Bettering the presentation. Added cons slide. Updated .info file needed.

This commit is contained in:
Emiliano Vavassori 2010-09-13 23:55:14 +02:00
parent a86513b1d8
commit a8db25c94e
2 changed files with 153 additions and 119 deletions

Binary file not shown.

View File

@ -11,24 +11,18 @@
\setmonofont[Mapping=tex-text,Scale=.9]{Consolas}
%\setmonofont[Mapping=tex-text,Scale=.9]{Prestige Elite Std}
% Definisco box per ``?''
\newsavebox{\qbox}
\savebox{\qbox}{{\fontspec{Hillock (BRK)}\fontsize{24}{24}\selectfont ?}}
\newlength{\myqboxlen}
\settowidth{\myqboxlen}{\usebox{\qbox}}
\newenvironment{question}[1]{\parbox{\myqboxlen}{\color{red!75!black}\usebox{\qbox}}\hfill\begin{minipage}{.92\textwidth}\alert{\bfseries #1}\\}{\end{minipage}}
% Definisco shell
\setbeamercolor{shell snippet}{fg=lightgray,bg=black}
\newenvironment{shell}{\begin{beamercolorbox}[sep=.5em]{shell snippet}\ttfamily {\color{blue}\$}}{\end{beamercolorbox}}
\newenvironment{rootshell}{\begin{beamercolorbox}[sep=.5em]{shell snippet}\ttfamily {\color{red}\#}}{\end{beamercolorbox}}
\newenvironment{shell}{\par\vspace*{.7em}\begin{beamercolorbox}[sep=.5em]{shell snippet}\ttfamily {\color{blue}\$}}{\end{beamercolorbox}}
\newenvironment{shell*}{\par\vspace*{.7em}\begin{beamercolorbox}[sep=.5em]{shell snippet}\ttfamily {\color{red}\#}}{\end{beamercolorbox}}
\newcommand{\urlify}[1]{{\color{blue}\url{#1}}}
% Definisco filesnippet
\newenvironment{filesnippet}[1]{\begin{block}{Snippet: \texttt{#1}}\ttfamily}{\end{block}}
% Definisco snippet
\newenvironment{snippet}[1]{\begin{block}{Estratto: \texttt{#1}}\ttfamily}{\end{block}}
% Definisco un po' di modifiche sulla bibliografia
\setbeamertemplate{bibliography item}[triangle]
\setbeamercolor*{bibliography entry author}{fg=black}
%\setbeamercolor*{bibliography entry author}{fg=black}
% Un po' di altri settaggi
\beamerdefaultoverlayspecification{<+->}
@ -88,9 +82,9 @@
\end{itemize}
\bigskip
\begin{block}{Un piccolo dubbio mi assale\ldots \textbf{Esaustivo}?}
Con \textit{Active Directory} è impossibile pensare di essere esaustivi.
Ci vorrebbe una giornata intera.
\begin{block}{Un piccolo dubbio mi assale\ldots\ \textbf{Esaustivo}?}
Non si può fare un \textit{lightning talk} su \textit{Active Directory} in
senso stretto. Ci vorrebbe una giornata intera.
\end{block}
\end{frame}
@ -103,59 +97,58 @@
\end{block}
\bigskip
\onslide+<2->
\begin{question}{Integrato con \emph{Active Directory}:}
\visible<2>{%
\begin{block}{Integrato con \emph{Active Directory}}
Gli utenti saranno in grado di accedere ai documenti condivisi senza
ulteriori autenticazioni da macchine di dominio con utenze di dominio.
