OpenLDAP(Master/Slave) + DNS(Master/Slave) + Samba
文章分为四大部分介绍实施情况:第一部分:OpenLDAP Master、Slave主机安装RedHat Enterprise Linux Server 4.2操作系统过程;
第二部分:配置OpenLDAP Master、Slave服务器和DNS Master、Slave服务器;
第三部分:Samba PDC主机安装RedHat Enterprise Linux Server 4.3操作系统过程;
第四部分:配置Samba PDC服务器、Clamav + Samba-Vscan、五笔输入法安装等服务器;
第五部分:Mail主机安装RedHat Enterprise Linux Server 4.3操作系统过程;
第六部分:配置Postfix、OpenWebmail、E-Groupware等服务器;
第七部分:客户端Windows XP、Fedora Core 5加入Samba PDC和配置电子邮件正常收发;
[b]Setp0、实现网络图:[/b]
[b]Setp1、OpenLDAP Master、Slave主机安装RedHat Enterprise Linux Server 4.2操作系统截图[/b]
磁盘配置:
设备 类型 大小
/ ext3 39911
swap 1024
网络基本配置(Master主机的网络详细配置):
etho IP/Gateway:192.168.1.254/255.255.255.0
主机名:master.easy.com
网关:192.168.1.1
主/次DNS:192.168.1.254/192.168.1.253/202.96.128.68
网络基本配置(Slave主机的网络详细配置):
etho IP/Gateway:192.168.1.253/255.255.255.0
主机名:slave.easy.com
网关:192.168.1.1
主/次DNS:192.168.1.254/192.168.1.253/202.96.128.68
防火墙基本配置:
⊙ 无防火墙
⊙ 是否启用 SELinux:已禁用
安装方式的选项:
⊙ 定制要安装的软件包(C)
桌面选项:
(√) X窗口系统 (选取全部)
(√) GNOME桌面环境 (选取全部)
应用程序选项:
(√) 工程和科学 (选取默认)
(√) 图形化互联网 (选取默认)
(√) 基于文本的互联网 (选取默认)
(√) 办公/生产率 (选取默认)
服务器选项:
(√) 服务器配置工具 (选取全部)
(√) 万维网服务器 (选取全部)
(√) Windows文件服务器 (选取全部)
(√) DNS服务器 (选取全部)
开发选项:
(√) 开发工具 (选择全部)
系统选项:
(√) 管理工具 (选取默认)
(√) 打印支持 (选取默认)
杂项选项:
全部不要选择;
主从OpenLDAP、DNS服务器所需要的全部软件包清单:
详细清单:
bind-9.2.4-2.i386.rpm bind-chroot-9.2.4-2.i386.rpm
bind-devel-9.2.4-2.i386.rpm
db4-4.2.52-7.1.i386.rpm db4-utils-4.2.52-7.1.i386.rpm
db4-devel-4.2.52-7.1.i386.rpm
openldap-2.2.13-3.i386.rpm openldap-clients-2.2.13-3.i386.rpm
openldap-devel-2.2.13-3.i386.rpm openldap-servers-2.2.13-3.i386.rpm
nss_ldap-226-6.i386.rpm
--------------------------------------------------------------------------------------------------------------------------------
特别说明:请确定以上所列表的软件包是否完全安装,如没有安装的请补完以上全部的软件包(软件包可以在系统的四张光盘中找到)!
--------------------------------------------------------------------------------------------------------------------------------
[b]Setp2、配置OpenLDAP Master、Slave服务器和DNS Master、Slave服务器[/b]
配置主DNS服务器,详细过程:
修改主DNS服务器/var/named/chroot/etc/named.conf文件,添加以下内容(注意修改/etc/目录下的named.conf也可以,因为是一个连接文件):
详细内容:
zone "easy.com" { #正解
type master;
file "/var/named/easy.com.hosts";
};
zone "1.168.192.in-addr.arpa" { #反解
type master;
file "/var/named/192.168.1.rev";
};
在主DNS服务器/var/named/chroot/var/named/目录建立正解easy.com.hosts文件,完整内容如下:
详细内容:
$ttl 38400
@ IN SOA @ fandy.easy.com. (
1137063120
10800
3600
604800
38400 )
@ IN MX 10 mail.easy.com
@ IN A 192.168.1.254
@ IN A 192.168.1.253
@ IN NS master.easy.com.
@ IN NS slave.easy.com.
master.easy.com. IN A 192.168.1.254
slave.easy.com. IN A 192.168.1.253
pdc.easy.com. IN A 192.168.1.252
在主DNS服务器/var/named/chroot/var/named/目录建立反解192.168.1.rev文件,完整内容如下:
详细内容:
$ttl 38400
@ IN SOA @ fandy.easy.com. (
1137063120
10800
3600
604800
38400 )
@ IN NS master.easy.com.
@ IN NS slave.easy.com.
253.1.168.192.in-addr.arpa. IN PTR easy.com.
254.1.168.192.in-addr.arpa. IN PTR easy.com.
253.1.168.192.in-addr.arpa. IN PTR slave.easy.com.
254.1.168.192.in-addr.arpa. IN PTR master.easy.com.
252.1.168.192.in-addr.arpa. IN PTR pdc.easy.com.
