Здравейте и добре дошли в #root.bg!
Тук може да намерите статии и уроци за linux, мрежи и тяхната защита, игри и забавление, както и хобита – ролери, дронове и много други.
Тук може да намерите статии и уроци за linux, мрежи и тяхната защита, игри и забавление, както и хобита – ролери, дронове и много други.
Николай Николов Работа bug, exploit, heartbleed, openssl 0
Вече всеки сигурно е чул за бъга в openssl наречен „Heartbleed bug“ – или пробив в SSL сигурността, която позволява на „хакера“ да вижда потребителските имена или паролите в чист текст, които иначе трябва да са криптирани в реално време.
През сайта http://filippo.io/Heartbleed/ може да се провери сигурността на даден сайт, изпозващ SSL сертификат, дали е засегнат от Heartbleed bug.
Ето какво се пише по темата във linux-bg.org :
В реализацията на OpenSSL версии 1.0.1 и 1.0.2-beta, включително 1.0.1f и 1.0.2-beta1, е открит проблем в сигурността който позволява на отдалечен потребител да прочете информация от оперативната памет на порции от 64К. Ако ползвате някоя от засегнатите версии се препоръчва да обновите възможно най-скоро до нова версия.
Проблемът е от повече от две години и е открит наскоро от специалисти по сигурността в Google.
Ето и една интересна таблица от mashable.com, която показва някой от известните уеб сайтове и дали са уязвими от този бъг:
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
Unclear | Yes | Yes | „We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to … set up a unique password.“ | |
Yes | Yes | Yes | „Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites.” | |
No | No | No | „We didn’t use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties.“ | |
Yes | Yes | Yes | „We fixed the issue on Pinterest.com, and didn’t find any evidence of mischief. To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords.“ | |
Tumblr | Yes | Yes | Yes | „We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.“ |
No | Yes | Unclear | Twitter wrote that OpenSSL „is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation.“ While reiterating that they were unaffected, Twitter told Mashable that they did apply a patch. |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
Apple | No | No | No | „iOS and OS X never incorporated the vulnerable software and key web-based services were not affected.“ |
Amazon | No | No | No | „Amazon.com is not affected.“ |
Yes | Yes | Yes* | “We have assessed the SSL vulnerability and applied patches to key Google services.” Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected; Google Chrome and Chrome OS were not.*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. | |
Microsoft | No | No | No | Microsoft services were not running OpenSSL, according to LastPass. |
Yahoo | Yes | Yes | Yes | „As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.“ Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says. |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
AOL | No | No | No | AOL told Mashable it was not running the vulnerable version of the software. |
Gmail | Yes | Yes | Yes* | “We have assessed the SSL vulnerability and applied patches to key Google services.”*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. |
Hotmail / Outlook | No | No | No | Microsoft services were not running OpenSSL, according to LastPass. |
Yahoo Mail | Yes | Yes | Yes | „As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.“ |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
Amazon | No | No | No | „Amazon.com is not affected.“ |
Amazon Web Services (for website operators) | Yes | Yes | Yes | Most services were unaffected or Amazon was already able to apply mitigations (see advisory note here). Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront were patched. |
eBay | No | No | No | „eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OpenSSL.“ |
Etsy | Yes* | Yes | Yes | Etsy said that only a small part of its infrastructure was vulnerable, and they have patched it. |
GoDaddy | Yes | Yes | Yes | „We’ve been updating GoDaddy services that use the affected OpenSSL version.“ Full Statement |
Groupon | No | No | No | „Groupon.com does not utilize a version of the OpenSSL library that is susceptible to the Heartbleed bug.“ |
Nordstrom | No | No | No | „Nordstrom websites do not use OpenSSL encryption.“ |
PayPal | No | No | No | „Your PayPal account details were not exposed in the past and remain secure.“ Full Statement |
Target | No | No | No | „[We] launched a comprehensive review of all external facing aspects of Target.com… and do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability.“ |
Walmart | No | No | No | „We do not use that technology so we have not been impacted by this particular breach.“ |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
Flickr | Yes | Yes | Yes | „As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.“ |
Hulu | No | No | No | No comment provided. |
Minecraft | Yes | Yes | Yes | „We were forced to temporary suspend all of our services. … The exploit has been fixed. We can not guarantee that your information wasn’t compromised.“ More Information |
Netflix | Yes | Yes | Yes | „Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. It’s a good practice to change passwords from time to time, now would be a good time to think about doing so. „ |
SoundCloud | Yes | Yes | Yes | SoundCloud emphasized that there were no indications of any foul play and that the company’s actions were simply precautionary. |
YouTube | Yes | Yes | Yes* | “We have assessed the SSL vulnerability and applied patches to key Google services.”*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. |
All the banks we contacted (see below) said they were unaffected by Heartbleed, but U.S. regulators have warned banks to patch their systems.
