{"id":17,"date":"2014-10-31T02:20:30","date_gmt":"2014-10-30T18:20:30","guid":{"rendered":"http:\/\/blog.haostudio.net\/hwp\/?p=17"},"modified":"2017-07-25T00:25:41","modified_gmt":"2017-07-24T16:25:41","slug":"freebsd-9-%e5%ae%89%e8%a3%9d%e8%a8%98%e9%8c%84","status":"publish","type":"post","link":"https:\/\/blog.haostudio.net\/hwp\/freebsd-9-%e5%ae%89%e8%a3%9d%e8%a8%98%e9%8c%84\/","title":{"rendered":"FreeBSD 9 \u5b89\u88dd\u8a18\u9304"},"content":{"rendered":"\n

FreeBSD 9 \u5b89\u88dd\u8a18\u9304<\/h2>\n

LDAP client \u8a2d\u5b9a<\/h1>\n

\u9996\u5148\u5b89\u88ddnet\/openldap24-client, security\/pam_ldap, net\/nss_ldap \u90193\u500b\u5957\u4ef6. \u88dd\u5b8c\u5f8c, \u4fee\u6539\/usr\/local\/etc\/openldap\/ldap.conf \u5982\u4e0b:<\/p>\n

URI ldap:\/\/192.168.xx.xx\nBASE ou=NIS,dc=haostudio,dc=net\n<\/code><\/pre>\n
\u6ce8\u610f\u5728FreeBSD \u4e2d, \/usr\/local\/etc\/openldap\/ldap.conf \u9019\u500b\u6a94\u662f\u7d66OpenLDAP libraries \u7528\u7684.<\/p>\n
\u7136\u5f8c\u4fee\u6539\/usr\/local\/etc\/ldap.conf \u5982\u4e0b:<\/p>\n
base ou=NIS,dc=haostudio,dc=net\nuri ldap:\/\/192.168.xx.xx\n\nbinddn cn=Manager,dc=haostudio,dc=net\nbindpw xxxxxxxxxx\n\nnss_base_passwd        ou=People,ou=NIS,dc=haostudio,dc=net?one\nnss_base_shadow        ou=People,ou=NIS,dc=haostudio,dc=net?one \nnss_base_group         ou=Group,ou=NIS,dc=haostudio,dc=net?one \n<\/code><\/pre>\n
\u63a5\u8457\u4fee\u6539\/usr\/local\/etc\/nss_ldap.conf, \u8ddf\/usr\/local\/etc\/ldap.conf \u4e00\u6a23\u5373\u53ef.<\/p>\n
\u6700\u5f8c\u4fee\u6539\/etc\/nsswitch \u6a94, \u5982\u4e0b:<\/p>\n
group: files ldap\nhosts: files dns\nnetworks: files\npasswd: files ldap\nshells: files\nservices: compat\nservices_compat: nis\nprotocols: files\nrpc: files\n<\/code><\/pre>\n
\u7528SSH\u767b\u5165\u6642\u6703\u5931\u6557\u539f\u56e0\u662f\u6211\u7684LDAP\u5e33\u865f\u4e2d\u7684shell \u662f\u7528\/bin\/bash. \u4f46\u662fFreeBSD \u628abash \u5b89\u88dd\u5728\/usr\/local\/bin\u4e2d, \u6240\u4ee5pam_ldap \u624d\u4e0d\u8b93\u6211\u767b\u5165.\n\u6211\u662f\u770b\u5230\u4e0b\u5217\u8a0a\u606f\u624d\u77e5\u9053\u539f\u56e0\u7684.<\/p>\n
server# cat \/var\/log\/auth.log\nMay 17 21:20:43 fs2 sshd[18373]: User hao not allowed because shell \/bin\/bash does not exist\nMay 17 21:20:45 fs2 sshd[18375]: pam_ldap: error trying to bind as user "uid=hao,ou=People,ou=NIS,dc=haostudio,dc=net" (Invalid credentials)\nMay 17 21:20:45 fs2 sshd[18373]: error: PAM: authentication error for illegal user hao from 192.168.9.108\nMay 17 21:20:45 fs2 sshd[18373]: Failed keyboard-interactive\/pam for invalid user hao from 192.168.9.108 port 54866 ssh2\n<\/code><\/pre>\n
\u6211\u7684rc.conf\u8a2d\u5b9a\u5982\u4e0b.<\/p>\n
server# cat \/etc\/rc.conf\nhostname="fs2"\nifconfig_em0=" inet 192.168.9.2 netmask 255.255.255.0"\ndefaultrouter="192.168.9.1"\nsshd_enable="YES"\nntpd_enable="YES"\npowerd_enable="YES"\n1. Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable\ndumpdev="NO"\n<\/code><\/pre>\n
\u53c3\u8003\u8cc7\u6599:<\/h3>\n
    \n
  1. http:\/\/www.freebsd.org\/doc\/en_US.ISO8859-1\/articles\/ldap-auth\/article.html#CLIENT<\/a><\/li>\n
