mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
Merge pull request #22029 from Chao-zhi/translate-MjAyMTA1MjEgSm9pbmluZyBGZWRvcmEgTGludXggdG8gYW4gZW50ZXJwcmlzZSBkb21haW4ubWQK
Translated
This commit is contained in:
Xingyu.Wang
GitHub
commit
e87217a64c
@ -1,107 +0,0 @@
|
||||
[#]: subject: (Joining Fedora Linux to an enterprise domain)
|
||||
[#]: via: (https://fedoramagazine.org/join-fedora-linux-enterprise-domain/)
|
||||
[#]: author: (ogutierrez https://fedoramagazine.org/author/ogutierrez/)
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (Chao-zhi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
|
||||
Joining Fedora Linux to an enterprise domain
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
Photo by [Gene Gallin][2] on [Unsplash][3]
|
||||
|
||||
When you think about corporate networks, the most widely used Linux-based operating system that comes to mind is Red Hat Enterprise Linux (RHEL), used mostly on servers, but also as workstations. Fedora Linux is also a very good choice for a workstation, and comes packed with lots of features to work in the corporate environment and makes management an easy task.
|
||||
|
||||
When you work with many machines in your network you need a way to manage users and machines in a centralized way. That’s why [FreeIPA][4] and [Active Directory][5] are the technologies of choice for this task. They allow a sysadmin to manage a huge amount of machines using a directory of all the entities in their network.
|
||||
|
||||
### Fedora and Active Directory
|
||||
|
||||
Active Directory is very common in corporate environments. Fedora and RHEL integrate well with services such as FreeIPA or Active Directory by using the System Security Services Daemon (SSSD). SSSD is a system service to access remote directories and authentication mechanisms. A machine using this software is able to authenticate with remote credentials and access other services available in that directory network.
|
||||
|
||||
To join a domain network, you need the domain administrator’s permission to add the machine. Maybe by setting special permissions on your domain credentials or doing the pre-configuration of that machine on your behalf. Fedora Linux has an option to configure a machine during installation called _Enterprise Login_. If your machine network is automatically configured for the enterprise domain network, then you can login with your domain credentials directly.
|
||||
|
||||
![][6]
|
||||
|
||||
In the case your configuration is not automated—or you have Fedora Linux already installed—you can join an Active Directory domain with a few configuration steps:
|
||||
|
||||
1. Set up the DNS for this machine. To connect to a directory service, you need first to be able to resolve the directory domain name. If your network sets up the correct DNS using DHCP, you can skip this step.
|
||||
2. Change your machine name to reflect it will be part of the new domain. Edit the file _/etc/hostname_ and change the machine name to “machinename.my_domain”
|
||||
3. Join the domain by executing this command: _sudo realm join my_domain -v_ (replace “my_domain” with the name of your domain)
|
||||
|
||||
|
||||
|
||||
After running this command, the system will ask for the credentials of a user allowed to join new machines in that domain. If there are no errors in the process, the machine will become part of the domain.
|
||||
|
||||
![][7]
|
||||
|
||||
Now that this machine is part of your domain you can:
|
||||
|
||||
* Login with a domain username into the machine
|
||||
* Get kerberos tickets to access different services in the domain network
|
||||
* Access other services, depending on how the domain is configured
|
||||
|
||||
|
||||
|
||||
### Manage Fedora Linux with Fleet Commander
|
||||
|
||||
Now the machine is part of your domain, you can manage it with the domain administrator tools for Active Directory. Since your machine is not running Windows, you are limited to authentication and access to network and directory services. You cannot set up things like desktop-related configuration on this machine.
|
||||
|
||||
Luckily, Fedora has a tool called [Fleet Commander][8].
|
||||
|
||||
#### Create configuration
|
||||
|
||||
Fleet Commander is a management tool that allows you to set up desktop configuration profiles for all Fedora Linux machines across your network.
|
||||
|
||||
This means, you can set up any configuration for GNOME desktop, Firefox, Chrome, LibreOffice, and other supported software in an easy way, and then make that configuration to be applied on login to the selected users/groups/machines in a granular way.
|
||||
|
||||
![][9]
|
||||
|
||||
To use this tool, install the fleet-commander-admin package
|
||||
|
||||
```
|
||||
sudo dnf install fleet-commander-admin
|
||||
```
|
||||
|
||||
Next, visit [http://localhost:9090][10] in your browser to log in. On the menu to the left, click on _Fleet Commander_.
|
||||
|
||||
Fleet Commander has a tool to set up the configuration profiles intuitively using a “live session” mechanism. It runs a VM that serves as a template of your base machines. You to manually make the configuration changes you want. Then you review all the configuration changes, select the ones you want to add to the profile, and deploy it.
