2010-09-09 02:43:59 +02:00
|
|
|
\documentclass{beamer}
|
|
|
|
\mode<presentation>
|
|
|
|
{
|
|
|
|
\usetheme{Warsaw}
|
|
|
|
\setbeamercovered{transparent}
|
|
|
|
}
|
|
|
|
|
|
|
|
\usepackage[italian]{babel}
|
2010-09-10 01:55:30 +02:00
|
|
|
\usepackage{lmodern,textcomp,fontspec,xunicode,xltxtra}
|
2010-09-09 04:13:20 +02:00
|
|
|
\setsansfont[Mapping=tex-text,Ligatures=Common]{Myriad Pro}
|
2010-09-09 04:35:31 +02:00
|
|
|
\setmonofont[Mapping=tex-text,Scale=.9]{Consolas}
|
|
|
|
%\setmonofont[Mapping=tex-text,Scale=.9]{Prestige Elite Std}
|
2010-09-09 02:43:59 +02:00
|
|
|
|
2010-09-10 01:55:30 +02:00
|
|
|
% Definisco box per ``?''
|
|
|
|
\newsavebox{\qbox}
|
|
|
|
\savebox{\qbox}{{\fontspec{Hillock (BRK)}\fontsize{24}{24}\selectfont ?}}
|
|
|
|
\newlength{\myqboxlen}
|
|
|
|
\settowidth{\myqboxlen}{\usebox{\qbox}}
|
2010-09-11 20:41:06 +02:00
|
|
|
\newenvironment{question}[1]{\parbox{\myqboxlen}{\color{red!75!black}\usebox{\qbox}}\hfill\begin{minipage}{.92\textwidth}\alert{\bfseries #1}\\}{\end{minipage}}
|
2010-09-10 01:55:30 +02:00
|
|
|
|
2010-09-11 20:41:06 +02:00
|
|
|
% Definisco shell
|
|
|
|
\setbeamercolor{shell snippet}{fg=lightgray,bg=black}
|
|
|
|
\newenvironment{shell}{\begin{beamercolorbox}[sep=.5em]{shell snippet}\ttfamily {\color{blue}\$}}{\end{beamercolorbox}}
|
|
|
|
\newenvironment{rootshell}{\begin{beamercolorbox}[sep=.5em]{shell snippet}\ttfamily {\color{red}\#}}{\end{beamercolorbox}}
|
|
|
|
|
|
|
|
% Definisco filesnippet
|
|
|
|
\newenvironment{filesnippet}[1]{\begin{block}{Snippet: \texttt{#1}}\ttfamily}{\end{block}}
|
|
|
|
|
2010-09-13 20:32:51 +02:00
|
|
|
% Definisco un po' di modifiche sulla bibliografia
|
|
|
|
\setbeamertemplate{bibliography item}[triangle]
|
|
|
|
\setbeamercolor*{bibliography entry author}{fg=black}
|
|
|
|
|
|
|
|
% Un po' di altri settaggi
|
|
|
|
\beamerdefaultoverlayspecification{<+->}
|
|
|
|
\setbeamercolor{alerted text}{fg=structure}
|
|
|
|
|
|
|
|
\setbeamertemplate{footline}{%
|
|
|
|
\leavevmode%
|
|
|
|
\hbox{%
|
|
|
|
\begin{beamercolorbox}[wd=.5\paperwidth,ht=2.25ex,dp=1ex,right]{author in head/foot}%
|
|
|
|
\usebeamerfont{author in head/foot}\insertshortauthor~~(\insertshortinstitute)\hspace*{2ex}
|
|
|
|
\end{beamercolorbox}%
|
|
|
|
\begin{beamercolorbox}[wd=.5\paperwidth,ht=2.25ex,dp=1ex]{title in head/foot}%
|
|
|
|
\hspace*{2ex}\usebeamerfont{title in head/foot}\insertshorttitle\hfill%
|
|
|
|
\insertframenumber{} / \inserttotalframenumber\hspace*{2ex}
|
|
|
|
\end{beamercolorbox}}
|
|
|
|
\vskip0pt%
|
|
|
|
}
|
2010-09-11 20:41:06 +02:00
|
|
|
%%% Global structure %%%
|
2010-09-09 04:13:20 +02:00
|
|
|
\title[Linux, Samba e AD]{Fileserver con SAMBA e Windows}
|
2010-09-09 02:43:59 +02:00
|
|
|
\subtitle{Integrazione con \textit{Microsoft Active Directory}}
|
|
|
|
|
2010-09-09 04:13:20 +02:00
|
|
|
\author[E.~Vavassori (BGlug) --- LD10]{Emiliano Vavassori}
|
2010-09-09 02:43:59 +02:00
|
|
|
\institute[BGlug]{BGlug --- Bergamo Linux User Group\\
|
2010-09-09 04:13:20 +02:00
|
|
|
Circoscrizione n° 2, Largo Röntgen n° 3\\
|
2010-09-09 02:43:59 +02:00
|
|
|
24128 Bergamo}
|
|
