Archive for marzo, 2024
cambiar los dns en ubuntu 2204
# Me guió de
# https://www.ionos.com/digitalguide/server/configuration/change-dns-server-on-ubuntu/#:~:text=Step%201%3A%20Launch%20the%20system,server%20connection%20for%20a%20moment.
sudo apt install resolvconf
sudo systemctl status resolvconf.service
sudo systemctl start resolvconf.service
sudo systemctl enable resolvconf.service
sudo systemctl status resolvconf.service
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 192.168.0.33
nameserver 1.1.1.1
sudo resolvconf --enable-updates
sudo resolvconf -u
sudo systemctl restart resolvconf.service
sudo systemctl restart systemd-resolved.service
resolvectl status
openldap en docker-compose(otra oportunidad)
# Me guió de esto
https://github.com/Ramhm/openldap/blob/master/docker-compose.yml
mkdir openldap
cd openldap
vi docker-compose.yml
version: '3.7'
services:
openldap:
image: osixia/openldap:latest
container_name: openldap
hostname: openldap
env_file: ./.env
ports:
- "389:389"
- "636:636"
volumes:
- ./data/certificates:/container/service/slapd/assets/certs
- ./data/slapd/database:/var/lib/ldap
- ./data/slapd/config:/etc/ldap/slapd.d
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_ADMIN_USERNAME=${LDAP_ADMIN_USERNAME}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_CONFIG_PASSWORD=${LDAP_CONFIG_PASSWORD}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_TLS_CRT_FILENAME=${LDAP_TLS_CRT_FILENAME}
- LDAP_TLS_KEY_FILENAME=${LDAP_TLS_KEY_FILENAME}
- LDAP_TLS_CA_CRT_FILENAME=${LDAP_TLS_CA_CRT_FILENAME}
- LDAP_READONLY_USER=${LDAP_READONLY_USER}
- LDAP_READONLY_USER_USERNAME=${LDAP_READONLY_USER_USERNAME}
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
networks:
- openldap
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
hostname: phpldapadmin
env_file: ./.env
ports:
- "80:80"
environment:
- PHPLDAPADMIN_LDAP_HOSTS=${PHPLDAPADMIN_LDAP_HOSTS}
- PHPLDAPADMIN_HTTPS=${PHPLDAPADMIN_HTTPS}
depends_on:
- openldap
networks:
- openldap
networks:
openldap:
driver: bridge
vi .env
PHPLDAPADMIN_LDAP_HOSTS=openldap
PHPLDAPADMIN_HTTPS=false
LDAP_ORGANISATION=pablosky.org
LDAP_DOMAIN=pablosky.org
LDAP_ADMIN_USERNAME=admin
LDAP_ADMIN_PASSWORD=claveadmin
LDAP_CONFIG_PASSWORD=clave
LDAP_BASE_DN=dc=pablosky,dc=org
LDAP_TLS_CRT_FILENAME=server.crt
LDAP_TLS_KEY_FILENAME=server.key
LDAP_TLS_CA_CRT_FILENAME=pablosky.org.ca.crt
LDAP_READONLY_USER=true
LDAP_READONLY_USER_USERNAME=usuariosololectura
LDAP_READONLY_USER_PASSWORD=clavesololectura
docker-compose up -d
Ingreso con la ip y el usuario es
cn=admin,dc=pablosky,dc=org
claveadmin
openldap en docker
mkdir opld
cd opld
vi docker-compose.yml
version: '2'
services:
ldap:
image: osixia/openldap:1.5.0
container_name: ldap
environment:
- LDAP_ORGANISATION=pablosky
- LDAP_DOMAIN=pablosky.com
- "LDAP_BASE_DN=dc=pablosky,dc=com"
- LDAP_ADMIN_PASSWORD=Sarlanga
ports:
- 389:389
- 636:636
docker-compose up -d
virtualenv para python en debian 12
# Me guió de
# https://developer.parrot.com/docs/olympe/pip_on_debian_based_distros.html#creating-a-python-virtual-environment-on-a-debian-based-system
sudo apt-get install python3-venv
python3 -m venv my-virtual-env
. ./my-virtual-env/bin/activate
python --version
pip install --upgrade pip
pip --version
deactivate
Pero que Temazo
Sobre todo cuando andas media pila abajo.
dc en samba en un ubuntu
# Me guio de
# https://www.considerednormal.com/2022/11/samba-based-active-directory-on-ubuntu-22-04/
sudo hostnamectl set-hostname dc
sudo vi /etc/hosts
192.168.0.13 dc.cn.lan dc
hostname -f
ping -c3 dc.cn.lan
sudo systemctl disable --now systemd-resolved
sudo unlink /etc/resolv.conf
sudo touch /etc/resolv.conf
sudo vi /etc/resolv.conf
nameserver 192.168.0.13
# fallback resolver
nameserver 9.9.9.9
# main domain for Samba
search cn.lan
sudo chattr +i /etc/resolv.conf
sudo apt update
sudo apt install -y acl attr samba samba-dsdb-modules samba-vfs-modules smbclient winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user dnsutils chrony net-tools
# Default Kerberos Verion 5 Realm:
CN.LAN
# Kerberos Servers for your realm:
dc.cn.lan
# Adminitraive server for your Kerberos realm:
dc.cn.lan
sudo systemctl disable --now smbd nmbd winbind
sudo systemctl unmask samba-ad-dc
sudo systemctl enable samba-ad-dc
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
sudo samba-tool domain provision
enter
enter
enter
enter
9.9.9.9
adminpass
sudo mv /etc/krb5.conf /etc/krb5.conf.orig
sudo cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
sudo systemctl start samba-ad-dc
sudo systemctl status samba-ad-dc
sudo chown root:_chrony /var/lib/samba/ntp_signd/
sudo chmod 750 /var/lib/samba/ntp_signd/
sudo vi /etc/chrony/chrony.conf
bindcmdaddress 192.168.0.13
allow 192.168.0.0/24
ntpsigndsocket /var/lib/samba/ntp_signd
# Reinicio chromyd y me fijo el estado
sudo systemctl restart chronyd
sudo systemctl status chronyd
# Verifico que llegue al dominio
host -t A cn.lan
host -t A dc.cn.lan
host -t SRV _kerberos._udp.cn.lan
host -t SRV _ldap._tcp.cn.lan
host -t SRV _kerberos._udp.cn.lan
host -t SRV _ldap._tcp.cn.lan
# autentico en kerberos con el usuario administrator
kinit administrator@CN.LAN
klist
# Creo un usuario
sudo samba-tool user create mkoster
# Me traigo la lista de usuario samba
sudo samba-tool user list
# en el windoes setear como dns del samba y el nombre de la pc
# Obtengo las ip de los dns
Get-DnsClientServerAddress
# Pruebo si llego al dc
ping dc1.cn.lan
ping cn.lan
# Agrego al dominio la pc
Add-Computer -DomainName "cn.lan" -Restart
Comentarios recientes