{"id":503,"date":"2015-08-17T00:44:43","date_gmt":"2015-08-16T21:44:43","guid":{"rendered":"https:\/\/furkansandal.com\/linux-aktif-dizin-kullanici-tanilama-active-directory-authentication-entegrasyonu\/"},"modified":"2015-08-17T00:44:43","modified_gmt":"2015-08-16T21:44:43","slug":"linux-aktif-dizin-kullanici-tanilama-active-directory-authentication-entegrasyonu","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/linux-aktif-dizin-kullanici-tanilama-active-directory-authentication-entegrasyonu\/","title":{"rendered":"Linux Aktif Dizin Kullan\u0131c\u0131 Tan\u0131lama (Active Directory Authentication) Entegrasyonu"},"content":{"rendered":"
\n
\nA\u015fa\u011f\u0131da belirtilen prosed\u00fcr CentOS 6.6\u2019da \u00e7al\u0131\u015fmaktad\u0131r (Di\u011fer versiyonlar test edilmemi\u015ftir. Sanal makine kurulumu DVD imaj\u0131 kullan\u0131larak ger\u00e7ekle\u015ftirilmi\u015ftir.).<\/p>\n

1. \u00d6ncelikle kurulmu\u015f olan sunucunun hostname\u2019inin a\u015fa\u011f\u0131daki dosyalarda belirtilmi\u015f olmas\u0131 gerekmektedir:<\/p>\n

\nvi \/etc\/sysconfig\/network
NETWORKING=yes
HOSTNAME= centossunucu<\/p>\n

\nvi \/etc\/hosts
127.0.0.1 centossunucu
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<\/p>\n

<\/p>\n

Yukar\u0131da k\u0131rm\u0131z\u0131 ile belirtilen sunucu ismini ihtiyac\u0131n\u0131za g\u00f6re d\u00fczenleyebilirsiniz. Sunucunuz domain\u2019e dahil edilirken bu isimle kendini DNS sunucuya tan\u0131tacakt\u0131r. \u00d6ntan\u0131ml\u0131 de\u011ferler bu i\u015flem s\u0131ras\u0131nda probleme yol a\u00e7maktad\u0131r.<\/p>\n

2. Selinux ayarlar\u0131 AD authentication i\u015flemini engellemektedir. Bu y\u00fczden Selinux\u2019un pasif hale getirilmesi gerekmektedir. A\u015fa\u011f\u0131daki dosyan\u0131n i\u00e7inde \u015fu d\u00fczenlemeyi yap\u0131n\u0131z:<\/p>\n

\nvi \/etc\/sysconfig\/selinux
SELINUX=disabled<\/p>\n

\n3. A\u015fa\u011f\u0131daki paketleri sunucuya y\u00fckleyerek var olduklar\u0131ndan emin olunuz:<\/p>\n

\n# yum -y install authconfig krb5-workstation pam_krb5 samba-common oddjob-mkhomedir sudo ntp<\/p>\n

\n4. A\u015fa\u011f\u0131daki komut ile sunucuyu Winbind y\u00f6ntemi ile hangi domain ve hangi domain controller sunucusunu kullanarak authentication yapmas\u0131 gerekti\u011fine ili\u015fkin konfig\u00fcre ediyoruz. Authconfig uygulamas\u0131 ilgili konfig\u00fcrasyon dosyalar\u0131n\u0131 bizim i\u00e7in g\u00fcncellemektedir (ABC ve ABC.LOCAL de\u011ferlerini kendi ortam\u0131n\u0131za uygun olarak d\u00fczenleyiniz):<\/p>\n

\n# authconfig –disablecache –enablewinbind –enablewinbindauth –smbsecurity=ads –smbworkgroup=ABC –smbrealm=ABC.LOCAL –enablewinbindusedefaultdomain –winbindtemplatehomedir=\/home\/abc.local\/%U –winbindtemplateshell=\/bin\/bash –enablekrb5 –krb5realm=ABC.LOCAL –enablekrb5kdcdns –enablekrb5realmdns –enablelocauthorize –enablemkhomedir –enablepamaccess –updateall<\/p>\n

\nYukar\u0131daki komutta ayr\u0131ca aktif dizin kullan\u0131c\u0131s\u0131 sisteme ilk defa login oldu\u011funda otomatik olarak home dizini olu\u015fturma opsiyonu belirtilmi\u015ftir. E\u011fer bu dizin mevcutsa do\u011fal olarak yeni bir dizin olu\u015fturulmayacakt\u0131r.<\/p>\n

5. \/etc\/krb5.conf dosyas\u0131n\u0131n a\u015fa\u011f\u0131daki gibi oldu\u011fundan emin olunuz:<\/p>\n

