Грубо говоря отделяет нас от нашей цели (MDS - кто уже забыл =) ) - последний шаг.
Настроим web интерфейс управления MMC. Создадим два виртуальных хоста, http и https. (http нужен для перенаправления на https).
Добавим следующие строки в:
#vim /etc/apache2/sites-available/http
ServerName pdc.lxf.su
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Теперь тоже и для https:
#vim /etc/apache2/sites-available/https
NameVirtualHost 192.168.1.3:443
ServerName pdc.lxf.su
ServerAdmin Administrator@lxf.su
DocumentRoot /usr/share/mmc/
SSLEngine on
SSLCertificateKeyFile ssl/server.key
SSLCertificateFile ssl/server.crt
SSLProtocol all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
AllowOverride None
Order allow,deny
Allow from 192.168.1.0/24
php_flag short_open_tag on
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
ErrorLog /var/log/apache2/mmc_error.log
CustomLog /var/log/apache2/mmc_access.log combined
LogLevel warn
Включаем модули апача - http, https, rewrite и ssl.
#a2ensite http
#a2ensite https
#a2enmod rewrite
#a2enmod ssl
#/etc/init.d/apache2 restart
Настраиваем плагины MMC:
Плагин BASE:
#vim /etc/mmc/plugins/base.ini
[ldap]
# LDAP we are connected to
host = 127.0.0.1
# LDAP base DN
baseDN = dc=lxf, dc=su
# Users location in the LDAP
baseUsersDN = ou=Users, %(basedn)s
# Groups location in the LDAP
baseGroupsDN = ou=Groups, %(basedn)s
# Computers Locations
baseComputersDN = ou=Computers, %(basedn)s
# LDAP manager
rootName = cn=admin, %(basedn)s
password = example
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction = 1
# Skeleton directory to populate a new home directory
skelDir = /etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup = Domain Users
# Default home directory for users
defaultHomeDir = /home
# user uid number start
uidStart = 10000
# group gid number start
gidStart = 10000
# LDAP log file path
logfile = /var/log/ldap.log
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
[backup-tools]
# Path of the backup tools
path = /usr/lib/mmc/backup-tools
# Where are put the archives
destpath = /home/samba/archives
# vim /etc/mmc/plugins/mail.ini
[main]
disable = 0
# Enable virtual domain support
vDomainSupport = 1
# If vdomain enabled, OU where the domain are stored
vDomainDN = ou=mailDomains, dc=lxf, dc=su
[userdefault]
# For Postfix delivery
mailbox = %homeDirectory%/Maildir/
# For Dovecot delivery
# mailbox = maildir:%homeDirectory%/Maildir/
# Default quota (200 MBytes) set for user
mailuserquota = 204800
# vim /etc/mmc/plugins/network.ini
[main]
disable = 0
[dhcp]
dn = ou=DHCP,dc=lxf,dc=su
pidfile = /var/run/dhcpd.pid
init = /etc/init.d/dhcp3-server
logfile = /var/log/daemon.log
leases = /var/lib/dhcp3/dhcpd.leases
[dns]
dn = ou=DNS,dc=lxf,dc=su
pidfile = /var/run/bind/run/named.pid
init = /etc/init.d/bind9
logfile = /var/log/daemon.log
bindroot = /etc/bind/
binduser = bind
bindgroup = bind
#этой строчки нет в оригинальной конфигурации, но она нужна
# dnsreader = DNS Reader
# dnsreaderpassword = DNSReaderPasswordpdc:/etc/mmc/plugins#
#vim /etc/mmc/plugins/samba.ini
[main]
disable = 0
# Computers Locations
baseComputersDN = ou=Computers, dc=lxf, dc=su
sambaConfFile = /etc/samba/smb.conf
sambaInitScript = /etc/init.d/samba
sambaClamavSo = /usr/lib/samba/vfs/vscan-clamav.so
# Default SAMBA shares location
defaultSharesPath = /home/samba
# You can specify authorized paths for share creation
# Default value is the defaultSharesPath value
# authorizedSharePaths = /shares, /opt, /srv
# Default value when adding samba attributes to an user
# DELETE means the attibute is removed from the user LDAP entry
[userDefault]
sambaPwdMustChange = DELETE
# /etc/init.d/mmc-agent restart
Restarting Mandriva Management Console XML-RPC Agent: mmc-agent 2.3.2 starting...
Using Python 2.5.2 (r252:60911, Jan 4 2009, 17:40:26)
Using Python Twisted 8.1.0
Running as euid = 0, egid = 0
Importing available MMC plugins
Created OU ou=System,dc=lxf,dc=su
Registering authenticator baseldap / base.BaseLdapAuthenticator
Registering authenticator externalldap / mmc.plugins.base.externalldap.ExternalLdapAuthenticator
Registering provisioner externalldap / mmc.plugins.base.externalldap.ExternalLdapProvisioner
Plugin base loaded, API version: 7:0:3 build(743)
Created OU ou=DHCP,dc=lxf,dc=su
Created OU ou=DNS,dc=lxf,dc=su
Created DHCP config object
The server 'pdc.lxf.su' has been set as the primary DHCP server
Plugin network loaded, API version: 2:0:0 build(743)
Created OU ou=mailDomains, dc=lxf, dc=su
Plugin mail loaded, API version: 6:1:4 build(743)
/var/lib/python-support/python2.5/mmc/support/mmctools.py:353: PotentialZombieWarning: spawnProcess called, but the SIGCHLD handler is not installed. This probably means you have not yet called reactor.run, or called reactor.run(installSignalHandler=0). You will probably never see this process finish, and it may become a zombie process.
reactor.spawnProcess(shProcess, "/bin/sh", ['/bin/sh','-c',cmd],env=os.environ)
Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server.
Plugin samba loaded, API version: 5:2:4 build(748)
Plugin proxy loaded, API version: 1:0:0 build(743)
MMC plugins activation stage 2
Selecting authenticator baseldap / base.BaseLdapAuthenticator
Authenticator baseldap successfully validated
Selecting provisioners: None
Selecting computer manager: none
SSL enabled, but peer verification is disabled.
Listening to XML-RPC requests
done.
В целом система (ММС) запустилась. Но есть ошибки. Ими займусь позже.
Перезапускаем bind9
# /etc/init.d/bind9 restart
Спасибо замечательная статья
ОтветитьУдалитькак Вы справились с ошибками /etc/init.d/mmc-agent restart