Professional Documents
Culture Documents
Quản Lý Xác Thực Tập Trung Với Dịch Vụ Ldap Linux
Quản Lý Xác Thực Tập Trung Với Dịch Vụ Ldap Linux
Quản Lý Xác Thực Tập Trung Với Dịch Vụ Ldap Linux
Tn ti:
GVHD: TRN VN TI
SVTH:
1. DNG QUC TUN
2. TRN HUNH AN DUY
3. TRN ON KIN
M lp:03CCHT01
Kha:03
Tp H Ch Minh, Ngy 19 Thng 10 Nm 2011
MSSV: 99510030043
MSSV: 99510030007
MSSV: 99510030017
MC LC
LI CM N............................................................................................................................. 13
MC TIU TI........................................................................................................................7
CHNG I: GII THIU TNG QUAN......................................................................................8
I. Lch s pht trin ca Linux: 8
II. u im & khuyt im ca Linux: 9
1. u im:.........................................................................................................9
1.1 Kinh t:
10
2. Khuyt im:..................................................................................................11
2.1 i hi ngi dng phi thnh tho:
2.2 Tnh tiu chun ha:
11
11
11
13
13
13
15
25
1. Gii thiu:.....................................................................................................25
2. Cch phn b d liu qun l domain name:...............................................28
3. Phn gii thun:............................................................................................29
4. Phn gii nghch:...........................................................................................29
5. S khc nhau gia Zone v Domain:...........................................................29
6. Chng nhn tn min:...................................................................................30
7. Phn loi Domain Name Server:...................................................................30
8. S y quyn (Delegation domain)................................................................31
9. Resource record:...........................................................................................31
10. Gii thiu phn mm BIND:........................................................................34
II. Dch v FTP (File Transfer Protocol):
38
1. Gii thiu:.....................................................................................................38
2. M hnh hot ng:.......................................................................................38
3.Chng trnh FTP Client:...............................................................................41
4. Mt s tp lnh ca FTP Client:....................................................................42
5. Ci t v cu hnh FTP:...............................................................................43
III. Dch v Web:
46
50
51
51
52
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 4/164
61
1. Gii thiu:.....................................................................................................61
2. H thng mail:...............................................................................................62
3. Cc khi nim:...............................................................................................65
4. Mail v DNS:..................................................................................................66
5. Phn mm mail Postfix:.................................................................................67
6. Phn mm webmail:......................................................................................68
VI. Dch v Samba:68
1. Gii thiu:.....................................................................................................68
2. Ci t:..........................................................................................................68
CHNG IV: C S L THUYT LDAP.................................................................................75
I. Gii thiu v LDAP:
75
80
99
101
1.Ci t:.........................................................................................................101
1.1 Cc gi ci t:
101
101
105
1. Ci t:.......................................................................................................105
1.1 Cc gi ci t:
105
2. Cc file cu hnh:.........................................................................................106
2.1 Cu hnh file /etc/openldap/slapd.conf: 106
2.2 Cu hnh file /etc/samba/smb.conf:
108
109
113
1. Ci t:........................................................................................................113
1.1 Cc gi ci t:
113
2. Cc file cu hnh:.........................................................................................113
2.1 Cu hnh file /etc/samba/smb.conf:
2.2
113
114
116
1. Ci t:........................................................................................................116
1.1 Cc gi ci t:
116
2. Cc file cu hnh:.........................................................................................116
2.1 Cu hnh file /etc/postfix/main.cf:
116
117
117
117
118
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 6/164
120
122
1. Ci t:.......................................................................................................122
1.1 Cc gi ci t:
122
2. Cc file cu hnh:.........................................................................................122
2.1 Cu hnh file /etc/pam.d/vsftpd (chng thc ldap):
122
122
124
1. Ci t:.......................................................................................................124
1.1 Cc gi ci t:
124
2. Cc file cu hnh:.........................................................................................124
2.1 Cu hnh file /etc/httpd/conf/httpd.conf (chng thc ldap):
124
126
1. Ci t:.......................................................................................................126
1.1 Ci t IPCOP:
126
1.2 Cc bc ci t: 126
1.3 Cu hnh Proxy Server: 138
1.4 Cu hnh firewall: 142
1.5 Cu hnh logs:
145
150
156
1. Yu cu ti:............................................................................................156
2. Hng pht trin ti:..............................................................................156