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
American Express | No | No | No | „There was no compromise of any customer data. While we are not requiring customers to take any specific action at this time, it is a good security practice to regularly update Internet passwords.“ |
Bank of America | No | No | No | „A majority of our platforms do NOT use OpenSSL, and the ones that do, we have confirmed no vulnerabilities.“ |
Barclays | No | No | No | No comment provided. |
Capital One | No | No | No | „Capital One uses a version of encryption that is not vulnerable to Heartbleed.“ |
Chase | No | No | No | „These sites don’t use the encryption software that is vulnerable to the Heartbleed bug.“ |
Citigroup | No | No | No | Citigroup does not use Open SSL in „customer-facing retail banking and credit card sites and mobile apps“ |
E*Trade | No | No | No | E*Trade is still investigating. |
Fidelity | No | No | No | „We have multiple layers of security in place to protect our customer sites and services.“ |
PNC | No | No | No | „We have tested our online and mobile banking systems and confirmed that they are not vulnerable to the Heartbleed bug.“ |
Schwab | No | No | No | „Efforts to date have not detected this vulnerability on Schwab.com or any of our online channels.“ |
Scottrade | No | No | No | „Scottrade does not use the affected version of OpenSSL on any of our client-facing platforms.“ |
TD Ameritrade | No | No | No | TD Ameritrade „doesn’t use the versions of openSSL that were vulnerable.“ |
TD Bank | No | No | No | „We’re currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past.“ |
T. Rowe Price | No | No | No | „The T. Rowe Price websites are not vulnerable to the “Heartbleed” SSL bug nor were they vulnerable in the past.“ |
U.S. Bank | No | No | No | „We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk.“ |
Vanguard | No | No | No | „We are not using, and have not used, the vulnerable version of OpenSSL.“ |
Wells Fargo | No | No | No | No reason provided. |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
1040.com | No | No | No | „We’re not vulnerable to the Heartbleed bug, as we do not use OpenSSL.“ |
FileYour Taxes.com | No | No | No | „We continuously patch our servers to keep them updated. However, the version we use was not affected by the issue, so no action was taken.“ |
H&R Block | No | No | No | „We are reviewing our systems and currently have found no risk to client data from this issue.“ |
Healthcare .gov | No | No | No | „Healthcare.gov consumer accounts are not affected by this vulnerability.“ |
Intuit (TurboTax) | No | No | No | Turbotax wrote that „engineers have verified TurboTax is not affected by Heartbleed.“ The company has issued new certificates anyway, and said it’s not „proactively advising“ users to change their passwords. |
IRS | No | No | No | „The IRS continues to accept tax returns as normal … and systems continue operating and are not affected by this bug. We are not aware of any security vulnerabilities related to this situation.“ |
TaxACT | No | No | No | „Customers can update their passwords at any time, although we are not proactively advising them to do so at this time.“ |
USAA | Yes | Yes | Yes | USAA said that it has „already taken measures to help prevent a data breach and implemented a patch earlier this week.“ |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
Box | Yes | Yes | Yes | „We’re currently working with our customers to proactively reset passwords and are also reissuing new SSL certificates for added protection.“ |
Dropbox | Yes | Yes | Yes | On Twitter: „We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe.“ |
Evernote | No | No | No | „Evernote’s service, Evernote apps, and Evernote websites … all use non-OpenSSL implementations of SSL/TLS to encrypt network communications.“ Full Statement |
GitHub | Yes | Yes | Yes | GitHub said it has patched all its systems, deployed new SSL certificates and revoked old ones. GitHub is asking all users to change password, enable two-factor authentication and „revoke and recreate personal access and application tokens.“ |
IFTTT | Yes | Yes | Yes | IFTTT emailed all its users and logged them out, prompting them to change their password on the site. |
OKCupid | Yes | Yes | Yes | „We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread.“ |
Spark Networks (JDate, Christian Mingle) | No | No | No | Sites do not use OpenSSL. |