\end{question}
\end{block}}
\end{frame}
\begin{frame}
\frametitle{Requisiti}
\frametitle{0.0 --- Struttura della rete}
\begin{block}{}
\begin{itemize}[<+->]
\item Un \emph{domain controller} Microsoft Windows
\item Un fileserver GNU/Linux (Debian 5.0 «Lenny»)
\item Avere sufficienti conoscenze di \textit{Active Directory}
\item Non avere paura di «sporcarsi le mani»
\end{itemize}
\begin{block}{Domain Controller --- \itshape Windows 2003 Server}\ttfamily
10.0.0.1\hspace*{4ex}testdc.domain.local
\end{block}
\end{frame}
\begin{frame}
\frametitle{0.0 --- Verifica parametri di rete}
\begin{block}{Parametri di rete}
\begin{itemize}[<1>]
\item Domain Controller: testdc.domain.local, 10.0.0.1
\item File Server: linuxfs.domain.local, 10.0.0.100
\end{itemize}
\bigskip
\begin{block}<1->{File Server --- \itshape Debian 5.0 «Lenny»}\ttfamily
10.0.0.100\hspace*{2ex}linuxfs.domain.local
\end{block}
\end{frame}
\begin{frame}
\frametitle{0.1 --- Verifica parametri di rete}
\frametitle{0.1 --- Indirizzi del fileserver}
\onslide<1->%
Verificare il FQDN:\\[-.5em]
\begin{filesnippet}{/etc/hosts}
Prima di partire, conviene verificare l'indirizzo di rete:
\begin{shell*}
ip address show eth0
\end{shell*}
\bigskip
\onslide<2->%
Verificare il \textit{Fully Qualified Domain Name} (FQDN):\\
\begin{snippet}{/etc/hosts}
10.0.0.100 linuxfs.domain.local linuxfs \textbackslash\\
\hspace*{2ex}localhost.localdomain localhost
\end{filesnippet}
\end{snippet}
\onslide<2->%
Verificare DNS primario e dominio:\\[-.5em]
\begin{filesnippet}{/etc/resolv.conf}
\end{frame}
\begin{frame}
\frametitle{0.2 --- Indirizzi del domain controller}
Verificare DNS primario e dominio:
\begin{snippet}{/etc/resolv.conf}
nameserver 10.0.0.1\\
search domain.local\\
domain domain.local
\end{filesnippet}
\end{snippet}
\onslide<3->%
Verificare comunicazione e risoluzione nomi:\\[.3em]
\bigskip
\onslide<2->%
Verificare comunicazione e risoluzione nomi:
\begin{shell}
ping 10.0.0.1
\end{shell}
@ -169,43 +162,52 @@
\end{frame}
\begin{frame}
\frametitle{1 --- Installazione}
\frametitle{1 --- Installazione pacchetti necessari}
\begin{rootshell}
\begin{shell*}
aptitude install openntpd ntpdate krb5-user samba winbind smbclient
\end{rootshell}
\end{shell*}
\bigskip\onslide<2->
\bigskip
\onslide<2->%
Opzionalmente:
\begin{rootshell}
\begin{shell*}
aptitude install smbfs
\end{rootshell}
\end{shell*}
\end{frame}
\begin{frame}
\frametitle{2 --- Configurazione NTP}
\begin{rootshell}
Fermiamo il servizio:
\begin{shell*}
/etc/init.d/openntpd stop
\end{rootshell}
\onslide<2->
\smallskip
\begin{filesnippet}{/etc/openntpd/ntpd.conf}
\end{shell*}
\bigskip
\onslide<2->%
\begin{snippet}{/etc/openntpd/ntpd.conf}
server testdc.domain.local
\end{filesnippet}
\onslide<3->
\medskip
\begin{rootshell}
\end{snippet}
\bigskip
\onslide<3->%
Impostiamo l'ora\ldots
\begin{shell*}
ntpdate testdc.domain.local
\end{rootshell}
\begin{rootshell}
\end{shell*}
\bigskip
\onslide<4>%
\ldots e riavviamo il servizio:
\begin{shell*}
/etc/init.d/openntpd start
\end{rootshell}
\end{shell*}
\end{frame}
\begin{frame}
\frametitle{3 --- Configurazione Kerberos}
\begin{filesnippet}{/etc/krb5.conf}
\begin{snippet}{/etc/krb5.conf}
[libdefaults]\\
default\_realm = DOMAIN.LOCAL\\
\ldots\newline
@ -218,90 +220,112 @@
[domain\_realm]\\
.domain.local = DOMAIN.LOCAL\\
domain.local = DOMAIN.LOCAL
\end{filesnippet}
\end{snippet}
\end{frame}
\begin{frame}
\frametitle{4.0 --- SAMBA}
\begin{filesnippet}{/etc/samba/smb.conf}
\frametitle{4.0 --- Configurazione SAMBA: generale}
\begin{snippet}{/etc/samba/smb.conf}
[global]\\
workgroup = DOMAIN\\
realm = DOMAIN.LOCAL\\
\alert<2>{\textbf<2>{realm = DOMAIN.LOCAL}}\\
wins server = 10.0.0.1\\
security = ads\\
password server = testdc.domain.local\\
\alert<2>{\textbf<2>{security = ads}}\\
\alert<2>{\textbf<2>{password server = testdc.domain.local}}\\
obey pam restrictions = yes\\
unix password sync = yes\\
winbind separator = +\\
winbind use default domain = yes
\end{filesnippet}
\alert<2>{\textbf<2>{winbind separator = +}}\\
\alert<2>{\textbf<2>{winbind use default domain = yes}}
\end{snippet}