II. Ti liu tham kho:
III. Cc website:
156
156
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 7/164
DANH MC HNH
Hnh 1: Partition trong Linux.......................................................................................................19
Hnh 2: Chn ch ci t.......................................................................................................20
Hnh 3: Chn ngn ng s dng................................................................................................21
Hnh 4: Chn kiu bn phm.......................................................................................................22
Hnh 5: Chia partition..................................................................................................................23
Hnh 6: Ci Boot Loader.............................................................................................................24
Hnh 7: Cu hnh mng..............................................................................................................25
Hnh 8: Cu hnh khu vc a l.................................................................................................25
Hnh 9: t mt khu cho ngi qun tr...................................................................................26
Hnh 10: Chn loi ci t..........................................................................................................27
Hnh 11: Qu trnh ci t h iu hnh.....................................................................................28
Hnh 12: Ci t hon tt............................................................................................................28
Hnh 13: Cu hnh firewall..........................................................................................................29
Hnh 14: Ci t ngy gi h thng...........................................................................................29
Hnh 15: To user.......................................................................................................................30
Hnh 16: Giao din Desktop.......................................................................................................30
Hnh 17a: C ch phn cp DNS...............................................................................................32
Hnh 17b: C ch phn cp DNS...............................................................................................33
Hnh 18: Zone v Domain...........................................................................................................36
Hnh 19: Delegation Domain......................................................................................................37
Hnh 20: File cu hnh zone thun.............................................................................................43
Hnh 21: File cu hnh zone nghch............................................................................................43
Hnh 22: S kt ni active FTP.............................................................................................45
Hnh 23: S kt ni passive FTP..........................................................................................47
Hnh 20: Hot ng ca giao thc HTTP...................................................................................53
Hnh 21: M t pht sinh web ng t chng trnh CGI..........................................................56
Hnh 22: Chng thc Digest.......................................................................................................60
Hnh 22: Squid Proxy..................................................................................................................62
Hnh 23: S h thng mail.....................................................................................................69
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 8/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 12/164
LI CM N
c th hon tt c bi n ny, trc tin phi k n cng
sc ca thy
TRN VN TI.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 13/164
MC TIU TI
Xy dng h thng mng chng thc tp trung vi OpenLDAP.
Xy dng h thng chng thc tp trung cho cc dch v: mail, ftp, samba,
web.
Xy dng h thng qun l tp trung trn HDH Linux thay th cho h thng
MS Active Directory.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 14/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 15/164
u im:
1.1 Kinh t:
l mt c im khng th b qua ca Linux. Tuy nhin i vi Linux
vn cha l tt c. H iu hnh ny cn rt nhiu u im khc m khng
mt h iu hnh no c. Chnh nhng c im ny mi l nguyn nhn
khin cho Linux ngy cng tr nn ph bin khng ch Vit Nam m c
trn th gii.
1.2 Linh hot, uyn chuyn:
Linux l mt H iu hnh m ngun m nn chng ta c th ty sa cha
theo nh mnh thch (tt nhin l trong kh nng kin thc ca mi ngi).
Chng ta c th chnh sa Linux v cc ng dng trn sao cho ph hp vi
mnh nht. Mt khc do Linux c mt cng ng rt ln nhng ngi lm
phn mm cng pht trin trn cc mi trng, hon cnh khc nhau nn tm
mt phin bn ph hp vi yu cu ca mi ngi s khng phi l mt vn
qu kh khn.
Tnh linh hot ca Linux cn c th hin ch n tng thch c vi rt
nhiu mi trng. Hin ti, ngoi Linux dnh cho server, PCnhn Linux
(Linux kernel) cn c nhng vo cc thit b iu khin nh my tnh palm,
robot..Phm vi ng dng ca Linux c xem l rt rng ri.
1.3 an ton cao:
Trc ht, trong Linux c mt c cu phn quyn ht sc r rng. Ch c
"root" (ngi dng ti cao) mi c quyn ci t v thay i h thng. Ngoi ra
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 17/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 19/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 20/164
K t m t a
hda
Primary Master
hdb
Primary Slave
hdc
Secondary Master
hdd
Secondary Slave
sda
sdb
2.
Chn ch ci t:
Khi chng trnh ci t khi ng s hin th mn hnh:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 22/164
Hnh 2: Chn ch ci t
Chng ta c th chn cc ch :
Linux text: Chng trnh ci t h iu hnh di ch text (text mode).
3.
Cu hnh bn phm:
Chn loi bn phm thch hp Next
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 23/164
Chia partition:
Remove all partition on selected drivers and create default layout: Loi b tt c
cc partition c sn trong h thng v h thng s to t ng theo mc nh.