SpiderOak | Yes | Yes | No | Spideroak said it patched its servers, but the desktop client doesn’t use a vulnerable version of OpenSSL, so „customers do not need to take any special action.“ |
Wikipedia (if you have an account) | Yes | Yes | Yes | „We recommend changing your password as a standard precautionary measure, but we do not currently intend to enforce a password change for all users.“ Full Statement |
WordPress | Unclear | Unclear | Unclear | WordPress tweeted that it has taken „immediate steps“ and „addressed the Heartbleed OpenSSL exploit,“ but it’s unclear if the issue is completely solder. When someone asked Matt Mullenweg, WordPress’ founding developer, when the site’s SSL certificates will be replaced and when users will be able to reset passwords, he simply answered: „soon.“ |
projectmanagernews.com | Yes | Yes | Yes | „You’ll have to simply log back into projectmanagernews.com. We also strongly recommend that you reset your password for projectmanagernews.com.“ Full Statement |
Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
---|---|---|---|---|
1Password | No | No | No | 1Password said in a blog post that its technology „is not built upon SSL/TLS in general, and not upon OpenSSL in particular.“ So users don’t need to change their master password. |
Dashlane | Yes | Yes | No | Dashlane said in a blog post users’ accounts were not impacted and the master password is safe as it is never transmitted. The site does use OpenSSL when syncing data with its servers but Dashlane said it has patched the bug, issued new SSL certificates and revoked previous ones. |
LastPass | Yes | Yes | No | „Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys.“ Users don’t need to change their master passwords because they’re never sent to the server. But passwords for other sites stored in LastPass might need to be changed. |
Reporters who contributed to this story include Samantha Murphy Kelly, Lorenzo Francheschi-Bicchierai, Seth Fiegerman, Adario Strange and Kurt Wagner.
Линк към цялата статия : http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Николай Николов Работа, Howto ati, radeon, windows, windows 8.1 0
Тъй като windows 8.1 взе да ми харесва много – бърз е и доста стабилен, реших да го сложа на десктоп машините които имам – в къщи и в нашите.
Компа на нашите е чат пат хубав, но използва стара видео карта ATI radeon x550, за която няма за съжеление драйвери за windows 8.1 в офисиалния сайт на AMD
Успях да инсталирам драиверите по малко по-различен начин – след като инсталатора приключи, но самата видео карта все още не беше разпознаваема от windows-a, трябваше ръчно от device manager да избера пътя : „C:\ATI\…“ нещата видимо се получиха.
Да ама не! След рестарт стана следната ситуация – черен екран и само курсора на мишката се виждаше ( и се движеше съответно ). Тук интересното е, че ако се опитам да вляза в този компютър през teamviewer, който предварително бях инсталирал, нещата се получаваха без проблеми.
Всичко се виждаше и всичко изглеждаше съвсем нормално. Само че проблема с черния екран и мишката си остана.
Тази интересна ситуация за моя радост имаше хубав край – успях да разбера и оправя проблема с черния екран!
Работата стана след като премахнах вече инсталирания драйвер от device manager-а (това го направих през teamviewer, но същия резултат може да се постигне и през Safe mode на windows-a), добавих compatibility mode на инсталатора (сложих windows vista) и го стартирах.
След като стигна почти до края, инсталатора ми каза, че за да завърши процеса е необходимо да си дръпне сам .net 2.5 и .net 3.5. Мисля че това беше и разковничето с което проблема ми се реши.
Така протече инсталацията, рестартирах няколко пъти и за моя голяма радост всичко си беше вече ок!
Надявам се тази статия да бъде полезна на някой в решаването му на подобен проблем със стара видео карта и нов windows 8.1 🙂
Николай Николов Работа, Howto bleachbit, dd, sdelete, secure delete, shred 0
Изтриване на празното място на хард диск – звучи глупаво нали? Да ама не..
На мен по-скоро ми звучи логично от гледна точка на това: копувам си хард диск втора употреба от prodavalnik.com например.
Предишният му собственик го е форматирал, като с това той си мисли че е изтрил информацията от него. Да ама не!
Има много програми за Windows или Linux които могат да възтановят тази информация (дали частично или напълно) но могат.
Затова е важно да се знае, че ако искаме да скрием напълно информацията от хард диска си , то е необходимо да я изтрием безвъзвратно.