  2. http:\/\/mail.lsps.tp.edu.tw\/~gsyan\/freebsd2001\/pam_ldap.html<\/a><\/li>\n
  3. http:\/\/www.us-webmasters.com\/FreeBSD\/Install\/Samba\/<\/a><\/li>\n
  4. http:\/\/wiki.rafan.org\/doc\/linuxpam<\/a><\/li>\n<\/ol>\n
    \n
    \u4f7f\u7528ZFS\u505aNFS\u5206\u4eab<\/h1>\n
    \u5728rc.conf\u4e2d\u589e\u52a0\u4e0b\u52175\u884c, \u6ce8\u610f\u4fee\u6539\u5b8crc.conf\u5f8c\u6700\u597d\u91cd\u958b\u6a5f(reboot), \u4e0d\u7136\u597d\u50cf\u6703\u602a\u602a\u7684:<\/p>\n
    mountd_enable="YES"\nnfs_server_enable="YES"\nzfs_enable="YES"\nrpc_statd_enable="YES"\nrpc_lockd_enable="YES"\n<\/code><\/pre>\n
    \u7522\u751f\/etc\/exports \u6a94\u6848, \u4fdd\u7559\u70ba\u7a7a\u767d. \u4e0d\u9700\u66f4\u6539\u5176\u5167\u5bb9, \u53ea\u8981\u7528\u8a2d\u5b9azfs\u7684sharenfs\u5c6c\u6027\u5373\u53ef.<\/p>\n
    server# zfs set sharenfs='maproot=root, network 192.168.9.0, mask 255.255.255.0' fspool\/users\n\nserver#cat \/etc\/zfs\/exports  \/\/ \u8a2d\u5b8csharenfs\u5c6c\u6027\u5f8c, \u5728\u9019\u500b\u6a94\u6703\u986f\u793aZFS\u5206\u4eab\u7684\u8cc7\u8a0a\n1. !!! DO NOT EDIT THIS FILE MANUALLY !!!\n\/export\/fs2\/users    -maproot=root -network 192.168.9.0 -mask 255.255.255.0 \n\nserver# showmount -e   \/\/\u67e5\u770b\u662f\u5426\u6709\u5206\u4eab\u51fa\u53bb\nExports list on localhost:\n\/export\/fs2\/users                  192.168.9.0 \n<\/code><\/pre>\n
    \u6ce8\u610f!!<\/strong>, \u4f3c\u4e4e\u4e0d\u80fd\u4f7f\u7528’alldir’\u5c6c\u6027\u5728sharenfs\u53c3\u6578\u4e2d.<\/p>\n
    ZFS,NFS\u53c3\u8003\u8cc7\u6599:<\/h3>\n
      \n
    1. http:\/\/lists.freebsd.org\/pipermail\/freebsd-current\/2008-March\/084102.html<\/a><\/li>\n
    2. http:\/\/forums.freebsd.org\/showthread.php?t=26801<\/a><\/li>\n
    3. http:\/\/forums.freebsd.org\/showthread.php?t=24828<\/a><\/li>\n
    4. http:\/\/forums.freebsd.org\/showthread.php?t=9570<\/a><\/li>\n<\/ol>\n
      \n
      \u8a2d\u5b9aSamba\u4e26\u6574\u5408LDAP<\/h1>\n
      \u5728rc.conf\u4e2d\u589e\u52a0\u4e0b\u52173\u884c<\/p>\n
      samba_enable="YES"\nnmbd_enable="YES" \nsmbd_enable="YES" \n<\/code><\/pre>\n
      \u6211\u7684\/usr\/local\/etc\/smb.conf \u8a2d\u5b9a\u5982\u4e0b:<\/p>\n
      [global]\n    workgroup = MYGROUP\n    server string = Samba Server\n    passdb backend = ldapsam:ldap:\/\/192.168.9.16\n    log file = \/var\/log\/samba\/log.%m\n    max log size = 50\n    dns proxy = No\n    ldap admin dn = "cn=Manager,dc=haostudio,dc=net"\n    ldap user suffix = ou=People\n    ldap group suffix = ou=Group\n    ldap passwd sync = yes\n    ldap suffix = ou=NIS,dc=haostudio,dc=net\n    ldap ssl = no\n    idmap config * : backend = tdb\n\n[homes]\n    comment = Home Directories\n    read only = No\n    browseable = No\n\n[printers]\n    comment = All Printers\n    path = \/var\/spool\/samba\n    printable = Yes\n    print ok = Yes\n    browseable = No\n<\/code><\/pre>\n
      \u5c07 LDAP Admin \u5bc6\u78bc\u5b58\u5165 Samba secrets.tdb \u5167<\/p>\n
      server# smbpasswd -w 1234 \/\/\u5047\u8a2d\u60a8\u7684 LDAP Admin Manager\u7684\u5bc6\u78bc\u70ba 1234 (-w PASSWORD ldap admin password)\n<\/code><\/pre>\n
      \u555f\u52d5 Samba \u670d\u52d9<\/p>\n