Remove linux partition on selected drivers and create default layout: Loi b tt c
cc Linux partition c sn trong h thng v h thng s to t ng theo mc
nh.
Use free space on selected drivers and create default layout: Dng khng gian cn
trng trn a vn h thng s to t ng theo mc nh.
Create custom layout: Chia partition theo ty chn ca ngi dng (manually).
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 24/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 25/164
Cu hnh mng:
Mc nh h thng cu hnh mng DHCP, cu hnh a ch IP c th chng ta
nhp nhng thng s cu hnh mng bng cch Click nt Edit.
IP Address: Ch nh a ch IP cho my.
Prefix (Netmask): Ch nh netmask cho my.
Active on boot: Card mng c kch hot khi h iu hnh khi ng.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 26/164
Cu hnh khu vc a l:
Cc v tr chia theo chu lc. Vit Nam l Asia/Ho_Chi_Minh, ta c th chn mc
ny mt cch d dng thng qua vic nh v chut ti ng v tr trn bng
Next.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 27/164
Chn loi ci t:
Mt s ci t thng dng:
Desktop: Ci t h iu hnh phc v cho cng vic ca mt my trm.
Server: Ci t h iu hnh phc v cho my ch.
Customize now: C th tch hp cc ty chn trn mt cch ty .
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 28/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 29/164
S dng h iu hnh:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 30/164
Gii thiu:
Mi my tnh trong mng mun lin lc hay trao i thng tin, d liu cho nhau
cn phi bit r a ch IP ca nhau. Nu s lng my tnh nhiu th vic nh
nhng a ch IP ny l rt kh khn.
Mi my tnh ngoi a ch IP ra cn c mt tn my cn gi l Computer name.
i vi con ngi vic nh tn my d sao cng d dng hn v chng c tnh
trc quan v gi nh hn a ch IP. V th ngi ta ngh ra cch lm sao nh x
a ch IP thnh tn my tnh.
Ban u do quy m mng ARPAnet (tin than ca mng Internet) cn nh (ch vi
trm my), nn ch c mt tp tin n HOSTS.TXT lu thong tin v nh x tn
my tnh thnh a ch IP. Trong tn my ch l mt chui vn bn khng phn
cp (flat name). Tp tin ny c duy tr ti mt my ch v cc my ch khc lu
gi bn sao ca n. Tuy nhin khi quy m mng ln hn, vic s dng tp tin
HOSTS.TXT c cc nhc im sau:
Lu lng mng v my ch duy tr tp tin HOSTS.TXT b qu ti do hiu
ng c chai.
Xung t tn v khng th c hai my tnh cng tn trong tp tin HOSTS.TXT.
Tuy nhin do tn my khng phn cp v khng c g bo m ngn chn
vic to hai tn trng nhau v khng c c ch y quyn qun l tp tin nn
c nguy c b xung t tn.
Khng m bo s ton vn: vic duy tr mt tp tin trn mng ln rt kh
khn. V d nh khi tp tin HOSTS.TXT va cp nht cha kp chuyn n
my ch xa th c s thay i a ch trn mng.
Tm li vic dng tp tin HOSTS.TXT khng ph hp cho mng ln v thiu c
ch phn tn v m rng. Do , dch v DNS ra i nhm khc phc cc nhc
im ny. Ngi thit k cu trc ca dch v DNS l Paul Mockapetris USCs
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 33/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 34/164
M t
Cc t chc, cng ty thng mi
Cc t chc phi li nhun
Cc trung tm h tr v mng
Cc t chc gio dc
Cc t chc thuc chnh ph
Cc t chc qun s
Cc t chc c thnh lp bi cc hip c quc t
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 35/164
M t
.arts
Nhng t chc lin quan n ngh thut v kin trc
.nom
Nhng a ch c nhn v gia nh
.rec
Nhng t chc c tnh cht gii tr, th thao
.firm
Nhng t chc kinh doanh, thng mi
.info
Nhng dch v lin quan n thng tin
Bn cnh , mi nc cng c mt top-level domain. V d top-level domain ca
Vit Nam l .vn, M l .us, .. Mi quc gia khc nhau c c ch t chc phn
cp domain khc nhau.
2.
Tn my tnh
a ch IP
a.root-servers.net.
198.41.0.4
b.root-servers.net.
128.9.0.107
c.root-servers.net.
192.33.4.12
d.root-servers.net.