\end{frame}
\begin{frame}
\frametitle{4.1 --- SAMBA (condivisioni)}
\begin{filesnippet}{/etc/samba/smb.conf}
\frametitle{4.1 --- Configurazione SAMBA: condivisioni}
\begin{snippet}{/etc/samba/smb.conf}
[shared]\\
comment = \ldots\\
path = /var/local/shared\\
valid users = \%U\\
\alert<2>{\textbf<2>{valid users = \%U}}\\
browseable = yes\\
writable = yes\\
guest ok = no\\
read only = no\\
create mask = 0664\\
directory mask = 0775
\end{filesnippet}
\alert<3>{\textbf<3>{create mask = 0664}}\\
\alert<3>{\textbf<3>{directory mask = 0775}}
\end{snippet}
\onslide<2->
Infine testiamo il file:\\[.5em]
\begin{rootshell}
\bigskip
\onslide<4->
Infine testiamo il file:
\begin{shell*}
testparm
\end{rootshell}
\end{shell*}
\end{frame}
\begin{frame}
\frametitle{5 --- Messa in dominio}
Riavviamo i servizi:\\[.5em]
\begin{rootshell}
Riavviamo i servizi:
\begin{shell*}
/etc/init.d/samba restart
\end{rootshell}
\begin{rootshell}
\end{shell*}
\begin{shell*}
/etc/init.d/winbind restart
\end{rootshell}
\end{shell*}
\smallskip
\medskip
\onslide<2->
Verifichiamo che Kerberos funzioni:\\[.5em]
\begin{rootshell}
Verifichiamo che Kerberos funzioni:
\begin{shell*}
kinit -a administrator
\end{rootshell}
\end{shell*}
\smallskip
\medskip
\onslide<3->
Messa in dominio:\\[.5em]
\begin{rootshell}
Messa in dominio:
\begin{shell*}
net ads join -U Administrator
\end{rootshell}
\end{shell*}
\smallskip
\medskip
\onslide<4->
Verifichiamo che si riesca ad accedere alle informazioni di dominio:\\[.5em]
\begin{rootshell}
Verifichiamo che si riesca ad accedere alle informazioni di dominio:
\begin{shell*}
wbinfo -u
\end{rootshell}
\end{shell*}
\end{frame}
\begin{frame}
\frametitle{Difetti d'implementazione}
\begin{itemize}
\item Non utilizza Heimdal Kerberos (se necessario LDAP, da preferire)
\item Incompatibilità con sistemi \textit{Microsoft} più moderni: Windows
7, Windows 2008 Server.\\
\visible<3->{\alert{Soluzione} --- Samba 3.4 da \textit{Lenny Backports}}
\item<4-> L'implementazione attuale non permette il login sul file server di
utenze di dominio (necessario configurare PAM)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Un \textit{cadeau}}
Possiamo «importare» magicamente gruppi e utenze all'interno della macchina
Linux aggiungendo un paio di righe:\newline
\begin{filesnippet}{/etc/nsswitch.conf}
passwd: compat \alert{winbind}\\
group: compat \alert{winbind}\\
shadow: compat \alert{winbind}
\end{filesnippet}
Linux aggiungendo:
\begin{snippet}{/etc/nsswitch.conf}
passwd: compat \alert{\bfseries winbind}\\
\alert{\bfseries passwd\_compat: winbind}\\
group: compat \alert{\bfseries winbind}\\
\alert{\bfseries group\_compat: winbind}\\
shadow: compat \alert{\bfseries winbind}
\end{snippet}
\bigskip
\visible<2->{%
Sarà ora possibile attribuire i permessi a intere cartelle come:
\begin{shell*}
chown -R root:'domain users' /var/local/shared
\end{shell*}}
\end{frame}
\begin{frame}
@ -320,17 +344,27 @@
\begin{thebibliography}{The Samba HOWTO and Reference Guide}
\bibitem<1>[SAMBA]{SAMBA}
The Official Samba 3.5.x HOWTO and Reference Guide
\newblock\alert{\url{http://tinyurl.com/samba-howto}}
The SAMBA Team
\newblock\textit{The Official Samba 3.5.x HOWTO and Reference Guide}
\newblock\urlify{http://tinyurl.com/samba-howto}
\bibitem<1>[SurlyJake]{Surlyjake}
Blog di Jake Surly
\newblock Post: \textit{Join Debian Lenny to Active Directory using
Samba}
\newblock\urlify{http://tinyurl.com/samba-adjoin}
\bibitem<1>[Deb-DC]{Deb-DC}
Samba e OpenLDAP: creare un controller di dominio con Debian Lenny
\newblock\alert{\url{http://tinyurl.com/deb-dc}}
Guide Debianizzati
\newblock\textit{Samba e OpenLDAP: creare un controller di dominio con
Debian Lenny}
\newblock\urlify{http://tinyurl.com/deb-dc}
\bibitem<1>[Deb-SDC]{Deb-SDC}
Samba, OpenLDAP, Kerberos: creare un controller di dominio sicuro con
Debian Lenny
\newblock\alert{\url{http://tinyurl.com/deb-secure-dc}}
Guide Debianizzati
\newblock\textit{Samba, OpenLDAP, Kerberos: creare un controller di
dominio sicuro con Debian Lenny}
\newblock\urlify{http://tinyurl.com/deb-secure-dc}
\end{thebibliography}
\end{frame}