Как подружить Linux с доменом Active Directory
Мирослав Бусалов
X:\CMPNENTS\R2\ADPREP\adprep.exe /forestprep
NTPSERVERS="dc.domain.ru"
$sudo ntpdate -s dc.domain.ru
127.0.0.1 workstation.domain.ru localhost workstation
ping workstation.domain.ru –с 4
$sudo apt-get install krb5-user libpam-krb5 krb5-config libkrb53 krb5-doc
$sudo dpkg –-configure –a
[libdefaults]
default_realm = DOMAIN.RU
# DOMAIN.RU пишется обязательно ЗАГЛАВНЫМИ БУКВАМИ
ticket_lifetime = 24000
# The following krb5.conf variables are only for
# MIT Kerberos
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
DOMAIN.RU = {
kdc = dc.domain.ru
# kdc – key distribution center – контроллер домена
admin_server = dc.domain.ru
default_domain = domain.ru
}
[domain_realm]
.domain.ru = DOMAIN.RU
domain.ru = DOMAIN.RU
[login]
krb4_convert = true
krb4_get_tickets = false
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
$kinit user@DOMAIN.RU
$klist
$sudo apt-get install libnss-ldap libpam-ldap
# LDAP Defaults
# See ldap.conf(5) for details
# This file should be world readable but not world writable
uri ldap://dc.domain.ru
base dc=domain,dc=ru
ldap_version 3
scope sub
# Следующие две строки содержат реквизиты учетной записи
# unixldap, необходимые для доступа к схеме AD
binddn cn=unixldap,cn=Users,dc=domain,dc=ru
bindpw password
bind_timelimit 2
bind_policy soft
# bind_policy soft указывает, что при неудачном подключении
# к LDAP не пытаться переподключиться при отсутствии
# данной строки система не сможет загрузиться
idle_timelimit 2
# PAM options with group-based access configuration:
pam_filter objectClass=posixAccount
pam_login_attribute uid
# nsswitch.conf options:
nss_base_password cn=Users,dc=domain,dc=ru?sub
nss_base_group cn=Users,dc=domain,dc=ru?sub
# Далее прописываем mapping POSIX атрибутов,
# т.к. в схему AD они не добавляются
nss_map_objectclass posixAccount User
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute gecos cn
nss_map_objectclass posixGroup Group
ssl no
# sudo options:
sudoers_base cn=UNIXadmins,cn=Users,dc=domain,dc=ru
# debug 257
BASE dc=domain,dc=ru
URI ldap://dc.domain.ru
$sudo apt-get install smbfs
$sudo apt-get install libxml-writer-perl
pmvarrun -u %(USER) -o %(OPERATION)
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%UNIXadmins ALL=(ALL) ALL
#%PAM-1.0
auth sufficient pam_krb5.so
auth sufficient pam_ldap.so use_first_pass
auth sufficient pam_unix.so use_first_pass
auth required pam_deny.so
#@include common-auth
#@include common-account
#account required pam_login_access.so
account required pam_ldap.so ignore_authinfo_unavail ignore_unknown_user
account required pam_unix.so
auth optional pam_mount.so
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_ldap.so ignore_authinfo_unavail ignore_unknown_user use_first_pass
auth required pam_unix.so nullok_secure
auth required pam_deny.so
password sufficient pam_unix.so obscure md5
password sufficient pam_ldap.so
session optional pam_mount.so
session required pam_unix.so
session optional pam_foreground.so
group: files ldap
hosts: files dns
networks: files
passwd: files ldap
shells: files
sudoers: files ldap
-----------------------------------------------------------------------------------------------------------------
PowerShell: часто задаваемые вопросы
Василий Гусев
. c:\Scripts\MyFunctions.ps1
MyScript.ps1
.\MyScript.ps1
# Выводим имя компьютера на экран
$env:computername
#переходим в каталог Windows
cd $env:windir
"Welcome to " + $env:computername + "!"