128.8.10.90
e.root-servers.net.
192.203.230.10
f.root-servers.net.
192.5.5.241
g.root-servers.net.
192.112.36.4
h.root-servers.net.
128.63.2.53
i.root-servers.net.
192.36.148.17
j.root-servers.net.
192.58.128.30
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 36/164
k.root-servers.net.
193.0.14.129
l.root-servers.net.
198.32.64.12
m.root-servers.net. 202.12.27.33
Thng thng mt t chc c ng k mt hay nhiu domain name. Sau ,
mi t chc s ci t mt hay nhiu nameserver v duy tr c s d liu cho tt
c nhng my tnh trong domain. Nhng nameserver ca t chc c ng k
trn internet. Mt trong nhng nameserver ny c bit nh l Primary Server.
Nhiu Secondary Name Server c dung lm backup cho Primary Name
Server. Trong trng hp Primary b li, Secondary c s dng phn gii
tn min. Primary Name Server c th to ra nhng subdomain v y quyn
nhng subdomain ny cho nhng nameserver khc.
3.
4.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 37/164
7.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 38/164
Resource record:
Record SOA (Start of Authority):
Trong mi tp tin CSDL phi c mt v ch mt record SOA.
Record SOA ch ra rng my ch name server l ni cung cp thng tin tin
cy t d liu c trong zone
C php:
dns-svr.thanhlong.com.
IN A 172.31.0.3
ldap-svr1.thanhlong.com. IN A 172.31.0.1
Record CNAME (Canonical Name):
To tn b danh tr vo mt tn canonical
C php:
[tn my alias] IN CNAME [tn my gc]
V d:
thanhlong.com IN MX 0 mail-svr.thanhlong.com.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 41/164
IN
PTR
ldap-svr.thanhlong.com
ngha
/var/named/zone_file
named.conf
named.ca
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 42/164
named.empty
named.localhost
named.loopback
CSDL ca zone nghch
Cc bc cu hnh DNS
Khai bo zone trong tp tin /etc/named.conf.
Khai bo resource record cho zone thun v zone nghch.
Hiu chnh cc ty chn cho dch v DNS trong tp tin /etc/named.conf.
Cu hnh DNS Client.
Kim tra hot ng.
Khai bo zone trong tp tin /etc/named.conf:
Zone: nh ngha mt zone qun l CSDL cho min hay min con. Thng
thng khi cu hnh, ta khai bo hai zone: zone thun v zone nghch.
C php:
zone tn_min" {
type master/slave/hint/stub;
[ masters {/c IP ca Primary Name server;};]
file tn_file_CSDL";
};
type: ch ra loi name server.
master: ch ra a ch IP ca master name server.
file: ch nh tp tin m t cc resource record.
V d: cu hnh cho zone thun thanhlong.com v zone nghch
0.31.172.in-addr.arpa, ta khai bo nh sau:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 43/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 44/164
2.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 46/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 48/164
C PHP
NGHA
? [Command]
append
Append local-file[remote-file]
ascii
ASCII
binary
Binary
Bye
Bye
Cd
cd remote-directory
Thay i ng dn th mc
trn FTP server
delete
delete remote-file
Dir
dir remote-directory
Get
Lcd
lcd [directory]
Thay i th mc trn my cc
b
Ls
Lit k cc tp tin v th mc
mdelete
mdelete remote-file []
Xa nhiu file
Mget
mget remote-file []
Mkdir
mkdir directory
To th mc
Put
Upload tp tin
Mput
mput local-file []
Open
Kt ni ti FTP server
Prompt
Prompt
Tt c ch confirm sau mi ln
download file
Disconnect
Disconnect
Hy kt ni FTP
Pwd
Pwd
Xem th mc hin ti
Quit
Quit
Recv
Rename
Thay i tn file
Rmdir
rmdir directory
Xa th mc
Send
User
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 50/164
Ci t v cu hnh FTP:
vsftpd (Very Secure FTP Daemon): l mt phn mm lm FTP server c tch
hp chung vi h iu hnh Linux. vsftpd c pht trin xoay quanh tnh nng
truy cp nhanh, n nh v an ton, h tr nhiu kt ni ng thi n FTP Server.
Sau y lit k nhng tp tin v th mc thng c quan tm khi cu hnh
vsftpd server:
/etc/pam.d/vsftpd: Tp tin cu hnh PAM cho vsftpd. Tp tin ny nh ngha
nhng yu cu m ngi dng phi cung cp khi ng nhp vo ftp server.
