Debian 11 Samba 使用 Winbind 認證

安裝軟體
apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
 
編輯 /etc/krb5.conf  
[libdefaults]
        default_realm = TEST.COM
 
# The following krb5.conf variables are only for MIT Kerberos.
       kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
 
編輯 /etc/samba/smb.conf
[global]   
   workgroup = TEST
   realm = TEST.DOM
   security = ads
   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config FD3S01 : backend = rid
   idmap config FD3S01 : range = 10000-999999
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
 
[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0755
   directory mask = 0755
   valid users = %S
   root preexec = /opt/mkmyhome.sh %S %H
#   hide files = /abc/ /a/ /.*/
 
編輯 /etc/nsswitch.conf 修改
passwd:         files systemd winbind
group:          files systemd winbind
 
編輯 /etc/pam.d/common-session  加入
# add to the end if you need (auto create a home directory at initial login)
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

編輯 /opt/mkmyhome.sh
#!/bin/bash
user=$1
home=$2
group="domain users"

[ -z "$user" ]&&exit 9;
[ -z "$home" ]&&exit 9;
[ -d "$home" ]&&exit 9;

mkdir -p $home -m 700  && chown "${user}:${group}" $home;
exit $?;

chmod a+x /opt/mkmyhome.sh

加入網域
net ads join -U Administrator
 
重啟服務
 systemctl restart winbind

其他相關指令
net ads leave -U Administrator

FortiSwitch-124F 恢復預設

1.press the Reset button for about 10 seconds and then release it.
 
2.exec factoryreset

NextCloud 備份

設定維護模式
sudo -u www-data php occ maintenance:mode --on
或編輯 config/config.php  
 "maintenance" => false 異動為 "maintenance" => true
 
備份資料
rsync -Aavx nextcloud/ nextcloud-dirbkp_`date +"%Y%m%d"`/
 
備份資料庫
mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
 
停用維護模式
sudo -u www-data php occ maintenance:mode --off

nginx 設定 php-fpm

 server {
    gzip on;
   
    location / {
        try_files $uri $uri/ =404;
    }
 
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }
}

NextCloud Internal Server Error after login

1) sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
2) chown -R www-data:www-data /var/www/nextcloud/
3) chmod -R 770 /var/www/nextcloud/
4) sudo -u www-data php /var/www/nextcloud/occ maintenance:repair
5) sudo -u www-data php /var/www/nextcloud/occ db:add-missing-columns
6) sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
7) sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
8) sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
9) sudo systemctl restart apache2

1) mysql> select * from oc_storages;
delete all the content from the table oc_filecache
2) mysql> TRUNCATE TABLE oc_filecache;

編輯 nextcloud/config/config.php
'trusted_domains' =>
  array (
    0 => 'localhost',
1 => 'exap\mple.com',
2 => '192.168.1.1',
  ),
 'datadirectory' => '/var/www/nextcloud-data',
 'dbtype' => 'mysql',

NextCloud LDAP 設定 出現 Internal Server Error

可能是設定檔異常

sudo -u nextcloud php7.3 /var/www/nextcloud/occ log:tail
sudo -u www-data php7.3 /var/www/nextcloud/occ app:list
sudo -u www-data php7.3 /var/www/nextcloud/occ ldap:show-config

sudo -u www-data php7.3 /var/www/nextcloud/occ app:enable user_ldap
sudo -u www-data php7.3 /var/www/nextcloud/occ app:disable user_ldap

修改設定檔參考指令
sudo -u www-data php7.3 /var/www/nextcloud/occ ldap:set-config "s01" ldap_login_filter "(&(|(objectclass=posixAccount))(uid=%uid))"

NextCloud 重設 管理員密碼

sudo -u www-data php /var/www/nextcloud/occ user:resetpassword admin

NGINX 設定 https ssl

產生私鑰
openssl genrsa -des3 -out privkey.key 2048

產生 CSR
openssl req -new -key privkey.key -out ca.csr <<EOF
TW
Taiwan
Taipei
INIC
G
MIS
email

EOF
 
去除私鑰密碼
openssl rsa -in privkey.key -out ca.key

建立自我簽署的CA
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

複製金鑰
mkdir /etc/nginx/ssl
cp ca.crt /etc/nginx/ssl/nginx.crt
cp ca.key /etc/nginx/ssl/nginx.key

編輯 /etc/nginx/sites-enabled/default
server {
  listen 80 default_server;
  listen [::]:80 default_server;

  # 加入 SSL 設定
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  # 憑證與金鑰的路徑
  ssl_certificate /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;

  # ...
}

Proxmox VE VM Linux 網路界面模組

e1000
virtio_net
8139cp
8139too
vmxnet3

MariaDB無法開啟服務

刪除/var/lib/mysql/ib_logfile* /var/lib/mysql/tc.log