Get-Help About_Environment_variable
dir | where {$_.length –ge 2kb}
Get-WmiObject win32_share | where {$_.path -like "?:\"}
ps | where {$_.path –notLike "c:\windows*"} | kill -whatif
Get-Process | Get-Member -MemberType *property
$e = Get-Process explorer
$e | Format-List -Property *
$e | fl *
New-Alias grep Select-String
New-Alias ss Select-String
Select-String 3389 C:\Windows\System32\drivers\etc\services
ss 3389 C:\Windows\System32\drivers\etc\services |%{$_.Line}
dir c:\windows\*.log | Select-String "Error"
"xaegr@yandex.ru" -match "\S+@\S+"
if ("xaegr@yandex.ru" -match "(\S+)@(\S+)") {$matches[2]}
"Е-mail: xaegr@yandex.ru" -match "(?<Имя>\S+)@(?<Домен>\S+)"
$matches["Домен"]
$matches.Имя
"SimpleShell" -replace "Simple","Power"
"PowerShell" -replace "[wrel]"
"PowerShell" -replace "(.{5})(.{5})",'$2$1'
[regex]$r = "[,;]"
$r | Get-Member -MemberType method
$r.Split("1;2,3,4,5;6")
"Test" -eq "test"
"Test" -ceq "test"
Get-Command %, gps, ft
Get-Command ping
# Название функции
function prompt {
# Бонус! Выводим полный путь в заголовок окна
$host.UI.RawUI.WindowTitle = Get-Location ;
# Получаем из переменной окружения имя пользователя
$env:username + "@" +
# Имя компьютера
$env:computername + ":" +
# И последний элемент текущего каталога
(get-location | split-path -leaf) + "> "}
New-Item -type file -Path $PROFILE -Force
notepad $PROFILE
-----------------------------------------------------------------------------------------------------------------
Создаём персональный набор ярлыков для каждого пользователя в папке «Мой Компьютер»
Иван Коробко
Листинг 1. Создание ярлыка в папке «Мой Компьютер». REG-файл
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C7AF0CFE-D0C4-11DC-B55C-F6B756D89593}]
@="Карта г.Москвы"
"infotip"="Карта г.Москвы"
[HKEY_CLASSES_ROOT\CLSID\{C7AF0CFE-D0C4-11DC-B55C-F6B756D89593}\defaulticon]
@="\\\\Server\Folder$\\\MoscowMap\\Btk2007.exe,0"
[HKEY_CLASSES_ROOT\CLSID\{C7AF0CFE-D0C4-11DC-B55C-F6B756D89593}\shell\open\command]
@="\\\\Server\Folder$\\\MoscowMap\\Btk2007.exe"
[HKEY_CLASSES_ROOT\CLSID\{C7AF0CFE-D0C4-11DC-B55C-F6B756D89593}\ShellFolder]
"Attributes"=hex:00,01,00,a0
HKLM\Software\Microsoft\CurrentVersion\Explorer\MyComputer\NameSpace\{C7AF0CFE-D0C4-11DC-B55C-F6B756D89593}
Листинг 2. Поиск групп в Active Directory. Считывание свойств
Imports System.DirectoryServices
…
Public Domain As String = ""
…
‘ Определение имени домена с помощью виртуального объекта
‘ RootDSE
Dim obj As New DirectoryEntry("LDAP://RootDSE")
Domain = "LDAP://" + obj.Properties("DefaultNamingContext").Value
‘ Формирование поискового запроса в текущем домене
Dim obj As New DirectorySearcher()
obj.SearchRoot = New DirectoryEntry("LDAP://" + Domain)
Dim query As String = "(&(objectclass =group)(cn=" + Prefix + "*))"
obj.Filter = query
‘ Поиск
Dim bb As SearchResultCollection
bb = search.FindAll
‘ Чтение результатов поиска
For Each b As SearchResult In bb
Dim path As String = b.GetDirectoryEntry.Properties("distinguishedName").Value.ToString()
Dim read = GetObject("LDAP://" + path)
‘ чтение поля INFO
For Each t As String In read.info
Response.Write (t + "
")
Next
‘ чтение поля DESCRIPTION
Response.Write read.description
Next
Листинг 3. Удаленное подключение к реестру
Imports Microsoft.Win32.