|
|
|
|
|
|
\date[LD10]{23 ottobre 2010 --- LinuxDay 2010}
|
|
|
|
|
2010-09-09 04:13:20 +02:00
|
|
|
\subject{Fileserver con SAMBA e Windows --- Integrazione con Active Directory}
|
2010-09-09 02:43:59 +02:00
|
|
|
|
|
|
|
% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
|
|
|
|
% \logo{\pgfuseimage{university-logo}}
|
|
|
|
|
|
|
|
\begin{document}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\titlepage
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-12 19:05:01 +02:00
|
|
|
\begin{frame}\centering
|
|
|
|
\frametitle{Premessa}
|
|
|
|
Tutto il materiale qui riportato è disponibile a questo indirizzo:
|
|
|
|
|
|
|
|
\bigskip\Large
|
|
|
|
\alert{\url{http://tinyurl.com/ld10-samba}}
|
|
|
|
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-11 20:41:06 +02:00
|
|
|
\begin{frame}
|
|
|
|
\frametitle{\textit{Lightning Talk}?}
|
|
|
|
\begin{itemize}[<+->]
|
|
|
|
\item Richiesta «passiva» sul sito del BGlug
|
|
|
|
\item Limitazione nell'obiettivo
|
|
|
|
\item Livello tecnico abbastanza alto
|
|
|
|
\item Procedura di setup di meno di mezz'ora (compresi test)
|
|
|
|
\item Poco tempo per la preparazione del talk \texttt{O:-)}
|
|
|
|
\end{itemize}
|
|
|
|
|
|
|
|
\bigskip
|
|
|
|
\begin{block}{Un piccolo dubbio mi assale\ldots \textbf{Esaustivo}?}
|
|
|
|
Con \textit{Active Directory} è impossibile pensare di essere esaustivi.
|
|
|
|
Ci vorrebbe una giornata intera.
|
|
|
|
\end{block}
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-10 01:55:30 +02:00
|
|
|
\begin{frame}
|
|
|
|
\frametitle{Obiettivo}
|
|
|
|
|
|
|
|
\begin{block}{}
|
|
|
|
Creare un \emph{file server} integrato con una struttura \textit{Active
|
|
|
|
Directory} preesistente.
|
|
|
|
\end{block}
|
|
|
|
|
|
|
|
\bigskip
|
|
|
|
\onslide+<2->
|
2010-09-11 20:41:06 +02:00
|
|
|
\begin{question}{Integrato con \emph{Active Directory}:}
|
|
|
|
Gli utenti saranno in grado di accedere ai documenti condivisi senza
|
|
|
|
ulteriori autenticazioni da macchine di dominio con utenze di dominio.
|
|
|
|
\end{question}
|
2010-09-10 01:55:30 +02:00
|
|
|
|
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
2010-09-09 04:13:20 +02:00
|
|
|
\frametitle{Requisiti}
|
2010-09-09 02:43:59 +02:00
|
|
|
|
2010-09-09 04:13:20 +02:00
|
|
|
\begin{block}{}
|
|
|
|
\begin{itemize}[<+->]
|
|
|
|
\item Un \emph{domain controller} Microsoft Windows
|
2010-09-11 20:41:06 +02:00
|
|
|
\item Un fileserver GNU/Linux (Debian 5.0 «Lenny»)
|
2010-09-09 04:13:20 +02:00
|
|
|
\item Avere sufficienti conoscenze di \textit{Active Directory}
|
|
|
|
\item Non avere paura di «sporcarsi le mani»
|
2010-09-09 02:43:59 +02:00
|
|
|
\end{itemize}
|
|
|
|
\end{block}
|
|
|
|
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-11 20:41:06 +02:00
|
|
|
\begin{frame}
|
|
|
|
\frametitle{0.0 --- Verifica parametri di rete}
|
|
|
|
|
|
|
|
\begin{block}{Parametri di rete}
|
2010-09-13 20:32:51 +02:00
|
|
|
\begin{itemize}[<1>]
|
2010-09-11 20:41:06 +02:00
|
|
|
\item Domain Controller: testdc.domain.local, 10.0.0.1
|
|
|
|
\item File Server: linuxfs.domain.local, 10.0.0.100
|
|
|
|
\end{itemize}
|
|
|
|