/etc/vsftpd/vsftpd.conf: Tp tin cu hnh vsftpd server.
/etc/vsftpd/ftpusers: Lit k nhng ngi dng khng c login vo vsftpd.
Mc nh danh sch nhng ngi dng ny gm root, bin, daemon
/etc/vsftpd/user_list: Tp tin ny c cu hnh cm hay cho php nhng
ngi dng c lit k truy cp ftp server, iu ny ph thuc vo ty chn
userlist_deny c xt YES hay NO trong tp tin vsftpd.conf. Nu nhng
ngi dng lit k trong tp tin ny th khng c xut hin trong
vsftpd.ftpusers.
/var/ftp/: Th mc cha nhng tp tin p ng cho vsftpd, n cng chc th
mc pub cho ngi dung anonymous. Th mc ny ch c th c, ch c root
mi c kh nng ghi.
Sau khi ci t vsftpd hoc sau khi chng ta hay i cu hnh, ta phi kch hot
dch v FTP. Qu trnh khi ng li s gip cho daemon vsftpd cp nht li cc
thng s m ta thay i, s dng lnh chkconfig vsftpd on t dch v FTP l
system services. Mt s lnh cn s dng khi ta mun khi ng li dch v FTP:
#service vsftpd start/stop/restart
#/etc/init.d/vsftpd start/stop/restart
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 51/164
cho
php
truy
cp
server,
gi
tr
mc
nh:
/etc/vsftpd/banned_emails.
banner_file: ch ra tp tin text s c hin th khi kt ni n server c thit
lp.
cmds_allowed: ch ra danh sch nhng lnh ftp (phn cch nhau b du phy)
c cho php bi ftp server. Tt c nhng lnh khc s b t chi.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 52/164
dng
password
ch
ra
trong
tp
tin
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 53/164
III.
Dch v Web:
1.
V d:
> telnet www.ispace.edu.vn 80
GET /index.html HTTP/1.0
Cng 80 l cng mc nh dnh cho Web server lng nghe cc kt ni c gi
n. p ng lnh HTTP GET, Web server tr v cho client trang index.html
thng qua phin lm vic telnet ny v sau ng kt ni. Thng tin tr v di
dng cc tag HTML:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 54/164
V d:
<html>
<head> <title> WWW </title>
</head>
<body>
<p align=center>
<a href=http://www.ispace.edu.vn/><b>Trng Cao ng ngh CNTT
iSPACE</b></a>
</b>
</p>
</body>
</html>
Trn c s phc v nhng trang web tnh n gin ny, ngy nay web server
c pht trin vi nhiu thng tin phc tp hn c chuyn gia web server v
web browser, trong quan trng nht c l l ni dung ng (dynamic content).
Vi phin bn u tin, web server hot ng theo m hnh sau:
Tip nhn cc yu cu t Browsers.
Trch ni dung t a.
Chy cc chng trnh CGI
Truyn d liu ngc li cho client.
Chy cng nhanh cng tt.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 56/164
Web client:
L nhng chng trnh duyt web pha ngi dng, nh internet Explorer,
Netscape, Fire fox, opera.., hin th nhng thng tin trang web cho ngi
dng, web client s gi yu cu n web server, sau i web server x l tr
kt qu v cho web client hin th cho ngi dng. Tt c mi yu cu u c
x l bi web server.
4.
Web ng:
Mt trong cc ni dung ng (thng gi tt l web ng) c bn l cc trang web
c to ra p ng cc d liu nhp vo ca ngi dng trc tip hay gin
tip.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 57/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 58/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 60/164
IV.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 63/164
3.
Trao i cache:
Squid c kh nng chia s d liu gia nhng cache vi nhau. Vic chia s ny
mang li nhng li ch nh:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 64/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 65/164
cache_effective_user squid
cache_effective_group squid
- V d: Cu trc mu v ACL
acl
acl
acl
acl
aclname
aclname
aclname
aclname
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 66/164
aclname
aclname
aclname
aclname
aclname
V.
Gii thiu:
H thng mail c xy dng trn mt s giao thc sau: Simple Mail Transfer
Protocol (SMTP), Post Office Protocol (POP), Multipurpose Internet Mail
Extensions (MIME) v Interactive Mail Access Protocol (IMAP).
Giao thc SMTP:
L giao thc tin cy chu trch nhim phn pht mail.