…
Public hklm As RegistryKey
Public hccr As RegistryKey
…
hklm = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, PcName)
hccr = RegistryKey.OpenRemoteBaseKey(RegistryHive.ClassesRoot, PcName)
Листинг 4. Определение списка значений CLSID, созданных программным способом
Public Key1 As String = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace"
Public Key2 As String = "clsid"
…
Dim i As Integer = 0
Dim Guids As String()
Dim a As String() = hklm.OpenSubKey(Key1).GetSubKeyNames
For Each CLSID As String In a
Dim c As RegistryKey = hklm.OpenSubKey(Key1).OpenSubKey(CLSID)
Dim d As String = c.GetValue(FlagKey)
If StrComp(UCase(d), UCase(FlagValue)) = 0 Then
ReDim Preserve Guids(i)
Guids(i) = CLSID
i += 1
End If
Next
Листинг 5. Удаление ветви реестра
For Each GUID As String In DetectGUID()
hklm.OpenSubKey(Key1, True).DeleteSubKeyTree(GUID)
hccr.OpenSubKey(Key2, True).DeleteSubKeyTree(GUID)
Next
Листинг 6. Запись данных в реестр
hklm.OpenSubKey(Key1, True).CreateSubKey(RegistryPath).SetValue(FlagKey, FlagValue, RegistryValueKind.String)
hccr.OpenSubKey(Key2, True).CreateSubKey(RegistryPath).SetValue("", GroupValues(0))
…
Dim temp_array As Byte() = {0, 1, 0, 160}
hccr.OpenSubKey(Key2, True).OpenSubKey(RegistryPath, True).CreateSubKey("shellFolder").SetValue("attributes", temp_array, RegistryValueKind.Binary)
Листинг 7. Запись данных в реестр
set oIE=CreateObject("InternetExplorer.Application")
do while (oie.busy)
loop
oIE.navigate "http://mycomputer"
oIE.visible = 0
oIE.Quit
set oIE=Nothing
-----------------------------------------------------------------------------------------------------------------
Что нового в IIS 7.0
Сергей Яремчук
> Pkgmngr.exe /iu:IIS-WebServerRole; WAS-WindowsActivationService; WAS-ProcessModel
-----------------------------------------------------------------------------------------------------------------
Строим персональный SyncML-сервис синхронизации
Максим Иргизнов
# ldd /usr/local/lib/libgthread-2.0.so
libthr.so.3 => /lib/libthr.so.3
# tar zxf libsyncml-0.4.6.bz2
# cd libsyncml-0.4.6
# mkdir build
# cd build
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DENABLE_OBEX=no ../
-I/usr/local/include
# make install
# tar zxf libopensync-0.36.tar.bz2
# cd libopensync-0.36
# mkdir build
# cd build
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local ../
# make
# make install
# tar zxf libopensync-plugin-file-0.36.tar.bz2
# cd libopensync-plugin-file-0.36
# mkdir build
# cd build
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local ../
# make
# make install
$ msynctool --listplugins
$ msynctool --addgroup mysync
$ msynctool --addmember mysync syncml-http-server
$ msynctool --addmember mysync file-sync
$ msynctool --showgroup mysync
$ msynctool --configure mysync 1
10.20.30.40
1234
Contacts
contact
vcard21
Calendar
event
vevent20
Notes
note
vnote11
Tasks
todo
vtodo20
/home/xeon/.opensync
data
$ msynctool --discover mysync
msynctool --sync mysync --slow-sync contact
$ msynctool --addmember mysync evo2-sync
$ msynctool --configure mysync 3
file:///home/xeon/.evolution/addressbook/local/system
file:///home/xeon/.evolution/calendar/local/system
file:///home/xeon/.evolution/tasks/local/system
tar -jcf opensync.tbz .opensync/
-----------------------------------------------------------------------------------------------------------------
Такой разный Squid
Сергей Яремчук
$ sudo apt-get install squid
$ sudo apt-get install squid3
# cd /usr/ports/www/squid
# cd /usr/ports/www/squid30
# make install
include /path/to/included/file/squid.acl.config
$ sudo squid -k parse
acl blockfiles url_regex -i ftp \.exe \.mp3 \.zip \.rar \.avi \.mpeg \.mpg \.iso \.raw \.wav
acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl"
$ sudo nano /etc/squid/blocks.files.acl
\.exe$
\.avi$
\.mpg$
\.mpeg$
\.mp3$
http_port 3128 transparent
$ sudo squid -k parse
external_acl_type nt_group %LOGIN concurrency=10 /usr/lib/squid/wbinfo_group.pl
external_acl_type nt_group %LOGIN children=10 /usr/lib/squid/wbinfo_group.pl
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern . 518400 80% 518400 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth ignore-no-store
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %psexec.exe \\S2K3VM\ -c autorunsc.exe -b
-----------------------------------------------------------------------------------------------------------------
Секреты Огнелиса
Александр Майоро
google журнал системный администратор
yandex системный администратор
data:[][;encoding],
data:text/html;base64,dGVzdCE=
view-source:http://www.samag.ru
about:cache?device=disk
about:cache?device=memory
# Так задаются комментарии, если вы хотите записать какую-то информацию,
# например, имя автора и как с вами связаться
#
# Раздел описания поискового механизма
# Раздел описания автоматического обновления плагина
#
SaMag
System adminstrator search form
windows-1251
http://www.google.ru/custom
http://samag.ru/samag.png
data:image/x-icon;base64,
iVBORw0KGgoAAAANSUhEUgAAABAAAA
...
AAwDAfE3pElITxQAAAABJRU5ErkJggg==
http://your_host/firefox_search_json.php?query=системный
Мой поисковый сервис
Найдишка
Супер поиск по моему форуму
Описалово...
Александр Майоров
majorsoft@majorsoft.ru
© 2008, Majorsoft.ru, All Rights Reserved.