|
||||
|
||||
#### Manage clients
|
||||
|
||||
In each of your Fedora Linux or RHEL machines, you will need to install the Fleet Commander client service. This services activates when a user logs in. It searches the domain for the profiles that apply to current user/machine, and applies the configuration for the session.
|
||||
|
||||
To install the fleet-commander-client:
|
||||
|
||||
```
|
||||
sudo dnf install fleet-commander-client
|
||||
```
|
||||
|
||||
The software will detect if the machine is part of a domain automatically. When a user logs in, it will set up the session with the profiles that apply to the user.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/join-fedora-linux-enterprise-domain/
|
||||
|
||||
作者:[ogutierrez][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[Chao-zhi](https://github.com/Chao-zhi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/ogutierrez/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2021/05/enterprise-816x345.jpg
|
||||
[2]: https://unsplash.com/@genefoto?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[3]: https://unsplash.com/s/photos/fleet?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[4]: https://www.freeipa.org/page/Main_Page
|
||||
[5]: https://en.wikipedia.org/wiki/Active_Directory
|
||||
[6]: https://lh5.googleusercontent.com/aIRYn2TDgaaUrErzBV_KPVgpm94OrVgySlwqlI3VsotslWKN5UnLQ0VYjESSFB12aZWf_UnbmOOwa_rcxvRoI-MB6gFaw8p-RgBP9Lswnb2YV3iIlQ8YeXgpwJC_-B5tPrFTfUe_
|
||||
[7]: https://lh6.googleusercontent.com/DVvr7cHuZxvgqhAHk9v7jAYSER7VSP1G7CJ1xHx1kT5ZS-v1yt3rKMmwk9JhsLnYGfwAjOPPpSC2BGTpZtAdKrnx7XLUWgOZBhFFwB6SL7vR_q_2N1c_OGYp7YmNLRk7oRW8IEVB
|
||||
[8]: https://fleet-commander.org/
|
||||
[9]: https://lh6.googleusercontent.com/ATeNp5niX37MW7ARiMVSkqe9Vr5Fv4IN6eUW5xf1UPO0AMO1DxXLypw0CbqTNOfzLJYDM18ggc7Mrh3LZK8Foh80K1WjSW9LHQD081BbJg0owQJj_ZQdICLr0tGILmBRco-xbq92
|
||||
[10]: http://localhost:9090/
|
||||
@ -0,0 +1,105 @@
|
||||
[#]: subject: (Joining Fedora Linux to an enterprise domain)
|
||||
[#]: via: (https://fedoramagazine.org/join-fedora-linux-enterprise-domain/)
|
||||
[#]: author: (ogutierrez https://fedoramagazine.org/author/ogutierrez/)
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (Chao-zhi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
|
||||
将 Fedora Linux 系统添加到企业域中
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
图片来自 [Gene Gallin][2] 发表在 [Unsplash][3]
|
||||
|
||||
在企业互联网场景中,一般情况下最广泛使用的基于 Linux 的操作系统是 Red Hat Enterprise Linux(RHEL),它主要用于服务器,但也可以用作工作站。fedora linux 其实也是工作站系统的一个很好的选择,它提供了许多在企业环境中工作的特性,使管理成为一项简单的任务。
|
||||
|
||||
当您的工作网络中有许多机器时,您需要一种以集中方式管理用户和机器的方法。这就是为什么 [FreeIPA][4] 和 [Active Directory][5] 是这个任务的首选技术。它们允许系统管理员操作网络中所有实体的目录来管理大量的机器。
|
||||
|
||||
### Fedora 中的 Active Directory
|
||||
|
||||
Active Directory 在公司环境中非常常见。Fedora 和 RHEL 通过使用 SSSD (<ruby> 系统安全服务守护进程 <rt>System Security Services Daemon</rt></ruby>) 与 FreeIPA 或 Active Directory 等服务很好地集成。SSSD 是一种访问远程目录和身份验证机制的系统服务。使用此软件的计算机能够使用远程凭据进行身份验证,并访问该目录网络中可用的其他服务。
|
||||
|
||||
要加入域网络,您需要域管理员的权限才能添加计算机。可以通过在域凭据上设置特殊权限或代表您对该计算机进行预配置。Fedora Linux 有一个选项,可以在安装过程中配置一台名为 _Enterprise Login_ 的机器。如果您的计算机网络自动配置为企业域网络,那么您可以直接使用域凭据登录。