\end{block}
|
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{0.1 --- Verifica parametri di rete}
|
|
|
|
|
2010-09-13 20:32:51 +02:00
|
|
|
\onslide<1->%
|
|
|
|
Verificare il FQDN:\\[-.5em]
|
|
|
|
\begin{filesnippet}{/etc/hosts}
|
|
|
|
10.0.0.100 linuxfs.domain.local linuxfs \textbackslash\\
|
|
|
|
\hspace*{2ex}localhost.localdomain localhost
|
|
|
|
\end{filesnippet}
|
|
|
|
|
|
|
|
\onslide<2->%
|
|
|
|
Verificare DNS primario e dominio:\\[-.5em]
|
|
|
|
\begin{filesnippet}{/etc/resolv.conf}
|
2010-09-11 20:41:06 +02:00
|
|
|
nameserver 10.0.0.1\\
|
|
|
|
search domain.local\\
|
|
|
|
domain domain.local
|
2010-09-13 20:32:51 +02:00
|
|
|
\end{filesnippet}
|
|
|
|
|
|
|
|
\onslide<3->%
|
|
|
|
Verificare comunicazione e risoluzione nomi:\\[.3em]
|
|
|
|
\begin{shell}
|
|
|
|
ping 10.0.0.1
|
|
|
|
\end{shell}
|
|
|
|
\begin{shell}
|
|
|
|
ping testdc.domain.local
|
|
|
|
\end{shell}
|
|
|
|
\begin{shell}
|
|
|
|
ping testdc
|
|
|
|
\end{shell}
|
|
|
|
|
2010-09-11 20:41:06 +02:00
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{1 --- Installazione}
|
|
|
|
|
|
|
|
\begin{rootshell}
|
|
|
|
aptitude install openntpd ntpdate krb5-user samba winbind smbclient
|
|
|
|
\end{rootshell}
|
|
|
|
|
|
|
|
\bigskip\onslide<2->
|
|
|
|
Opzionalmente:
|
|
|
|
\begin{rootshell}
|
|
|
|
aptitude install smbfs
|
|
|
|
\end{rootshell}
|
|
|
|
|
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{2 --- Configurazione NTP}
|
|
|
|
\begin{rootshell}
|
|
|
|
/etc/init.d/openntpd stop
|
|
|
|
\end{rootshell}
|
|
|
|
\onslide<2->
|
|
|
|
\smallskip
|
|
|
|
\begin{filesnippet}{/etc/openntpd/ntpd.conf}
|
|
|
|
server testdc.domain.local
|
|
|
|
\end{filesnippet}
|
|
|
|
\onslide<3->
|
|
|
|
\medskip
|
|
|
|
\begin{rootshell}
|
|
|
|
ntpdate testdc.domain.local
|
|
|
|
\end{rootshell}
|
|
|
|
\begin{rootshell}
|
|
|
|
/etc/init.d/openntpd start
|
|
|
|
\end{rootshell}
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-12 19:05:01 +02:00
|
|
|
\begin{frame}
|
|
|
|
\frametitle{3 --- Configurazione Kerberos}
|
|
|
|
\begin{filesnippet}{/etc/krb5.conf}
|
|
|
|
[libdefaults]\\
|
|
|
|
default\_realm = DOMAIN.LOCAL\\
|
|
|
|
\ldots\newline
|
|
|
|
[realms]\\
|
|
|
|
DOMAIN.LOCAL = \{\\
|
|
|
|
\hspace{2ex}kdc = testdc.domain.local\\
|
|
|
|
\hspace{2ex}admin\_server = testdc.domain.local\\
|
|
|
|
\}\\
|
|
|
|
\ldots\newline
|
|
|
|
[domain\_realm]\\
|
|
|
|
.domain.local = DOMAIN.LOCAL\\
|
|
|
|
domain.local = DOMAIN.LOCAL
|
|
|
|
\end{filesnippet}
|
|
|
|
\end{frame}
|
2010-09-09 04:35:31 +02:00
|
|
|
|
2010-09-12 19:05:01 +02:00
|
|
|
\begin{frame}
|
|
|
|
\frametitle{4.0 --- SAMBA}
|
|
|
|
\begin{filesnippet}{/etc/samba/smb.conf}
|
|
|
|
[global]\\
|
|
|
|
workgroup = DOMAIN\\
|
|
|
|
realm = DOMAIN.LOCAL\\
|
|
|
|
wins server = 10.0.0.1\\
|
|
|
|
security = ads\\
|
|
|
|
password server = testdc.domain.local\\
|
|
|
|
obey pam restrictions = yes\\
|
|
|
|
unix password sync = yes\\
|
|
|
|
winbind separator = +\\
|
|
|
|
winbind use default domain = yes
|
|
|
|
\end{filesnippet}
|
|
|
|
\end{frame}
|
2010-09-09 04:35:31 +02:00
|
|
|
|
2010-09-12 19:05:01 +02:00