      server# \/usr\/local\/etc\/rc.d\/samba start \/\/\u555f\u52d5 Samba \u670d\u52d9\n<\/code><\/pre>\n
      \u6aa2\u67e5 smbd (Listen 139 Port) \u53ca nmbd (Listen 137,138 Port) \u670d\u52d9\u662f\u5426\u555f\u52d5\u6210\u529f<\/p>\n
      server# sockstat | grep mbd\n<\/code><\/pre>\n
      \u5efa\u7acb Samba Account \u540d\u7a31 hao \u81f3 LDAP \u4e2d\uff0c\u4f46\u5728\u5efa\u7acb\u4e4b\u524d\u8acb\u5148\u78ba\u5b9a\u4f60 LDAP \u53ca Samba \u76f8\u95dc\u8a2d\u5b9a\u6a94\u5df2\u8a2d\u5b9a\u5b8c\u6210\uff0c\u4e14 LDAP \u4e5f\u67e5\u5f97\u5230 hao DN\u3002<\/p>\n
      server# smbpasswd -a hao \/\/\u5efa\u7acb Samba Account hao\nNew SMB password: \/\/\u8f38\u5165 weithenn \u7684 samba \u5bc6\u78bc\nRetype new SMB password: \/\/\u518d\u6b21\u78ba\u8a8d\u5bc6\u78bc\nAdded user hao. \/\/\u986f\u793a\u65b0\u589e\u4f7f\u7528\u8005\u5b8c\u6210\n\nserver# ldapsearch -x -b "uid=hao,ou=People,ou=NIS,dc=haostudio,dc=net"\n1. extended LDIF\n1. 1. LDAPv3\n1. base <uid=hao,ou=People,ou=NIS,dc=haostudio,dc=net> with scope subtree\n1. filter: (objectclass=*)\n1. requesting: ALL\n1. \n1. hao, People, NIS, haostudio.net\ndn: uid=hao,ou=People,ou=NIS,dc=haostudio,dc=net\nuid: hao\ncn: Hao Tseng\nobjectClass: account\nobjectClass: posixAccount\nobjectClass: top\nobjectClass: shadowAccount\nobjectClass: sambaSamAccount\nshadowLastChange: 14146\nloginShell: \/bin\/bash\nuidNumber: 500\ngidNumber: 500\ngecos: Hao Tseng\nhomeDirectory: \/export\/fs2\/users\/hao\nsambaSID: S-1-5-21-8989478-3024177045-2934032207-1001\ndisplayName: Hao Tseng\nuserPassword:: e1NTSEF9bXFlOWXduN3FybVdtRTRPQ0c1bU9RQlAweEdsM0dUVXY=\nsambaNTPassword: 919D061C7C8F0A1EA4C69CD8BBDE77E7E\nsambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000\n 00000000\nsambaPwdLastSet: 1337316250\nsambaAcctFlags: [U          ]\n\n1. search result\nsearch: 2\nresult: 0 Success\n\n1. numResponses: 2\n1. numEntries: 1\n<\/code><\/pre>\n
      \u6ce8\u610f:<\/h3>\n
      \u5728\u57f7\u884c ‘smbpasswd’ \u6307\u4ee4\u6703\u5728LDAP server \u7684\u4f7f\u7528\u8005\u5efa\u7acbsambaXXXXX\u6b04\u4f4d, \u82e5\u4e4b\u524d\u5df2\u7d93\u5b58\u5728\u9019\u4e9b\u6b04\u4f4d\u7684\u8a71, \u8acb\u5148\u5c07\u5176\u79fb\u9664.\n\u4e0d\u7136\u9019\u4e9b\u6b04\u4f4d\u7684\u503c\u6703\u4e0d\u6b63\u78ba.\u800c\u9020\u6210 Samba client \u7121\u6cd5\u9023\u7dda.<\/p>\n
      \u53c3\u8003\u8cc7\u6599:<\/h3>\n
        \n
      1. \u3010FreeBSD\u3011OpenLDAP-Samba Auth With LDAP \u8a2d\u5b9a<\/a><\/li>\n<\/ol>\n
        \n
        \u8a2d\u5b9arsyncd<\/h1>\n
        \u5b89\u88ddrsync<\/p>\n
        server# cd \/usr\/ports\/net\/rsync\nserver# make install\n<\/code><\/pre>\n
        \u4fee\u6539 rsync \u8a2d\u5b9a\u6a94<\/p>\n
        server# cat \/usr\/local\/etc\/rsyncd.conf\n[hao_home]\npath = \/export\/fs2\/users\/hao\nauth users = admin\nuid = hao\ngid = users\nsecrets file = \/usr\/local\/etc\/rsyncd.secrets\nread only = no\n<\/code><\/pre>\n
        \u5efa\u7acbrsync\u5bc6\u78bc\u6a94(rsyncd.secrets)<\/p>\n
        server# cat \/usr\/local\/etc\/rsyncd.secrets\nuser:password            \/\/id:password (\u81ea\u884c\u8a2d\u5b9a\u5e33\u865f\u3001\u5bc6\u78bc)\n\nserver# chmod 600 \/usr\/local\/etc\/rsyncd.secrets\n<\/code><\/pre>\n