Cc tp lnh trong giao thc SMTP
Lnh
Hello
From
Recipient
Data
Reset
Verify
Expand
Help
C php
HELLO <sending-host>
MAIL FROM:<from-addr>
RCPT TO:<to-addr>
DATA
RSET
VRFY <string>
EXPN <string>
HELP [string]
Din gii
Nhn din SMTP
a ch ngi gi
c ch ngi nhn
Bt u gi thng ip
Hy b thng in
Kim tra username
M rng danh sch mail
Yu cu gip
s dng cc lnh SMTP, ta dng lnh telnet theo port 25 trn h thng
xa.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 69/164
Din gii
Cho bit thng tin v username cn nhn mail
Password ca username cn nhn mail
Hin th s thng ip cha c c (n v bytes)
Nhn/Xa thng ip th n
Hin th thng ip message cui cng
Hin th kch thc ca thng ip th n
Quay li thng ip u tin
In cc HEADER v dng th n ca thng ip
Kt thc phin giao dch POP3
H thng mail:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 70/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 71/164
Cc khi nim:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 72/164
Mail v DNS:
DNS v postfix l hai dch v c mi quan h mt thit vi nhau. Postfix da vo
dch v DNS chuyn mail t mng bn trong ra bn ngoi v ngc li. Khi
chuyn mail, postfix tm MX record xc nh my ch no cn chuyn mail n.
C php: [domain name] IN MX 0 [mail server]
V d: t3h.com.vn. IN MX 0 mailserver.t3h.com.vn
Mt a ch email thng c dng sau:
username@subdomain.subdomain1.top-level-domain
Thnh phn bn phi du @ l a ch min. N phn bit ch hoa v ch thng.
5.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 74/164
Phn mm webmail:
Ci t gi:
php-mbstring-5.1.6-23.2.el5_3.i386.rpm.
squirrelmail-1.4.8-5.el5.centos.7.noarch.rpm.
Cu hnh: file /etc/squirrelmail/config.php
$domain = thanhlong.com;
Sau thc hin lnh:
# chkconfig httpd on
# service httpd start
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 75/164
VI.
Dch v Samba:
1.
Gii thiu:
Samba l chng trnh tin ch h tr vic chia s ti nguyn cho nhng my khc
nh Linux, Windows.
Phn mm Samba gm nhiu thnh phn. Daemon mang tn smbd cung cp dch
v in n v tp tin. Tp tin cu hnh ca Daemon ny l smb.conf, cn daemon
nmbd th h tr dch v tn NETBIOS.
2.
Ci t:
Chng ta c th ci t Samba trong qu trnh ci CentOS hoc ci sau bng tin
ch RPM. Cc tp tin ci t bao gm:
Samba-3.0.33-3.14.el5.i386.rpm
Samba-client-3.0.33-3.14.el5.i386.rpm
Samba-common-3.0.33-3.14.el5.i386.rpm
System-config-samba
Samba-swat
Khi to dch v:
Khi to dch v ti thi im h thng khi ng
# chkconfig smb on
Khi to dch v thng qua lnh
# service smb start|stop|restart
Kim tra hot ng ca dch v Samba
# pgrep smb
Cu hnh samba:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 76/164
Gii thch
Cha cc tham s cu hnh chung ca Samba server
Cha cc tham s s dng cho vic cu hnh my in.
Ch nh SMB chia s th mc home directory ca user.
Chia s logon script.
Chia s profile
on [global]
workgroup = MYGROUP; ch ra nhm m my s tham gia.
server string = Samba Server; ch tn dch v
hosts allow = 172.31.0.1 173.31.0.3; ch nh cc a ch c php truy
cp n samba server.
guest account = pcguest; cung cp username cho 1 account khch trn
server. Account ny nhn din nhng user c dng dch v samba
dnh cho khch.
log file = /var/log/samba/smb.%m; xc nh v tr tp tin log ca tng client
truy cp samba.
max log size = 50; kch thc ti a ca tp tin log (KB).
encrypt password = yes; m ha mt khu.
smb passwd file = /etc/samba/smbpasswd; tp tin lu tr nhng user
c php truy cp n server smb.
on [homes]
comment = Home Directory; ch nh dng ch thch.
path = %H; ch nh th mc gc cho user.
read only = no; ch c quyn c trong th mc path.
valid users = %S; ch nh tn user c php truy xut. Nu ta cho php
group ta dng c php @group_name hoc + group_name
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 77/164
= no
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 78/164
= 901
socket_type
= stream
wait
= no
only_from
= 172.31.0.0/24
user
= root
server
= /usr/sbin/swat
log_on_failure += USERID
}
Truy xut SWAT t Internet Explorer:
- T trnh duyt Web, truy xut SMB SWAT thng qua a ch http://<IPSamba-Server>:<Port>
- V d: http://172.31.0.1:901
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 79/164
Thnh phn
Gii thch
Cung cp cc ti liu tham kho v Samba.