В този си пост ще напиша как става тая хватка под Linux / мразя Windows / :
root@test:~# df -m Filesystem 1M-blocks Used Available Use% Mounted on /dev/simfs 10240 777 9464 8% / none 256 1 256 1% /dev none 52 1 51 2% /run none 5 0 5 0% /run/lock none 205 0 205 0% /run/shm none 100 0 100 0% /run/user root@test:~#
Тук се вижда че имаме свободни 9464MB които ще запълним до дупка и след това ще изтрием чрез командата shred
Първо създаваме файл голям колкото свободно място имаме в момента, след това го изтриваме „защитено“ със shred:
root@test:~# dd if=/dev/zero of=/free-space bs=1024 count=102400 102400+0 records in 102400+0 records out 104857600 bytes (105 MB) copied, 0.397582 s, 264 MB/s root@test:~# du -sh /free-space 101M /free-space root@test:~# shred -v -s 9464M /free-space shred: /free-space: pass 1/3 (random)... shred: /free-space: pass 1/3 (random)...645MiB/9.3GiB 6% shred: /free-space: pass 1/3 (random)...892MiB/9.3GiB 9% shred: /free-space: pass 1/3 (random)...1.2GiB/9.3GiB 13% shred: /free-space: pass 1/3 (random)...1.6GiB/9.3GiB 17% shred: /free-space: pass 1/3 (random)...1.9GiB/9.3GiB 21% shred: /free-space: pass 1/3 (random)...2.3GiB/9.3GiB 24% shred: /free-space: pass 1/3 (random)...2.6GiB/9.3GiB 28% shred: /free-space: pass 1/3 (random)...2.9GiB/9.3GiB 32% shred: /free-space: pass 1/3 (random)...3.3GiB/9.3GiB 36% shred: /free-space: pass 1/3 (random)...3.7GiB/9.3GiB 40% shred: /free-space: pass 1/3 (random)...4.0GiB/9.3GiB 43% shred: /free-space: pass 1/3 (random)...4.4GiB/9.3GiB 47% shred: /free-space: pass 1/3 (random)...4.7GiB/9.3GiB 51% shred: /free-space: pass 1/3 (random)...5.1GiB/9.3GiB 55% shred: /free-space: pass 1/3 (random)...5.4GiB/9.3GiB 59% shred: /free-space: pass 1/3 (random)...5.8GiB/9.3GiB 62% shred: /free-space: pass 1/3 (random)...6.1GiB/9.3GiB 66% shred: /free-space: pass 1/3 (random)...6.5GiB/9.3GiB 70% shred: /free-space: pass 1/3 (random)...6.9GiB/9.3GiB 74% shred: /free-space: pass 1/3 (random)...7.2GiB/9.3GiB 78% shred: /free-space: pass 1/3 (random)...7.6GiB/9.3GiB 82% shred: /free-space: pass 1/3 (random)...7.9GiB/9.3GiB 86% shred: /free-space: pass 1/3 (random)...8.3GiB/9.3GiB 90% shred: /free-space: pass 1/3 (random)...8.7GiB/9.3GiB 94% shred: /free-space: pass 1/3 (random)...9.0GiB/9.3GiB 98% shred: /free-space: error writing at offset 9913876480: Disk quota exceeded root@test:~# df -h Filesystem Size Used Avail Use% Mounted on /dev/simfs 10G 10G 0 100% / none 256M 4.0K 256M 1% /dev none 52M 1020K 51M 2% /run none 5.0M 0 5.0M 0% /run/lock none 205M 0 205M 0% /run/shm none 100M 0 100M 0% /run/user root@test:~# du -sh /free-space 9.3G /free-space root@test:~# du -m /free-space 9464 /free-space
Николай Николов Howto active directory, centos, linux, samba, windows server 0
Привет,
Днес реших да споделя за новата ми играчка – а именно samba 4 active directory – или иначе казано, подкарах напълно функциониращ Active Directory сървър под линукс, и така спрях Windows 2008 R2 сървър който работеше само за това и ядеше 4 гб рам ей така.. от нищото..
Цялата работа с Active Directory е възможно благодарение на новата версия на samba – а именно версия 4, която позволява самият демон samba да работи като AD. След успешната му инсталация, AD сървъра може да се управлява през Windows машина след като се инсталира така нареченият : Microsoft’s Remote Server Administration Tools.