|
||||
|
||||
![][6]
|
||||
|
||||
如果您的配置不是自动的,或者您已经安装了 Fedora Linux,您可以通过以下几个配置步骤加入 Active Directory 域:
|
||||
|
||||
1。设置此计算机的 DNS。要连接到目录服务,首先需要能够解析目录域名。如果您的网络使用 DHCP 设置正确的 DNS,则可以跳过此步骤。
|
||||
2。更改您的计算机名称,以反映它将是新域的一部分。编辑文件 `/etc/hostname`,并将机器名更改为 “machinename.my_domain”
|
||||
3。通过执行以下命令加入域:`sudo realm join my_domain -v`( 用域名称替换 “my_domain”)
|
||||
|
||||
运行此命令后,系统将请求允许加入该域中新计算机的用户的凭据。如果进程中没有错误,则机器将成为域的一部分。
|
||||
|
||||
![][7]
|
||||
|
||||
现在,此计算机已成为您的域的一部分,您可以:
|
||||
|
||||
* 使用域用户名登录到计算机
|
||||
* 获取 kerberos tickets 以访问域网络中的不同服务
|
||||
* 访问其他服务,具体取决于域的配置方式
|
||||
|
||||
|
||||
|
||||
### 使用 Fleet Commander 管理 Fedora Linux
|
||||
|
||||
现在计算机是您的域的一部分,您可以使用 Active Directory 的域管理员工具来管理它。由于您的计算机没有运行 Windows,因此您只能进行身份验证以及访问网络和目录服务。无法在此计算机上设置与桌面相关的配置。
|
||||
|
||||
幸运的是,Fedora 有个工具叫 [Fleet Commander][8]。
|
||||
|
||||
#### 创建配置
|
||||
|
||||
Fleet Commander 是一个管理工具,允许您为网络中的所有 Fedora Linux 机器设置桌面配置文件。
|
||||
|
||||
这意味着,您可以简单地为 GNOME desktop、Firefox、Chrome、LibreOffice 和其他支持的软件设置任何配置,然后在登录到选定的用户/组/计算机时以细粒度的方式应用该配置。
|
||||
|
||||
![][9]
|
||||
|
||||
要使用这个工具首先安装 fleet-commander-admin 软件包:
|
||||
|
||||
```
|
||||
sudo dnf install fleet-commander-admin
|
||||
```
|
||||
|
||||
然后,用浏览器访问 [http://localhost:9090][10] 来登陆。在左边的菜单中,点击 `Fleet Commander`。
|
||||
|
||||
Fleet Commander 有一个工具,可以使用“实时会话”机制直观地设置配置概要文件。它运行一个 VM,作为基本机器的模板。您需要手动进行所需的配置更改。然后检查所有配置更改,选择要添加到概要文件中的更改,然后部署它。
|
||||
|
||||
#### 管理客户端
|
||||
|
||||
在每个 Fedora Linux 或 RHEL 机器中,您都需要安装 Fleet Commander 客户端服务。此服务在用户登录时激活。它在域中搜索应用于当前用户/计算机的配置文件,并应用这个配置。
|
||||
|
||||
安装 fleet-commander-client:
|
||||
|
||||
```
|
||||
sudo dnf install fleet-commander-client
|
||||
```
|
||||
|
||||
软件将自动检测机器是否是域的一部分。当用户登录时,它将使用应用于该用户的配置文件来设置会话。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/join-fedora-linux-enterprise-domain/
|
||||
|
||||
作者:[ogutierrez][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[Chao-zhi](https://github.com/Chao-zhi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/ogutierrez/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2021/05/enterprise-816x345.jpg
|
||||
[2]: https://unsplash.com/@genefoto?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[3]: https://unsplash.com/s/photos/fleet?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[4]: https://www.freeipa.org/page/Main_Page
|
||||
[5]: https://en.wikipedia.org/wiki/Active_Directory
|
||||
[6]: https://lh5.googleusercontent.com/aIRYn2TDgaaUrErzBV_KPVgpm94OrVgySlwqlI3VsotslWKN5UnLQ0VYjESSFB12aZWf_UnbmOOwa_rcxvRoI-MB6gFaw8p-RgBP9Lswnb2YV3iIlQ8YeXgpwJC_-B5tPrFTfUe_
|
||||
[7]: https://lh6.googleusercontent.com/DVvr7cHuZxvgqhAHk9v7jAYSER7VSP1G7CJ1xHx1kT5ZS-v1yt3rKMmwk9JhsLnYGfwAjOPPpSC2BGTpZtAdKrnx7XLUWgOZBhFFwB6SL7vR_q_2N1c_OGYp7YmNLRk7oRW8IEVB
|
||||
[8]: https://fleet-commander.org/
|
||||
[9]: https://lh6.googleusercontent.com/ATeNp5niX37MW7ARiMVSkqe9Vr5Fv4IN6eUW5xf1UPO0AMO1DxXLypw0CbqTNOfzLJYDM18ggc7Mrh3LZK8Foh80K1WjSW9LHQD081BbJg0owQJj_ZQdICLr0tGILmBRco-xbq92
|
||||
[10]: http://localhost:9090/
|
||||
Loading…
Reference in New Issue
Block a user