-----------------------------------------------------------------------------------------------------------------------
特别说明:Serial数值是随着easy.com.hosts和192.168.1.rev 两个文件发生变化时,Serial数值也要发生变化。Serial数值同是master及slave是否同步有关!一般而言,如果这个数值变大了,slave 才会同步更新。
-----------------------------------------------------------------------------------------------------------------------
修改主DNS服务器的/etc/resolv.conf文件,文件完整内容如下:
详细内容:
search easy.com
nameserver 192.168.1.254
nameserver 192.168.1.253
修改主DNS服务器的/var/named/chroot/var/named/localhost.zone文件,完整内容如下:
详细内容:
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
修改主DNS服务器的/var/named/chroot/var/named/named.local文件,完整内容如下:
详细内容:
$TTL 86400
@ IN SOA localhost. root.localhost. (
2005112401 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
修改主DNS服务器的/var/named/chroot/var/named/named.zero文件,完整内容如下::
详细内容:
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS localhost
启动主DNS服务器:
详细操作:
# service named start (启动named服务器)
启动 named: [ 确定 ]
配置从DNS服务器,详细过程:
修改从DNS服务器/var/named/chroot/etc/named.conf文件,添加以下内容(注意修改/etc/目录下的named.conf也可以,因为是一个连接文件):
详细内容:
zone "easy.com" { #正解内容
type slave;
masters{192.168.1.254;};
file "/var/named/easy.com.hosts";
};
zone "1.168.192.in-addr.arpa" { #反解内容
type slave;
masters{192.168.1.254;};
file "/var/named/192.168.1.rev";
};
修改从DNS服务器的/etc/resolv.conf文件,文件完整内容如下:
详细内容:
search easy.com
nameserver 192.168.1.254
nameserver 192.168.1.253
因为RHEL 4.0系统使用CHROOT机制,所以需要使用以下的命令更改目录属性,使管理员有写入的权限:
详细操作:
# chmod g+w /var/named/chroot/var/named
使用scp命令复制主DNS服务器主机中三个文件到从DNS服务器内(注意:复制文件的路径要跟主DNS主机的一样):
-----------------------------------------------------------------------------------------------------------------------
特别说明:以下的这一步操作,请在master.easy.com主机(即主DNS服务器主机)中进行,请大家一定要注意啊,重要(^_^)!
-----------------------------------------------------------------------------------------------------------------------
详细操作:
# cd /var/named/chroot/var/named/
# scp localhost.zone [url=mailto:root@slave.easy.com][color=#000000]root@slave.easy.com[/color][/url]:/var/named/chroot/var/named/
The authenticity of host 'slave.easy.com (192.168.1.253)' can't be established.
RSA key fingerprint is c1:e3:eb:ee:62:2b:e8:6c:a2:5a:21:3b:ef:79:ec:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave.easy.com,192.168.1.253' (RSA) to the list of known hosts.
[url=mailto:root@slave.easy.com][color=#000000]root@slave.easy.com[/color][/url]'s password: jinbiao (输入slave主机的root超级管理员的密码)
localhost.zone 100% 183 0.2KB/s 00:00
# scp named.local [url=mailto:root@slave.easy.com][color=#000000]root@slave.easy.com[/color][/url]:/var/named/chroot/var/named/
[url=mailto:root@slave.easy.com][color=#000000]root@slave.easy.com[/color][/url]'s password: jinbiao (输入slave主机的root超级管理员的密码)
named.local 100% 433 0.4KB/s 00:00
# scp named.zero [url=mailto:root@slave.easy.com][color=#000000]root@slave.easy.com[/color][/url]:/var/named/chroot/var/named/
[url=mailto:root@slave.easy.com][color=#000000]root@slave.easy.com[/color][/url]'s password: jinbiao (输入slave主机的root超级管理员的密码)
named.zero 100% 418 0.4KB/s 00:00
启动从DNS服务器:
详细操作:
# service named start (启动named服务器)
启动 named: [ 确定 ]
对主、从DNS服务器进行测试,使用nslookup命令来测试DNS服务器:
详细操作:
# nslookup (DNS解释查询)
> easy.com (输入要解释的域名:easy.com)
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: easy.com
Address: 192.168.1.254
Name: easy.com
Address: 192.168.1.253
> slave.easy.com (输入要查询的域名主机名:mail.easy.com)
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: slave.easy.com
Address: 192.168.1.253
> master.easy.com (输入要查询的域名主机名:ldap.easy.com)
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: master.easy.com
Address: 192.168.1.254
检查主、从DNS服务器运行是否同步:
在主DNS服务器/var/named/chroot/var/named/easy.com.hosts文件新增一个正解主机记录内容:
详细内容:
@ IN SOA @ fandy.easy.com. (
1137063120
更改为:
@ IN SOA @ fandy.easy.com. (
1137063121 (每改一次在原值基础1137063120+1=1137063121)
mail.easy.com. IN A 192.168.1.251 (新增一个正解主机记录)
在主DNS服务器/var/named/chroot/var/named/192.168.1.rev文件新增一个反解主机记录内容:
详细内容:
@ IN SOA @ fandy.easy.com. (
1137063120
更改为:
@ IN SOA @ fandy.easy.com. (
1137063121 (每改一次在原值基础1137063120+1=1137063121)
251.1.168.192.in-addr.arpa. IN PTR mail.easy.com. (新增一个反解主机记录)
重新启动主DNS服务器:
详细操作:
# service named restart (重新启动named服务器)
停止 named: [ 确定 ]
启动 named: [ 确定 ]
检查从DNS服务器的日志记录,以便分析主、从DNS同步的情况:
详细内容:
# tail -n 15 /var/log/messages
Mar 22 20:16:42 master named[3327]: running
Mar 22 20:16:42 master named[3327]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 1137063123)
Mar 22 20:16:42 master named[3327]: zone easy.com/IN: sending notifies (serial 1137063123)
Mar 22 20:16:42 master named[3327]: client 192.168.1.253#32777: transfer of '1.168.192.in-addr.arpa/IN': AXFR-style IXFR started
Mar 22 20:16:42 master named[3327]: received notify for zone '1.168.192.in-addr.arpa'
Mar 22 20:16:42 master named[3327]: received notify for zone '1.168.192.in-addr.arpa'
Mar 22 20:16:42 master named[3327]: received notify for zone 'easy.com'
Mar 22 20:16:42 master named[3327]: client 192.168.1.253#32778: transfer of 'easy.com/IN': AXFR-style IXFR started
Mar 22 20:16:42 master named[3327]: received notify for zone 'easy.com'.easy.com.