Qun l thng tin cu hnh.
Qun l ti nguyn chia s.
dng
samba
client:
<mount_point>
-o
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 82/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 83/164
II.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 84/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 85/164
Vic cho php nhiu thng ip cng x l ng thi lm cho LDAP linh ng hn
cc nghi thc khc v d nh HTTP, vi mi yu cu t client phi c tr li
trc khi mt yu cu khc c gi i, mt HTTP client program nh l Web
browser mun ti xung cng lc nhiu file th Web browser phi thc hin m
tng kt ni cho tng file, LDAP thc hin theo cch hon ton khc, qun l tt
c thao tc trn mt kt ni.
3. Cc thao tc ca nghi thc LDAP:
LDAP c 9 thao tc c bn, chia thnh 3 nhm thao tc chnh:
Thao tc thm tra (interrogation) : search, compare. Hai thao tc ny cho php
chng ta thc hin thm tra trn th mc.
Thao tc cp nht (update): add, delete, modify, modify DN ( rename ). Nhng
thao tc ny cho php chng ta thc hin cp nht thng tin trn th mc.
Thao tc xc thc v iu kin(authentiaction and control) : bind, unbind,
abandon. Thao tc bind cho php client t xc nh c mnh vi th mc,
thao tc ny cung cp s xc nhn v xc thc chng th; unbind cho php
client hu b phn on lm vic hin hnh; v cui cng l thao tc abandon
cho php client ch ra cc thao tc m kt qu client khng cn quan tm n
na.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 86/164
III.
Cc m hnh LDAP:
LDAP nh ngha ra 4 m hnh gm c LDAP informmation, LDAP Naming, LDAP
Functional, LDAP Security.
1. LDAP Information Model:
M hnh LDAP Information nh ngha ra cc kiu ca d liu v cc thnh phn
c bn ca thng tin m bn c th cha trong th mc. Hay chng ta c th ni
rng LDAP Information m t cch xy dng ra cc khi d liu m chng ta c
th s dng to ra th mc.
Thnh phn c bn ca thng tin trong mt th mc gi l entry y l mt tp
hp cha cc thng tin v i tng (Object). Thng th cc thng tin trong mt
entry m t mt i tng tht nh l thng tin v ngi, nhng y khng phi l
qui nh bt buc vi m hnh. V d nh trn th mc di y.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 88/164
Atrribute type
cn :
sn :
telephone number :
mail :
Atrribute values
Barbara jensen
Bads jensen
jensen
+1 408 555 1212
bads@arius.com
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 90/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 92/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 93/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 95/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 97/164
Filter Type
Format
Example
Matches
Equality
(attr=value)
sn=jensen
Tm kim cc
entry
c surname l
jensen
Substring
(attr=[leading]
*[any]*[trailin
g])
(sn=*jensen*)
Surname cha
chui con
jensen
(sn=jensen*)
(sn=*jensen)
(sn=je*nse*n)
Surname bt
u l chui
jensen
Surname kt
thc vi chui
jensen
Surname bt
u vi chui
je cha
chuinse v
kt thc l chui
n
Approximat
e
(attr~=value)
(attr=~jensen)
Surname xp x
nh l chui
jensen chng
hn nh jensin
hay jenson
Greater
than or
equal to
(attr>=value)
(sn>=jensen)
Surname
>=jensen, b
lc ny p dng
cho cc
thuc tnh l
kiu c gi tr
Less than
or equal to
(attr<=value)
(sn<=jensen)
Surname
>=jensen
Presence
(attr=*)
(sn=*)
Tt c cc
entry c thuc
tnh atrr
AND
(&(filter1)(filte
r2))
(&(sn=jensen)(obj
ectclass=person))
Cc entry l
objectclass
person v
surname=jensen
OR
(|(filter1)(filter
(|(sn~=jensen)(tel
Cc entry
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 100/164
NOT
2))
ephonenumber=89
44570))
csurname xp
s nh chui
jensen hay c
s in thoi l
8944570
(!(filter))
(!(age>=22))
Cc entry c
thuc tnh tui
<22
Chui :=.