Този туул работи на Windows XP, Vista, 7 но трябва версията им да е Professional.
Ето и накратко как става работата, като примера който ще дам е за AD върху CentOS:
1. Трябва да се логнете като root в сървъра и да пуснете ъпдейт на пакетите:
# yum update
2. Трябва да се инсталират и следните пакети които са необходими за компилирането на Samba 4:
# yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 openldap-devel
3. Проверяваме дали вече нямаме инсталирана по-стара версия на samba която трябва да премахнем:
# rpm -qa | grep samba
4. Ако имаме по-стара версия, махаме я чрез:
# yum remove samba-winbind-client samba-common samba-client
5. Инсталираме git чрез който ще изтеглим и samba 4:
# yum install git-core
6. Изтегляме последната версия на samba 4:
# git clone git://git.samba.org/samba.git samba-master
7. Рестартираме сървъра за да всеки случай:
# reboot
8. Логваме се отново като root и започваме с компилирането на samba 4:
# cd samba-master # ./configure --enable-debug --enable-selftest # make
9. Ако всичко е ок, продължаваме напред:
# make install
След успешно инсталиране, директорията и конфигурационните файлове на samba 4 се намират на : ‘/usr/local/samba’.
Следва и конфигурирането на Active Directory сървъра:
[root@samba ~]# /usr/local/samba/bin/samba-tool domain provision Realm [ROOT.BG]: ROOTBG.DC Domain [ROOTBG]: ROOT.BG Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [10.0.20.3]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=rootbg,DC=dc Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=rootbg,DC=dc Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: samba NetBIOS Domain: ROOT.BG DNS Domain: rootbg.dc DOMAIN SID: S-1-5-21-520620405-2705991534-2248172295
Стартираме samba 4 демона чрез :
/usr/local/samba/sbin/samba
А за автоматично стартиране на сървъра, можем да добавим този ред в rc.local конфига :
echo "/usr/local/samba/sbin/samba" > /etc/rc.local
Накрая пускаме и проверка да видим дали е ок всичко:
[root@samba ~]# /usr/local/samba/sbin/samba -V Version 4.2.0pre1-GIT-efad13a [root@samba ~]#
[root@samba ~]# /usr/local/samba/bin/smbclient -L localhost -U% Domain=[ROOT.BG] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-efad13a] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk box Disk Office docs root.bg Disk root.bg docs soft Disk Software IPC$ IPC IPC Service (Samba 4.2.0pre1-GIT-efad13a) Domain=[ROOT.BG] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-efad13a] Server Comment --------- ------- Workgroup Master --------- ------- [root@samba ~]#
[root@samba ~]# host -t SRV _ldap._tcp.rootbg.dc. _ldap._tcp.rootbg.dc has SRV record 0 100 389 samba.rootbg.dc. [root@samba ~]# host -t SRV _kerberos._udp.rootbg.dc. _kerberos._udp.rootbg.dc has SRV record 0 100 88 samba.rootbg.dc. [root@samba ~]# host -t A samba.rootbg.dc. samba.rootbg.dc has address 10.0.20.2[
Следва и конфигурирането на Kerberos:
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
Трябва да се промени реда default_realm от ${REALM} на името на realm-a :
cat /etc/krb5.conf [libdefaults] default_realm = ROOTBG.DC dns_lookup_realm = false dns_lookup_kdc = true
И тестването да покаже това:
[root@samba samba]# kinit Administrator@ROOTBG.DC Password for Administrator@ROOTBG.DC: Warning: Your password will expire in 41 days on Sun May 4 02:54:08 2014 [root@samba samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@ROOTBG.DC Valid starting Expires Service principal 03/23/14 18:12:28 03/24/14 04:12:28 krbtgt/ROOTBG.DC@ROOTBG.DC renew until 03/24/14 18:12:25 [root@samba samba]#
Накрая инсталираме Windows Remote Administration Tools:
1. Изтегляме Windows Remote Server Administration Tools
2. Следваме инструкциите за ‘Install RSAT’
3. Инсталираме необходимите компоненти от ‘Control Panel > Programs > Turn Windows features on or off > Remote Server Administration Tools’
Това е 🙂 Вече имаме работещ Active Directory сървър на нашият linux сървър, без да е необходимо да използваме услугите на Microsoft – и по-специално да имаме Windows Server!