如出现以上的日志信息,主、从DNS服务器主、从DNS已经同步。 配置主Op enLDAP服务器,详细过程:
在配置主Op enLDAP前,先复制samba.schema文件到/etc/openldap/schema/目录下(添加ldap所需要的samba认证的资料文件到schema目录):
详细操作:
# cp /usr/share/doc/samb-3.0.10/LDAP/samba.schema /etc/openldap/schema/
-----------------------------------------------------------------------------------------------------------------------
说明:请一定要复制samba.schema文件到/etc/openldap/schema目录下, 否则在启动ldap时会出现以下的错误提示信息:
# service ldap start
检查 的配置文件:slaptest: bad configuration file! [失败]
-----------------------------------------------------------------------------------------------------------------------
修改主Op enLDAP服务器/etc/openldap/目录中的slapd.conf文件,主要说明修改的关键部分:
详细配置内容:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
部分增加以下一行内容:
include /etc/openldap/schema/samba.schema
database ldbm(定义ldap的数据库类型)
更改为:
database bdb
suffix "dc=my-domain,dc=com" (定义ldap搜索的域后缀)
rootdn "cn=Manager,dc= my-domain,dc=com" (定义ldap的管理DN)
更改为:
suffix "dc=easy,dc=com"
rootdn "cn=admin,dc=easy,dc=com"
# rootpw {crypt}ijFYNcSNctBYg (设置管理DN的密码)
更改为:
rootpw {SSHA}zW6nrZ8Muho9GOl/nAk3grt4Xqq0ZpJi
继续slapd.conf文件内容:
详细配置内容:
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
更改为:
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.co
更改为:
replogfile /var/lib/ldap/openldap-slave.replog
replica host=slave.easy.com:389
binddn="cn=admin,dc=easy,dc=com"
bindmethod=simple credentials=jinbiao
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
-----------------------------------------------------------------------------------------------------------------------
特别说明:DN管理者密码的制造过程:
# slappasswd -h {SSHA} -s jinbiao (产生SSHA密码的加密方式)
{SSHA}ahKxZL3yjzLtZxXgx+WEMOrpcYH5/D3m
# slappasswd -h {MD5} -s jinbiao (产生MD5密码的加密方式)
{MD5}aQM3a2IdXua7HkURAn0Gbg==
特别说明:新增权限设定。在slapd.conf文件最后部分添加的内容,作用为定义ldap的访问权限(注意书写的格式,因为作者就是因为这个问题浪费了不少的时间和感情啦!
-----------------------------------------------------------------------------------------------------------------------
修改主Op enLDAP服务器/etc/openldap/ldap.conf文件内容,主要说明修改的关键部分:
详细配置内容:
BASE dc=example,dc=com (更改ldap搜索的域后缀)
更改为:
BASE dc=easy,dc=com
TLS_CACERTDIR /etc/openldap/cacerts(不使用TLS服务项目)
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
启动主Op enLDAP服务器项目,详细操作如下:
详细操作:
# service ldap start
检查 slapd 的配置文件:config file testing succeeded
启动 slapd: [ 确定 ]
启动 slurpd: [ 确定 ]
查询master.easycom的目录内容:
详细操作:
# ldapsearch -x -h master.easy.com -b "dc=easy,dc=com"
# extended LDIF
#
# LDAPv3
# base with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
配置从OpenLDAP服务器,详细过程:
在配置从OpenLDAP服务器前,请先停止主OpenLDAP服务器,详细操作如下(请在Master主机内操作):
详细操作:
# service ldap stop
停止 slapd: [ 确定 ]
停止 slurpd: [ 确定 ]
同时配置从OpenLDAP服务器,也要复制samba.schema文件到/etc/openldap/schema/目录下(添加ldap所需要的samba认证的资料文件到schema目录):
详细操作:
# cp /usr/share/doc/samb-3.0.10/LDAP/samba.schema /etc/openldap/schema/
-----------------------------------------------------------------------------------------------------------------------
说明:请一定要复制samba.schema文件到/etc/openldap/schema目录下, 否则在启动ldap时会出现以下的错误提示信息:
# service ldap start
检查 的配置文件:slaptest: bad configuration file! [失败]
-----------------------------------------------------------------------------------------------------------------------
使用scp命令复制主OpenLDAP服务器主机中/var/lib/ldap所有文件到从DNS服务器内(注意:复制文件的路径要跟主DNS主机的一样):
-----------------------------------------------------------------------------------------------------------------------
特别说明:以下的这一步操作,请在master.easy.com主机(即主DNS服务器主机)中进行,请大家一定要注意啊,重要(^_^)!