Mt gi tr dng so snh.
Gi tr h 10
42
Gi tr h 16
0x2A
Escap Sequence
\2A
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 101/164
40
41
92
0
0x28
0x29
0x5C
0x00
\28
\29
\5c
\00
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 102/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 103/164
IV.
S dng LDAP:
1. ng dng xc thc dng LDAP:
Dng LDAP xc thc mt user ng nhp vo mt h thng qua chng trnh
thm tra, chng trnh thc hin nh sau u tin chng trnh thm tra to ra
mt i din xc thc vi LDAP thng qua (1) sau so snh mt khu ca
user A vi thng tin cha trong th mc. Nu so snh thnh cng th user A
xc thc thnh cng.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 104/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 105/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 106/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 108/164
/etc/syslog.conf
/usr/local/libexec/slapd
; Start ldap.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 109/164
Hnh 47: nh ngha database, tn phn gii, user qun tr, th mc lu tr database.
Trn my ldap-svr2:
Sau khi cu hnh cc tham s chng ta start | restart li dch v ldap trn c 02
my bng lnh:
#/usr/local/libexec/slapd
T my ldap-svr1 dng cng c qun tr ldap admin to user u1 quan st ta thy
user u1 s c ng b sang ldap-svr2.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 112/164
III.
Xy
(Openldap with Samba):
dng
Primary
Domain
Controller
1. Ci t:
1.1 Cc gi ci t:
Libtool-ltdl-1.5.22-6.1.i386.rpm
Openldap-servers-2.3.43-3.el5.i386.rpm
Openldap-clients-2.3.43-3.el5.i386.rpm
Openldap-2.3.43-3.el5.i386.rpm
Nss_ldap
Php_ldap
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 113/164
Hnh 59: nh ngha database, tn phn gii, user qun tr, th mc lu tr database.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 114/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 115/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 117/164
IV.
(Samba):
1. Ci t:
1.1 Cc gi ci t:
Samba-3.0.33-3.14.el5.i386.rpm
Samba-client-3.0.33-3.14.el5.i386.rpm
Samba-common-3.0.33-3.14.el5.i386.rpm
System-config-samba
Samba-swat
2. Cc file cu hnh:
/etc/samba/smb.conf.
/etc/ldap.conf.
/etc/xinetd.d/swat
2.1 Cu hnh file /etc/samba/smb.conf:
To cc th mc lu tr d liu cho cc i tng
#mkdir /home/dulieu
#mkdir /home/ketoan
#mkdir /home/kinhdoanh
#mkdir /home/software
Cu hnh chia s cc th mc:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 121/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 122/164
V.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 124/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 125/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 126/164
4.2
S dng webmail:
M trnh duyt nhp vo: http://mail-server | ip_address/webmail:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 128/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 130/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 131/164
1. Ci t:
1.1 Cc gi ci t:
Httpd-2.2.3-43.el5.centos
2. Cc file cu hnh:
/etc/httpd/conf/httpd.conf
2.1 Cu hnh file /etc/httpd/conf/httpd.conf (chng thc ldap):
Thm vo cc dng sau:
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 132/164
Xy
dng
Proxy,
Firewall,
VPN
Server
1. Ci t:
1.1 Ci t IPCOP:
Download file ipcop.iso (internet) ghi ra a CD chn boot t CDROM
ci t.
1.2 Cc bc ci t:
Chn ngn ng s dng OK
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 134/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 145/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 146/164
Chn Tab Services Chn Advanced Proxy Check Enable Proxy Thit
lp Port
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 147/164
Cu hnh chng thc LDAP: Chn phng thc chng thc LDAP in
cc thng s LDAP Server Clich Save and Restart
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 148/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 149/164
1.4
Cu hnh firewall:
Chn Tab Firewall Chn Port Forwarding Thit lp Rule public
application server
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 150/164
Chn Tab Firewall Chn DNZ PinHoles Thit lp Rule cho php cc
my trong vng DNZ truy cp GREEN network (internal):
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 151/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 152/164
1.5
Cu hnh logs:
Chn Tab LOGS Log settings Thit lp cc thng s log
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 153/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 154/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 155/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 156/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 157/164
1.6
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 158/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 159/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 160/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 162/164
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 163/164
II.
III.
Cc website:
[1] http://www.centos.org.
[2] http://www.server-world.info.
[3] http://www.ipcop.org.
[4] http://www.openldap.org.
[5] Cc website khc.
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 164/164