRYPTO_set_locking_callback
QSslSocket: cannot resolve ERR_free_strings
QSslSocket: cannot resolve EVP_CIPHER_CTX_cleanup
QSslSocket: cannot resolve EVP_CIPHER_CTX_init
QSslSocket: cannot resolve sk_new_null

解決方式
安裝 libssl1.0-dev

2018年7月17日 星期二

proxmox 5.2 取得所有cluster node 資訊

for i in $(grep "name\|ring0_addr" /etc/corosync/corosync.conf|grep -v cluster_name:);do [ $i = "name:" ]&&{ echo;continue; };[ $i = "ring0_addr:" ]&&continue;echo  $i;done;

proxmox 取得 cluster name

grep cluster_name /etc/pve/corosync.conf

Proxmox 5.2 安裝 nfs server

安裝 NFS server 軟體
apt-get install nfs-common nfs-kernel-server

啟動 NFS server 服務
systemctl start nfs-kernel-server
systemctl enable nfs-kernel-server

編輯 /etc/exports

重新載入 NFS server 設定檔
exportfs -a

Proxmox 5.x 安裝 LSI RAID GUI 工具

安裝 X window
apt-get install xfce4 chromium lightdm
apt-get install xrdp tigervnc-standalone-server
apt-get install mate
apt-get install task-mate-desktop

安裝 rpm -> deb 程式
apt-get install alien

取得 管理程式並安裝
wget https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/17.05.00.02_Linux-64_MSM.gz

tar xzvf 17.05.00.02_Linux-64_MSM.gz
cd 17.05.00.02_Linux-64_MSM/disk/
alien --scripts *.rpm
dpkg -i lib-utils2_1.00-9_all.deb                   
dpkg -i megaraid-storage-manager_17.05.00-3_all.deb  

啟動 MSM service
systemctl start vivaldiframeworkd.service
systemctl enable vivaldiframeworkd.service

執行 GUI 管理程式
cd "/usr/local/MegaRAID Storage Manager"
./startupui.sh

文字界面
/usr/local/MegaRAID\ Storage\ Manager/StorCLI/storcli64 /c0 show all

Proxmox 5.x 安裝 xrdp

apt-get install xfce4 chromium lightdm
apt-get install xrdp tigervnc-standalone-server

允許所有使用者皆可使用 XRDP
修改 /etc/X11/Xwrapper.config containing
allowed_users = anybody