-----------------------------------------------------------------------------------------------------------------------
详细操作:
# cd /var/lib/ldap
# scp * [url=mailto:root@slave.easy.com]root@slave.easy.com[/url]:/var/lib/ldap/
[url=mailto:root@slave.easy.com]root@slave.easy.com[/url]'s password: jinbiao (输入slave主机的root超级管理员的密码)
cn.bdb 100% 8192 8.0KB/s 00:00
__db.001 100% 16KB 16.0KB/s 00:00
__db.002 100% 272KB 272.0KB/s 00:00
__db.003 100% 96KB 96.0KB/s 00:00
__db.004 100% 16KB 96.0KB/s 00:00
__db.005 100% 1KB 96.0KB/s 00:00
dn2id.bdb 100% 8192 8.0KB/s 00:00
id2entry.bdb 100% 32KB 32.0KB/s 00:00
log.0000000001 100% 161KB 161.1KB/s 00:00
更改从OpenLDAP服务器/var/lib/ldap/目录的用户权限和属性,详细操作如下(请在Slave主机内操作):
详细操作:
# chown -R ldap.ldap /var/lib/ldap
# chmod 700 /var/lib/ldap
修改从OpenLDAP服务器/etc/openldap/目录中的slapd.conf文件,主要说明修改的关键部分(请在Slave主机内操作):
详细配置内容:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
部分增加以下一行内容:
include /etc/openldap/schema/samba.schema
database ldbm(定义ldap的数据库类型)
更改为:
database bdb
suffix "dc=my-domain,dc=com" (定义ldap搜索的域后缀)
rootdn "cn=Manager,dc= my-domain,dc=com" (定义ldap的管理DN)
更改为:
suffix "dc=easy,dc=com"
rootdn "cn=admin,dc=easy,dc=com"
# rootpw {crypt}ijFYNcSNctBYg (设置管理DN的密码)
更改为:
rootpw jinbiao
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
更改为:
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
#新增加查找Master主机的方式
updatedn "cn=admin,dc=easy,dc=com"
updateref ldap://master.easy.com
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
修改从OpenLDAP服务器/etc/openldap/ldap.conf文件内容,主要说明修改的关键部分:
详细配置内容:
BASE dc=example,dc=com (更改ldap搜索的域后缀)
更改为:
BASE dc=easy,dc=com
TLS_CACERTDIR /etc/openldap/cacerts(不使用TLS服务项目)
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
先启动主OpenLDAP服务器项目,详细操作如下(请在Master主机内操作):
详细操作:
# service ldap start
检查 slapd 的配置文件:config file testing succeeded
启动 slapd: [ 确定 ]
启动 slurpd: [ 确定 ]
再启动从OpenLDAP服务器项目,详细操作如下(请在Slave主机内操作):
详细操作:
# service ldap start
检查 slapd 的配置文件:config file testing succeeded
启动 slapd: [ 确定 ] Setp3、Samba PDC主机安装RedHat Enterprise Linux Server 4.3操作系统过程截图
磁盘配置:
设备 类型 大小
/ ext3 39911
swap 1024
网络基本配置(Master主机的网络详细配置):
etho IP/Gateway:192.168.1.252/255.255.255.0
主机名:pdc.easy.com
网关:192.168.1.1
主/次DNS:192.168.1.254/192.168.1.253/202.96.128.68
防火墙基本配置:
⊙ 无防火墙
⊙ 是否启用 SELinux:已禁用
安装方式的选项:
⊙ 定制要安装的软件包(C)
桌面选项:
(√) X窗口系统 (选取全部)
(√) GNOME桌面环境 (选取全部)
应用程序选项:
(√) 工程和科学 (选取默认)
(√) 图形化互联网 (选取默认)
(√) 基于文本的互联网 (选取默认)
(√) 办公/生产率 (选取默认)
服务器选项:
(√) 服务器配置工具 (选取全部)
(√) 万维网服务器 (选取全部)
(√) Windows文件服务器 (选取全部)
开发选项:
(√) 开发工具 (选择全部)
系统选项:
(√) 管理工具 (选取全部)
(√) 系统工具 (选取全部)
(√) 打印支持 (选取全部)
杂项选项:
全部不要选择;
Samba PDC服务器所需要的全部软件包清单:
详细清单:
openldap-clients-2.2.13-3.i386.rpm nss_ldap-226-6.i386.rpm
perl-Crypt-SmbHash-0.12-1.rhel4.noarch.rpm
perl-Digest-MD4-1.5-2.rhel4.i386.rpm
perl-Digest-SHA1-2.07-5.i386.rpm
perl-LDAP-0.31-5.noarch
perl-XML-SAX-0.12-7.noarch.rpm
samba-3.0.10-1.4E.2.i386.rpm samba-client-3.0.10-1.4E.2.i386.rpm
samba-common-3.0.10-1.4E.2.i386.rpm smbldap-tools-0.9.1-1.2.el4.rf.noarch.rpm
----------------------------------------------------------------------------------------------------------------------
特别说明:请确定以上所列表的软件包是否完全安装,如没有安装的请补完以上全部的软件包(软件包可以在系统的四张光盘中找到)!
------------------------------------------------------------------------------------------------------------------------
Setp4、配置Samba PDC服务器、Clamav + Samba-Vscan、五笔输入法安装等服务器
配置Samba PDC服务器,详细过程:
更改为使用LDAP帐号做pdc.easy.com主机的系统帐号,修改/etc/目录中的nsswitch.conf文件,主要说明修改的关键部分:
详细配置内容:
passwd: files
shadow: files
group: files
更改为:
passwd: files ldap
shadow: files ldap
group: files ldap
使用setup命令来配置用户和验证的详细信息:
详细操作:
# setup
选择一种工具项目中选择:验证配置,然后按“运行工具”键;
用户信息项目中点选:
“缓存信息”、“使用LDAP”;
验证项目中点选:
“使用MD5口令”、“使用屏蔽口令”、“使用LDAP验证”;
然后按“下一步”键;
LDAP设置:
[ ] 使用TLS (不要点选);
服务器:192.168.1.254 (按默认地址)
基点 DN:dc=easy,dc=com (更改为:dc=easy,dc=com)
然后按“确定”键:
系统自动执行过程如下:
setsebool: SELinux is disabled.