        \u5728rc.conf\u4e2d\u589e\u52a0\u4e0b\u52171\u884c<\/p>\n
        rsyncd_enable="YES"\n<\/code><\/pre>\n
        \u555f\u52d5rsyncd<\/p>\n
        server# \/usr\/local\/etc\/rc.d\/rsyncd start\n<\/code><\/pre>\n
        \u53c3\u8003\u8cc7\u6599:<\/h3>\n
          \n
        1. FreeBSD 8.1 \u5be6\u505arsync\u7570\u6a5f\u5099\u4efd\u6a94\u6848<\/a><\/li>\n<\/ol>\n
          \n
          \u8a2d\u5b9aiSCSI target<\/h1>\n
          \u5b89\u88ddiscsi-target<\/p>\n
          server# cd \/usr\/ports\/net\/iscsi-target\nserver# make install\n<\/code><\/pre>\n
          \u5728ZFS\u4e2d\u5efa\u7acb\u4e00\u500b128GB \u7684disk image<\/p>\n
          server# zfs create -V 128G fspool\/iscsi_targets\/the_disk_img\n<\/code><\/pre>\n
          \u5efa\u7acbiSCSI \u8a2d\u5b9a\u6a94\/usr\/local\/etc\/istgt\/istgt.conf<\/p>\n
          server# cp \/usr\/local\/etc\/istgt.conf.sample \/usr\/local\/etc\/istgt.conf\n<\/code><\/pre>\n
          \u6211\u7684\u8a2d\u5b9a\u6a94\u4fee\u6539\u5982\u4e0b:<\/p>\n
          [Global]\n    NodeBase "iqn.2014-10.net.haostudio.wfs" \n\n[UnitControl]\n    AuthMethod Auto\n    #AuthMethod CHAP Mutual\n    #AuthGroup AuthGroup10000\n\n[PortalGroup1]\n    Portal DA1 192.168.9.10:3260\n\n[InitiatorGroup1]\n    Netmask 192.168.9.0\/24\n\n[LogicalUnit1]\n    Comment "CB3 Web Disk"\n    1. full specified iqn (same as below)\n    #TargetName iqn.2014-10.net.haostudio.wfs:cb3disk128G\n    1. short specified non iqn (will add NodeBase)\n    TargetName cb3disk128G\n    TargetAlias "CB3 Web Disk"\n    Mapping PortalGroup1 InitiatorGroup1\n    AuthMethod Auto\n    AuthGroup AuthGroup1\n    UseDigest Auto\n    UnitType Disk\n    LUN0 Storage \/dev\/zvol\/fspool\/iscsi_targets\/the_disk_img Auto\n<\/code><\/pre>\n
          \u5728\/etc\/rc.conf \u589e\u52a0\u4e0b\u5217\u8a2d\u5b9a, \u4ee5\u4fbf\u958b\u6a5f\u6642\u81ea\u52d5\u8f09\u5165iSCSI target \u670d\u52d9<\/p>\n
          #\n1. Enable iSCSI Target support\n1. istgt_enable="YES"\n<\/code><\/pre>\n
          \u624b\u52d5\u555f\u52d5iSCSI target service, \u4f7f\u7528\u5982\u4e0b\u6307\u4ee4:<\/p>\n
          server # \/usr\/local\/etc\/rc.d\/istgt start\n<\/code><\/pre>\n
          \u53c3\u8003\u8cc7\u6599<\/h3>\n
            \n
          1. iSCSI Initiator and Target Configuration<\/a><\/li>\n<\/ol>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[80],"class_list":["post-17","post","type-post","status-publish","format-standard","hentry","category-freebsd","tag-freebsd"],"_links":{"self":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts\/17","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/comments?post=17"}],"version-history":[{"count":6,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts\/17\/revisions"}],"predecessor-version":[{"id":423,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts\/17\/revisions\/423"}],"wp:attachment":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/media?parent=17"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/categories?post=17"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/tags?post=17"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}