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{4.1 --- SAMBA (condivisioni)}
|
|
|
|
\begin{filesnippet}{/etc/samba/smb.conf}
|
|
|
|
[shared]\\
|
|
|
|
comment = \ldots\\
|
|
|
|
path = /var/local/shared\\
|
|
|
|
valid users = \%U\\
|
|
|
|
browseable = yes\\
|
|
|
|
writable = yes\\
|
|
|
|
guest ok = no\\
|
|
|
|
read only = no\\
|
|
|
|
create mask = 0664\\
|
|
|
|
directory mask = 0775
|
|
|
|
\end{filesnippet}
|
|
|
|
|
|
|
|
\onslide<2->
|
|
|
|
Infine testiamo il file:\\[.5em]
|
|
|
|
\begin{rootshell}
|
|
|
|
testparm
|
|
|
|
\end{rootshell}
|
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{5 --- Messa in dominio}
|
|
|
|
Riavviamo i servizi:\\[.5em]
|
|
|
|
\begin{rootshell}
|
|
|
|
/etc/init.d/samba restart
|
|
|
|
\end{rootshell}
|
|
|
|
\begin{rootshell}
|
|
|
|
/etc/init.d/winbind restart
|
|
|
|
\end{rootshell}
|
|
|
|
|
|
|
|
\smallskip
|
|
|
|
\onslide<2->
|
|
|
|
Verifichiamo che Kerberos funzioni:\\[.5em]
|
|
|
|
\begin{rootshell}
|
|
|
|
kinit -a administrator
|
|
|
|
\end{rootshell}
|
|
|
|
|
|
|
|
\smallskip
|
|
|
|
\onslide<3->
|
|
|
|
Messa in dominio:\\[.5em]
|
|
|
|
\begin{rootshell}
|
|
|
|
net ads join -U Administrator
|
|
|
|
\end{rootshell}
|
|
|
|
|
|
|
|
\smallskip
|
|
|
|
\onslide<4->
|
|
|
|
Verifichiamo che si riesca ad accedere alle informazioni di dominio:\\[.5em]
|
|
|
|
\begin{rootshell}
|
|
|
|
wbinfo -u
|
|
|
|
\end{rootshell}
|
2010-09-09 04:35:31 +02:00
|
|
|
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-13 20:32:51 +02:00
|
|
|
\begin{frame}
|
|
|
|
\frametitle{Un \textit{cadeau}}
|
|
|
|
Possiamo «importare» magicamente gruppi e utenze all'interno della macchina
|
|
|
|
Linux aggiungendo un paio di righe:\newline
|
|
|
|
\begin{filesnippet}{/etc/nsswitch.conf}
|
|
|
|
passwd: compat \alert{winbind}\\
|
|
|
|
group: compat \alert{winbind}\\
|
|
|
|
shadow: compat \alert{winbind}
|
|
|
|
\end{filesnippet}
|
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{Cosa possiamo fare ora?}
|
|
|
|
A partire da quanto messo a punto ora possiamo implementare:
|
|
|
|
|
|
|
|
\begin{itemize}[<+->]
|
|
|
|
\item un proxy autenticato (Squid + \texttt{auth\_ntlm})
|
|
|
|
\item un \textit{domain controller} Linux-based (LDAP)
|
|
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
|
|
|
|
\begin{frame}
|
|
|
|
\frametitle{Sitografia}
|
|
|
|
|
|
|
|
\begin{thebibliography}{The Samba HOWTO and Reference Guide}
|
|
|
|
|
|
|
|
\bibitem<1>[SAMBA]{SAMBA}
|
|
|
|
The Official Samba 3.5.x HOWTO and Reference Guide
|
|
|
|
\newblock\alert{\url{http://tinyurl.com/samba-howto}}
|
|
|
|
|
|
|
|
\bibitem<1>[Deb-DC]{Deb-DC}
|
|
|
|
Samba e OpenLDAP: creare un controller di dominio con Debian Lenny
|
|
|
|
\newblock\alert{\url{http://tinyurl.com/deb-dc}}
|
|
|
|
|
|
|
|
\bibitem<1>[Deb-SDC]{Deb-SDC}
|
|
|
|
Samba, OpenLDAP, Kerberos: creare un controller di dominio sicuro con
|
|
|
|
Debian Lenny
|
|
|
|
\newblock\alert{\url{http://tinyurl.com/deb-secure-dc}}
|
|
|
|
|
|
|
|
\end{thebibliography}
|
|
|
|
\end{frame}
|
|
|
|
|
2010-09-12 19:05:01 +02:00
|
|
|
% End slide
|
2010-09-09 02:43:59 +02:00
|
|
|
\end{document}
|