停止 nscd: [ 失败 ]
启动 nscd: [ 确定 ]
执行后以上的操作后,将后回到“选择一种工具”介面,按“退出”键,完成所有ldap进认证过程。
修改/etc/pam.d/目录中的sshd文件,完整文件内容如下:
详细配置内容:
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient /lib/security/pam_ldap.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
修改/etc/openldap/目录中的ldap.conf文件,主要说明修改的关键部分:
详细配置内容:
TLS_CACERTDIR /etc/openldap/cacerts
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
修改/etc/目录中的ldap.conf文件,主要说明修改的关键部分:
详细配置内容:
# rootbinddn cn=Manager,dc=easy,dc=com
更改为:
rootbinddn cn=admin,dc=easy,dc=com
#krb5_ccname FILE:/etc/.ldapcache
添加以下内容:
#krb5_ccname FILE:/etc/.ldapcache
nss_base_passwd ou=Users,dc=easy,dc=com?one
nss_base_passwd ou=Computers,dc=easy,dc=com?one
nss_base_shadow ou=Users,dc=easy,dc=com?one
nss_base_group ou=Groups,dc=easy,dc=com?one
TLS_CACERTDIR /etc/openldap/cacerts
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
调整系统中的pam_ldap模组设定,详细操作如下:
详细配置内容:
# echo jinbiao > /etc/ldap.secret
# chmod 600 /etc/ldap.secret
Samba的主要配置文件/etc/samba/smb.conf,其实系统中存有一个实际的例子配置文件可提供参考,只要更换成例子文件和按照自己的实际情况做一定的修改就可供使用:
详细操作:
# cp /usr/share/doc/smbldap-tools-0.9.1/smb.conf /etc/samba/
cp:是否覆盖‘/etc/samba/smb.conf’? y
修改/etc/samba/smb.conf文件,以下为完整文件的详细内容::
详细配置内容:
################### Global parameters#################
[global]
workgroup = easy-pdc
netbios name = PDC
server string = Samba Server %v
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = %U.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
passdb backend = ldapsam:ldap://192.168.1.254
ldap admin dn = cn=admin,dc=easy,dc=com
ldap suffix = dc=easy,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /sbin/smbldap-useradd -m "%u"
add machine script = /sbin/smbldap-useradd -t 0 -w "%u"
add group script = /sbin/smbldap-groupadd -p "%g"
add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /sbin/smbldap-usermod -g '%g' '%u'
继续smb.conf文件内容:
详细配置内容:
#################### Homes parameters ####################
[homes]
comment = repertoire de %U, %u
browseable = no
writeable = yes
read only = no
force create mode = 0700
create mode = 0700
force directory mode = 0700
directory mode = 700
################## Netlogone parameters ##################
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
################### Public parameters ###################
[public]
comment = Public Directory
path = /home/public/
browseable = No
writable = yes
guest ok = yes
create mask = 0777
---------------------------------------------------------------------------------------------------
特别提示:在网上有一些文章介绍可以实现自动创建计算机帐号的方法,不知道可否正常使用,小弟没有试过!
操作如下在smb.conf文件的[global]里加入以下内容(注:适合Samba 3.0版以上):
add machind script = /usr/sbin/useradd –d /dev/null –g 100 –s /bin/false –M %u
-------------------------------------------------------------------------------------------------------
建立相关共享目录操作:
详细操作:
# mkdir /home/netlogon
# mkdir /home/public
启动Samba服务项目:
详细操作:
# service smb start
启动 SMB 服务: [ 确定 ]
启动 NMB 服务: [ 确定 ]
添加Samba admin dn的ldap管理员密码(注意密码要和您openldap的rootdn密码要一致啊):
详细操作:
# smbpasswd -w jinbiao
Setting stored password for "cn=Manager,dc=easy,dc=com" in secrets.tdb
使用testparm命令来测试Samba PDC服务器配置是否正常启动:
详细操作:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
Sambldap的配置使用过程:
详细操作:
# cd /usr/share/doc/smbldap-tools-0.9.1/
# ./configure.pl
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Crtl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] >
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba act as a PDC
workgroup name [easy-pdc] >
. netbios name: netbios name of the samba controler
netbios name [PDC] >
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] >
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\PDC\%U'
logon home (press the "." character if you don't want homeDirectory) [\\PDC\%U] >
. logon path: directory where roaming profiles are stored. Ex:'\\PDC\profiles\%U'
logon path (press the "." character if you don't want roaming profile) [\\PDC\profiles\%U] > . (输入“.”)
. home directory prefix (use %U as username) [/home/%U] >
. default users' homeDirectory mode [700] >
. default user netlogon script (use %U as username) [%U.bat] >
default password validation time (time in days) [45] >
. ldap suffix [dc=easy,dc=com] >
. ldap group suffix [ou=Groups] >
. ldap user suffix [ou=Users] >
继续smb.conf文件内容:
详细配置内容:
. ldap machine suffix [ou=Computers] >
. Idmap suffix [ou=Idmap] >
. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=easy-pdc] >
. ldap master server: IP adress or DNS name of the master (writable) ldap server
ldap master server [192.168.1.254] >
. ldap master port [389] >
. ldap master bind dn [cn=admin,dc=easy,dc=com] >
. ldap master bind password [] > jinbiao (Samba admin dn的ldap管理密码)
. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
ldap slave server [192.168.1.253] >
. ldap slave port [389] >
. ldap slave bind dn [cn=admin,dc=easy,dc=com] >
. ldap slave bind password [] > jinbiao (Samba admin dn的ldap管理密码)
. ldap tls support (1/0) [0] >
. SID for domain easy-pdc: SID of the domain (can be obtained with 'net getlocalsid PDC')
SID for domain easy-pdc [S-1-5-21-180106793-3696075058-2673375136] >
. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
. default user gidNumber [513] >
. default computer gidNumber [515] >
. default login shell [/bin/bash] >
. default skeleton directory [/etc/skel] >
. default domain name to append to mail adress [] > easy.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
backup old configuration files:
/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
/etc/smbldap-tools/smbldap.conf done.
/etc/smbldap-tools/smbldap_bind.conf done.