UTF-8
UTF-8
В закладки
В закладки';
-----------------------------------------------------------------------------------------------------------------
Введение в Grails
Андрей Уваров
bash-3.2$ grails create-app homeLibrary
dataSource {
pooled = false
// Используемый нами драйвер
driverClassName = "com.mysql.jdbc.Driver"
username = "root"
password = "root"
}
hibernate {
cache.use_second_level_cache=true
cache.use_query_cache=true
cache.provider_class='org.hibernate.cache.EhCacheProvider'
}
// environment specific settings
environments {
development {
dataSource {
dbCreate = "create-drop"
// one of 'create', 'create-drop','update'
// Строка подключения к базе данных.
// Предполагается, что база home_library
// уже создана
url = "jdbc:mysql://127.0.0.1:3306/home_library"
}
}
test {
dataSource {
dbCreate = "update"
url = "jdbc:hsqldb:mem:testDb"
}
}
production {
dataSource {
dbCreate = "update"
url = "jdbc:hsqldb:file:prodDb;shutdown=true"
}
}
}
bash-3.2$ grails create-domain-class Book
class Book {
String name // Название книги
String author // Имя автора
int shelfNumber // Номер полки
static constraints = {
// Зададим ограничения
name(nullable: false, blank: false, size: 1..200)
author(nullable: false, blank: false, size: 1..50)
}
}
mysql> show create table book\G
class UrlMappings {
static mappings = {
"/$controller/$action?/$id?"{
constraints {
// apply constraints here
}
}
"500"(view:'/error')
// Переопределим поведение по умолчанию
"/"(controller: 'book')
}
}
class BookController {
def index = { redirect(action:list,params:params) }
// the delete, save and update actions only accept
// POST requests
def allowedMethods = [delete:'POST', save:'POST', update:'POST']
def list = {
if(!params.max) params.max = 10
[ bookList: Book.list( params ) ]
}
def show = {
def book = Book.get( params.id )
if(!book) {
flash.message = "Book not found with id ${params.id}"
redirect(action:list)
}
else { return [ book : book ] }
}
def delete = {
def book = Book.get( params.id )
if(book) {
book.delete()
flash.message = "Book ${params.id} deleted"
redirect(action:list)
}
else {
flash.message = "Book not found with id ${params.id}"
redirect(action:list)
}
}
def edit = {
def book = Book.get( params.id )
if(!book) {
flash.message = "Book not found with id ${params.id}"
redirect(action:list)
}
else {
return [ book : book ]
}
}
def update = {
def book = Book.get( params.id )
if(book) {
book.properties = params
if(!book.hasErrors() && book.save()) {
flash.message = "Book ${params.id} updated"
redirect(action:show,id:book.id)
}
else {
render(view:'edit',model:[book:book])
}
}
else {
flash.message = "Book not found with id ${params.id}"
redirect(action:edit,id:params.id)
}
}
def create = {
def book = new Book()
book.properties = params
return ['book':book]
}
def save = {
def book = new Book(params)
if(!book.hasErrors() && book.save()) {
flash.message = "Book ${book.id} created"
redirect(action:show,id:book.id)
}
else {
render(view:'create',model:[book:book])
}
}
}
-----------------------------------------------------------------------------------------------------------------
Rakudo – компилятор Perl 6 на виртуальной машине Parrot
Андрей Шитов
perl Configure.pl
make
make install
perl Configure.pl –-without-icu
cd languages/perl6/
make perl6
parrot perl6.pbc programme.pl
perl6 programme.pl
my $hour = 14;
my $summertime := $hour;
say $hour;
$summertime++;
say $hour;
my @values = <
registration
lunch
coffee-break
closing
>;
my $c = 0;
for @values -> $event {
$c++;
say "$c. $event";
}
class Language {
has $!Name;
method give_name ($newname) {
$!Name = $newname;
}
method say_name {
say "This is $!Name";
}
}
my $lang = Language.new();
$lang.give_name('Perl 6');
$lang.say_name();
say $lang.WHAT;
# печатает 'Refs' в Rakudo
# и 'Language' в Pugs
say Language.WHAT;
# везде печатает 'Language'
say $lang.WHAT;
# печатает 'Refs' в Rakudo и 'Language' в Pugs
say Language.WHAT;
# везде печатает 'Language'
my $var = 'Perl 6';
say $var.WHAT;
$var = 6;
say $var.WHAT;
$var = callme;
say $var.WHAT;
sub callme {
say 'I am a sub';
}
say (say 2).WHAT;
say "OK" if 10.isa('Int');
my $var = 'string';
say "OK" if $var.isa('Str');.
say "True" if (?100).isa('Bool');
say "True" if (Bool::False).isa('Bool');
multi sub say_time ($hour) {
say "$hour:00";
}
multi sub say_time ($hour, $minute) {
say "$hour:$minute";
}
say_time(14);
say_time(14, 15);
say 'before';
try {
die 'Bye!';
}
say 'after';
regex language {Perl|XML};
say "ok" if 'Perl' ~~ //;
say "not ok" unless 'PHP' ~~ //;
-----------------------------------------------------------------------------------------------------------------