\n[logging]
\ndefault = FILE:\/var\/log\/krb5libs.log
\nkdc = FILE:\/var\/log\/krb5kdc.log
\nadmin_server = FILE:\/var\/log\/kadmind.log<\/p>\n

[libdefaults]
default_realm = ABC.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true<\/p>\n

[realms]
EXAMPLE.COM =
kdc = kerberos.example.com
admin_server = kerberos.example.com<\/p>\n

ABC.LOCAL =
kdc = dc.abc.local
admin_server = dc.abc.local<\/p>\n

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
abc.local = ABC.LOCAL
.abc.local = ABC.LOCAL<\/p>\n<\/div>\n

\n6. A\u015fa\u011f\u0131daki komutla kerberos ile AD authentication i\u015fleminin \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olunuz:<\/p>\n

\n# kinit centos<\/p>\n

\nYukar\u0131daki \u00f6rnekte centos kullan\u0131c\u0131s\u0131 aktif dizinde test ama\u00e7l\u0131 olarak tan\u0131mlanm\u0131\u015f bir kullan\u0131c\u0131d\u0131r. Siz aktif dizinde tan\u0131ml\u0131 herhangi bir kullan\u0131c\u0131y\u0131 kullanabilirsiniz.<\/p>\n

7. A\u015fa\u011f\u0131daki komutla CentOS sunucunun zaman\u0131n\u0131 Active Directory sunucusunun zaman\u0131 ile senkronize ediniz. Zaman senkronizasyonu kerberos protokol\u00fc a\u00e7\u0131s\u0131ndan \u00f6nemlidir:<\/p>\n

\n# ntpdate dc.abc.local<\/p>\n

\n8. A\u015fa\u011f\u0131daki komutla CentOS sunucuyu domain\u2019e dahil ediniz. Bu i\u015flem s\u0131ras\u0131nda domain admin kullan\u0131c\u0131lar\u0131ndan birini kullan\u0131n\u0131z. Bu komut sonunda hata alman\u0131z halinde bir sonraki komutla kontrol yap\u0131n\u0131z. E\u011fer sonraki komut ba\u015far\u0131 ile sonu\u00e7lan\u0131yorsa domain\u2019e kat\u0131lma i\u015flemi ba\u015far\u0131l\u0131 olmu\u015f olmal\u0131d\u0131r.<\/p>\n

\n# net ads join ABC.LOCAL -U Administrator<\/p>\n

\nYukar\u0131daki i\u015flem Administrator hesab\u0131 ile ger\u00e7ekle\u015ftirilemezse ba\u015fka bir kullan\u0131c\u0131 ad\u0131 ile deneyiniz. Kontrol i\u015flemini a\u015fa\u011f\u0131daki komutla ger\u00e7ekle\u015ftirebilirisiniz:<\/p>\n

\n# net ads testjoin<\/p>\n

\n9. A\u015fa\u011f\u0131daki komutlar ile Active Directory kullan\u0131c\u0131lar\u0131 login oldu\u011funda \u201chome\u201d dizinlerinin i\u00e7inde yarat\u0131laca\u011f\u0131 (veya i\u00e7ine eklenmesi gereken) k\u00f6k dizini tan\u0131mlay\u0131n\u0131z ve eri\u015fim haklar\u0131n\u0131 geni\u015fletiniz:<\/p>\n

\n# mkdir \/home\/abc.local
# chmod 777 \/home\/abc.local\/<\/p>\n

\n10. A\u015fa\u011f\u0131daki komutlarla sistemin reboot i\u015fleminden sonra da \u00e7al\u0131\u015fabilmesi i\u00e7in gerekli servislerin tekrar ba\u015flat\u0131laca\u011f\u0131ndan emin olunuz:<\/p>\n

\n# chkconfig oddjobd on
# chkconfig winbind on
# chkconfig messagebus on<\/p>\n

\n11. Son olarak sistemi a\u015fa\u011f\u0131daki komutla reboot ediniz:<\/p>\n

\n# init 6<\/p>\n<\/div>\n

Furkan SANDAL <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A\u015fa\u011f\u0131da belirtilen prosed\u00fcr CentOS 6.6\u2019da \u00e7al\u0131\u015fmaktad\u0131r (Di\u011fer versiyonlar test edilmemi\u015ftir. Sanal makine kurulumu DVD imaj\u0131 kullan\u0131larak ger\u00e7ekle\u015ftirilmi\u015ftir.). 1. \u00d6ncelikle kurulmu\u015f…<\/p>\n","protected":false},"author":1,"featured_media":477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,3,7,11,4],"tags":[78,76,92,88,89,26,91,83,93,81,90,79,82,77,80,84,85,87,86],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/tekno.jpg?fit=480%2C343&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-87","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/503"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=503"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/503\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/477"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}