-------------------------------------------------------------------------------------------------------
重点说明:检查/etc/smbldap-tools/目录内的smbldap_bind.conf文件以下内容要一致:
slaveDN=″cn=admin,dc=easy,dc=com″
slavePW =″jinbiao″
masterDN=″cn=admin,dc=easy,dc=com″
masterPW “jinbiao”
----------------------------------------------------------------------------------------------
使用smbldap-populate命令初始化用户服务数据库:
详细操作:
# smbldap-populate
Populating LDAP directory for domain easy-pdc (S-1-5-21-810223790-3119279897-2165375470)
(using builtin directory structure)
adding new entry: dc=easy,dc=com
adding new entry: ou=Users,dc=easy,dc=com
adding new entry: ou=Groups,dc=easy,dc=com
adding new entry: ou=Computers,dc=easy,dc=com
adding new entry: ou=Idmap,dc=easy,dc=com
adding new entry: uid=root,ou=Users,dc=easy,dc=com
adding new entry: uid=nobody,ou=Users,dc=easy,dc=com
adding new entry: cn=Domain Admins,ou=Groups,dc=easy,dc=com
adding new entry: cn=Domain Users,ou=Groups,dc=easy,dc=com
adding new entry: cn=Domain Guests,ou=Groups,dc=easy,dc=com
adding new entry: cn=Domain Computers,ou=Groups,dc=easy,dc=com
adding new entry: cn=Administrators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Account Operators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Print Operators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Backup Operators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Replicators,ou=Groups,dc=easy,dc=com
adding new entry: sambaDomainName=easy-pdc,dc=easy,dc=com
Please provide a password for the domain root:
Changing password for root
New password : jinbiao (admin的ldap管理密码)
Retype new password : jinbiao (admin的ldap管理密码)
查看Samba的SID编号:
详细操作:
# net getlocalsid
SID for domain PDC is: S-1-5-21-180106793-3696075058-2673375136 为Samba添加用户和计算机名:
详细操作:
# smbldap-useradd -a user1 (添加一个samba帐号)
# smbldap-useradd -a -m user2 (添加一个samba帐号并创建主目录)
# smbldap-useradd -m user3 (添加一个系统用户帐号并创建主目录)
# smbldap-useradd -w winxp$ (添加一个域计算机帐号)
更改user2帐号的密码:
详细操作:
# smbldap-passwd user2
Changing password for user2
New password : 123456 (用户密码)
Retype new password : 123456 (确认用户密码)
添加user2帐号的信息:
详细操作:
# smbldap-userinfo user2
Changing the user information for user2
Enter the new value, or press ENTER for the default
User Shell [/bin/bash]: /bin/sh
Full Name [System User]: fan jin biao
Room Number []: 4873
Work Phone []: 013060677004
Home Phone []: 82-020-84680605
Other []: ha ha!
LDAP updated
查看user2帐号的信息:
详细操作:
# smbldap-usershow user2
dn: uid=user2,ou=Users,dc=easy,dc=com
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
uid: user2
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/user2
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-180106793-3696075058-2673375136-3004
sambaPrimaryGroupSID: S-1-5-21-180106793-3696075058-2673375136-513
sambaLogonScript: user2.bat
sambaHomePath: \\PDC\user2
sambaHomeDrive: H:
sambaLMPassword: 15881AE64C222524AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: D577561A7CF0233733F6EA39BB596996
sambaPwdLastSet: 1143371120
sambaPwdMustChange: 1147259120
userPassword: {SSHA}v2dehnqb1ljAVTK6SJUhG3a0/uxKOVpP
gecos: fan jin biao,4873,013060677004,82-020-84680605,ha ha!
cn: fan jin biao
sn: biao
givenName: fan jin
roomNumber: 4873
telephoneNumber: 013060677004
homePhone: 82-020-84680605
loginShell: /bin/sh
Samba用户登陆调试说明:
使用user2帐号登陆PDC服务器:
详细操作:
# smbclient -L 192.168.1.254 -U user2
Password:
Domain=[EASY-PDC] OS=[Unix] Server=[Samba 3.0.10-1.4E.6]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server 3.0.10-1.4E.6)
ADMIN$ IPC IPC Service (Samba Server 3.0.10-1.4E.6)
user2 Disk repertoire de user2, user2
Domain=[EASY-PDC] OS=[Unix] Server=[Samba 3.0.10-1.4E.6]
Server Comment
--------- -------
PDC Samba Server 3.0.10-1.4E.6
Workgroup Master
--------- -------
EASY-PDC PDC
MYGROUP MASTER
WORKGROUP NANSHA
Samba域建立Windows用户登陆logon文件(本例为建立user2用户的user2.bat文件):
使用“文本编辑器”在/home/netlogon/目录新建user2.tmp文件,完整内容如下:
详细内容:
net time \\PDC /set /yes (客户端与服务器的时间同步)
net use T: \\PDC\public (设定public目录为T:盘)
将tmp文件转换成bat文件(因操作系统文件格式的不同,所以要进行一些特殊的转换工作):
详细内容:
# cat -A user2.tmp | tr ‘$’ ‘\r’ > user2.bat
查看user2.bat文件转换结果:
详细内容:
# cat -A user2.bat
net time \\PDC /set /yes^M$
net use T: \\PDC\public^M$
使用Clamav + Samba-Vscan查杀Samba服务器内设定的共享文件夹内容:
软件包格式:clamav-db-0.86.2-1.2.el4.rf.i386.rpm
clamav-0.86.2-1.2.el4.rf.i386.rpm
clamav-devel-0.86.2-1.2.el4.rf.i386.rpm
clamd-0.86.2-1.2.el4.rf.i386.rpm
clamav-milter-0.86.2-1.2.el4.rf.i386.rpm
软件包的大小分别为(KB):2385KB、602KB、153KB、58KB 、66KB
下载地址:[url]http://dries.studentenweb.org/rpm/packages/clamav/info.html[/url]
软件包格式: samba-vscan-clamav-0.3.6-1.i386.rpm
软件包的大小(KB):56KB
下载地址:[url]http://crash-hat.sd2.mirrors.redwire.net/crash-hat/3/samba-vscan/[/url]
安装Clamav软件包:
详细操作:
# clamav-db-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-db-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav-db ########################################### [100%]
# clamav-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav ########################################### [100%]
# clamav-devel-0.86.2-1.2.el4.rf.i386.rpm
warning: clamd-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamd ########################################### [100%]
# clamd-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-devel-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav-devel ########################################### [100%]
# clamav-milter-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-milter-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav-milter ########################################### [100%]
-----------------------------------------------------------------------------------------------------------------------
特别提示:请严格按照以上的安装顺序来安装Clamav软件包,否则出现安装不成功的情况!
-----------------------------------------------------------------------------------------------------------------------
安装Samba-Vscan软件包:
详细操作:
# samba-vscan-clamav-0.3.6-1.i386.rpm
warning: samba-vscan-clamav-0.3.6-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1
Preparing... ########################################### [100%]
1:samba-vscan-clamav ########################################### [100%]
升级病毒库文件:
详细操作:
# freshclam –verbose
Current working dir is /var/clamav
Max retries == 3
ClamAV update process started at Fri Jan 27 17:37:45 2006
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.88
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.86.2 Recommended version: 0.88
DON'T PANIC! Read [url]http://www.clamav.net/faq.html[/url]
main.cvd version from DNS: 35
Retrieving [url]http://db.cn.clamav.net/main.cvd[/url]
Downloading main.cvd
main.cvd updated (version: 35, sigs: 41649, f-level: 6, builder: tkojm)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 5, recommended = 6
DON'T PANIC! Read [url]http://www.clamav.net/faq.html[/url]
daily.cvd version from DNS: 1252
Retrieving [url]http://db.cn.clamav.net/daily.cvd[/url]
Downloading daily.cvd
daily.cvd updated (version: 1252, sigs: 1513, f-level: 7, builder: diego)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 5, recommended = 7
DON'T PANIC! Read [url]http://www.clamav.net/faq.html[/url]
Database updated (43162 signatures) from db.cn.clamav.net (IP: 221.6.197.162)
ERROR: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310
connect(): Connection refused
Freeing option list...done
修改/etc/samba/目录中的smb.conf文件中[global]配置部分加入以下内容,完整内容如下:
详细操作:
############################## Global parameters############################
[global]
workgroup = easy-pdc
netbios name = PDC
server string = Samba Server %v
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = %U.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=easy,dc=com
ldap suffix = dc=easy,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /sbin/smbldap-useradd -m "%u"
add machine script = /sbin/smbldap-useradd -t 0 -w "%u"
add group script = /sbin/smbldap-groupadd -p "%g"
add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /sbin/smbldap-usermod -g '%g' '%u'
vfs object = vscan-clamav
vscan-oav: config-file = /etc/samba/vscan-clamav.conf
修改修改/etc/samba/目录中的vscan-clamav.conf文件,主要说明修改的关键部分,详细内容如下:
详细操作:
infected file action = nothing (当找到感染的档案是否发出”警告popup 窗口”给windows)
更改为:
infected file action = quarantine
修改修改/etc/目录中的clamd.conf文件,主要说明修改的关键部分,详细内容如下:
详细操作:
TCPSocket 3310 (取消TCPSocket 3310)
更改为:
#TCPSocket 3310
#LocalSocket /var/run/clamav/clamd.sock (clamd socket的位置)
更改为:
LocalSocket /var/run/clamav/clamd.sock
User clamav (更改操作用户帐号)
更改为:
User root
重新启动Samba服务项目:
详细操作:
# service smb restart
关闭 SMB 服务: [ 确定 ]
关闭 NMB 服务: [ 确定 ]
启动 SMB 服务: [ 确定 ]
启动 NMB 服务: [ 确定 ]
启动Samba服务项目:
详细操作:
# service clamd start
Starting Clam AntiVirus Daemon [ 确定 ]
如果看到以下的讯息表现已经成功:
详细操作:
# tail /var/log/messages
Jan 27 17:56:10 ldap clamd[3218]: HTML support enabled.
Jan 27 17:56:10 ldap clamd[3218]: Self checking every 1800 seconds.
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: samba-vscan (vscan-clamav 0.3.6) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: connect to service IPC$ by user nobody
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: disconnected
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: samba-vscan (vscan-clamav 0.3.6) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: connect to service IPC$ by user user2
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: samba-vscan (vscan-clamav 0.3.6) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: connect to service IPC$ by user nobody
Jan 27 17:56:37 ldap smbd_vscan-clamav[3209]: INFO: disconnected 为操作系统增加(五笔和拼音等)Fcitx中文输入法:
软件包格式:fcitx-3.0.2-1.i386.rpm
软件包的大小(KB):45858KB
下载地址:[url]http://www.fcitx.org/main/?q=node/9[/url]
安装Fcitx软件包前,检查和删除系统原有的输入法,详细操作如下:
-----------------------------------------------------------------------------------------------------------------------
特别提示:在安装fcitx-3.0.2-1.i386.rpm之前,请先执行以下的操作(一定要做啊!因为非常重要的啊(^_^)):
-----------------------------------------------------------------------------------------------------------------------
详细操作:
# service iiim status (查找iiim输入法服务是否在运行)
htt (pid 2126) 正在运行...
# service iiim stop (停止iiim服务)
正在停止 IIIMF 输入法服务器: [ 确定 ]
# chkconfig –del iiim (禁止iiim服务自动运行)
-----------------------------------------------------------------------------------------------------------------------
特别提示:特别说明:禁止iiim服务自动运行的方法有两种,第一种方法就是使用命令方式如上,另一种的方法就是使用来实现(本人也是使用这种方法的啊!):
点击“任务栏” → “系统配置” → “服务器配置” → “服务”,取消iiim项目
前的“√”,结果以下图:
点出工具栏图标按键“保存(S)”,结果以下图:
-----------------------------------------------------------------------------------------------------------------------
详细操作:
# rpm -e miniChinput (删除系统原有的miniChinput软件包)
# rpm –e xcin (删除系统原有的xcin软件包)
现在正式开始安装citx-3.0.0-1输入法,请注意啦(记住要输入后面的参数):
详细操作:
# rpm -ivh fcitx-3.0.2-1.i386.rpm --nodeps --force (输入法的安装)
Preparing... ############################### [100%]
1:fcitx ############################# [100%]
进行用户环境的相关配置:
修改.bashrc文件 (是隐藏文件,所以前面有一个“.”):
详细内容:
# vi ~/.bashrc (使用VI命令编辑.bashrc,在这个文件最后面加上)
export LC_ALL=zh_CN.UTF-8
export LANG=zh_CN.UTF-8
export XMODIFIERS="@im=fcitx"
在/etc/X11/xinit/xinput.d/目录中新建一个名为fcitx的文件,输入如下内容:
详细内容:
XMODIFIERS="@im=fcitx"
XIM=fcitx
XIM_PROGRAM=fcitx
用文本编辑器打开/etc/alternatives/xinput-zh_CN把它的内容也修改为:
详细内容:
XMODIFIERS="@im=fcitx"
XIM=fcitx
XIM_PROGRAM=fcitx
完成用户环境的相关配置后,重新启动操作系统:
详细操作:
# reboot
-----------------------------------------------------------------------------------------------------------------------
特别提示:如果此时不能输入中文或不能启动输入法,则执行下列命令:
# rm ~root/.fcitx –rf
然后重新启动操作系统:
# reboot
----------------------------------------------------------------------------------------------------------------------- Setp7、Windows XP SP2英文版操作系统加入Samba PDC域详细说明:
在Windows XP SP2加入SMB域之前,请先运行以下的两个注册文件:
A、 WinXP_PlainPassword.reg
B、 WinXP_SignOrSeal.reg
-----------------------------------------------------------------------------------------------------------------------
说明:WinXP_PlainPassword.reg、WinXP_SignOrSeal.reg这两个文件可以在/usr/share/doc/samba
-3.0.10/registry/目录查找到!
-----------------------------------------------------------------------------------------------------------------------
完成WinXP_PlainPassword.reg、WinXP_SignOrSeal.reg两个注册文件的安装工作后,点击“我的电脑” → “属性”,出现“系统属性”窗口;
点击“计算机名” → “网络标识” → “更改(C)...”;
出现“计算机名称更改”属性窗口:
“隶属于” → “域(D):” 输入easy-pdc;(sambaDomain Namep定义域名);
出现新的“计算机名更改”信息窗口;
请输入有加入该域权限的帐户的名称和密码:
用户名(U):root
密码(P):jinbiao
如果输入的“计算机名(C):”和“域(D):”正确,经过一小段时间就会出现“欢迎加入easy-pdc域”的信息窗口;
关闭“欢迎加入easy-pdc域”的信息窗口,按“确定”键,接着出现新的提示窗口“要使更改生效,必须重新启动计算机”信息窗口;
关闭“要使更改生效,必须重新启动计算机”信息窗口。回到“系统属性”窗口,按“确定”键,关闭“系统属性”窗口;
接着出现“系统设置改变”信息窗口,提示“必须重新启动计算机才能使新设置生效,想现在重新启动计算机吗?”,按“是(Y)”键,关闭“系统设置改变”信息窗口;
到这为止,就完成Windows XP SP2英文版操作系统加入Samba PDC域的工作!
完成重新启动后,出现第一个信息“Welcome to Windows”窗口:
根据信息提示同时按“Ctrl” + “Alt” + “Delete”三个按键,出现“Log On to Windows” 窗口:
在“Log On to Windows” 窗口中点击“Options >>”按键;
现在可以试一下输入以下的用户信息登陆到Easy-PDC网域内:
User name:user2
Password:123456
Log on to:EASY-PDC
登陆操作系统后,桌面环境(一片空白);
在桌面内,按“Mouse”右键,“Properties”;
出现“Display Properties”窗口,点选“Themes” 标签栏;
“Themes”选择框选择“Windows XP”;
点选“Desktop” 标签栏;
点击“Customize Desktop…”按键,出现“Desktop Items”属性窗口;
“Desktop icons”选择栏中,点选:
⊙ My Documents
⊙ My Network Places
⊙ My Computer
⊙ Internet Explorer
点击“OK”按键,回到“Display Properties”窗口;
继续点击“Apply”、“OK”按键,更改主题过程;
完成更改主题后,出现我们熟识的Windows XP介面;
双击桌面中的“My Computer”;
打开“My Computer”后,查看一下是否出现以下的内容:
H:网络盘;
T:网络盘;
-----------------------------------------------------------------------------------------------------------------------
特别说明:根据部分用户的反应,使用中文版Windows XP SP2操作系统可以正常的加入到Samba PDC域,但使用Samba PDC域内的用户登陆到Windows XP SP2操作系统后出现以下的提示信息(如下图):
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
根据Microsoft官方的解释原因为如下:
说明连接地址:[url]http://support.microsoft.com/?sc[/url] ... id=1173&sid=464
如果满足以下条件,则可能发生此问题,Desktop.ini 文件存在于以下一个或多个文件夹中,其中 drive 是安装 Windows 的驱动器:
• drive:\Documents and Settings\All Users\Start Menu\Programs\Startup
• drive:\Documents and Settings\All Users\Start Menu\Programs
• drive:\Documents and Settings\All Users\Start Menu
• Desktop.ini 文件包含以下行:
[.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
解决方法:使用系统配置实用程序 (Msconfig.exe) 来禁用启动项目,详细的操作方法如下(我使用中文版来说明操作以方便大家了解):
点击任务栏“开始” → “运行”;
出现“运行”信息窗口,
打开(D):msconfig;
出现“系统配置实用程序”信息窗口:
点击“启动”标签;
取消启动项目内所有的“desktop”的选择项如下图:
启动项目: 命令:
desktop C:\Documents and Settings\fandy.EASY-PDC\..........\desktop.ini
取消完启动项目内容后,点击 “应用(A)”键 → “确定”键;
接着出现“系统配置”信息窗口:
点击“重新启动(R)”键;
重新启动后,用户再次登陆系统时,会现出以下的提示信息窗口:
点选:⊙ 在Windows启动时不显示此信息或启动系统配置实用程序
再点击“确定”键,就可以完整的解决以上的问题了!
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
特别说明:再补充说明一下如何的更改用户帐号的密码,详细操作步骤如下:
在用户可以正常的登陆到Windows XP SP2操作系统桌面后,请同时按“Ctrl” + “Alt” + “Delete”三个按键,出现“Windows 安全”窗口;
点击“更改密码(C)……”按键;
出现“更改密码”信息提示窗口;
请输入以下的完整信息:
用户名(U):fandy
登录到(L):EASY-PDC
旧密码(O):123456
新密码(N):jinbiao
确认新密码(C):jinbiao
输入完以下的资料后,请点击“确定”键;
出现“您的密码已更改”的信息提示,请点击“确定”键;
操作到这一步,就可以算是完成这次“用户密码更改”的任务了! wow,先顶一下再看 老大写的太全面了,谢谢
学习中!
页:
[1]
