{"id":776,"date":"2013-03-18T01:57:09","date_gmt":"2013-03-17T23:57:09","guid":{"rendered":"http:\/\/www.koraykey.com\/?p=776"},"modified":"2013-07-31T16:48:36","modified_gmt":"2013-07-31T13:48:36","slug":"linux-isletim-sistemlerinde-kerberos-ile-kimlik-dogrulama","status":"publish","type":"post","link":"https:\/\/www.koraykey.com\/?p=776","title":{"rendered":"Linux \u0130\u015fletim Sistemlerinde Kerberos ile Kimlik Do\u011frulama (Active Directory Entegrasyon)"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3957\" alt=\"Kerberos_Install\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install.jpg\" width=\"330\" height=\"250\" \/><\/a><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Bu makalemizde Linux \u0130\u015fletim Sistemlerinde &#8220;Kerberos&#8221; yap\u0131land\u0131rmas\u0131n\u0131 ve Linux \u0130\u015fletim Sistemli bir istemci bilgisayar\u0131n Windows Etki Alan\u0131na (Active Directory Domain)\u00a0dahil edilmesini inceleyece\u011fiz.<\/span><\/p>\n<p style=\"text-align: justify;\"><strong><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Kerberos Nedir ?<\/span><\/strong><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Kerberos ad\u0131n\u0131 <a href=\"http:\/\/tr.wikipedia.org\/wiki\/Kerberos\" target=\"_blank\">yunan mitolojisindeki<\/a> 3 ba\u015fl\u0131 k\u00f6pekten al\u0131r. Microsoft Windows 2000 ve sonras\u0131 i\u015fletim sistemleri Active Directory kimlik do\u011frulama protokol\u00fc olarak &#8220;Kerberos&#8221; kullan\u0131r. Bir istemci Active Directory\u2019de kimlik do\u011frulamaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 zaman &#8220;Kerberos Policy&#8221; kullan\u0131r.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Kerberos kar\u015f\u0131l\u0131k kimlik do\u011frulama sa\u011flar. Kar\u015f\u0131l\u0131kl\u0131 kimlik do\u011frulama sayesinde network\u2019e yaln\u0131zca yetkili istemcinin eri\u015fmeye \u00e7al\u0131\u015fmas\u0131n\u0131 de\u011fil, ayn\u0131 zamanda istemcinin iste\u011fine yetkili sunucunun cevap vermesini de sa\u011flar.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Kerberos\u2019un kulland\u0131\u011f\u0131 \u00fc\u00e7 temel bile\u015feni vard\u0131r bunlar<\/span><\/p>\n<ul>\n<li>\n<div style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Kimlik do\u011frulamas\u0131 yapmak isteyen ya da herhangi bir servisten yararlanmak isteyen\u00a0istemci bilgisayar.<\/span><\/div>\n<\/li>\n<li>\n<div style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">\u0130stemcinin talep etti\u011fi servisi sa\u011flayan sunucu.<\/span><\/div>\n<\/li>\n<li>\n<div style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">\u0130stemci\u00a0ve Sunucu\u00a0taraf\u0131nda g\u00fcvenilir bir ileti\u015fim kurulmas\u0131n\u0131 sa\u011flayan KDC (Key Distribution Center)<\/span><\/div>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">\u015eimdi Linux \u0130\u015fletim Sistemimizde Kerberos Kimlik Do\u011frulama yap\u0131land\u0131rmas\u0131na ge\u00e7elim.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">1. \u0130\u015fletim sistemimizde gerekli olan kerberos paketlerini ve ba\u011f\u0131ml\u0131l\u0131klar\u0131n\u0131 kuruyoruz.<\/span><\/p>\n<pre class=\"brush: bash; gutter: false; first-line: 1\"><span style=\"font-family: courier new,courier; font-size: 12px;\">-- \u00d6ncelikle sistemimizde bulunan eski \"samba\" paketlerini kald\u0131r\u0131yoruz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># yum -y remove samba*<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">-- Sistemimize \"samba4\" ve kimlik do\u011frulama i\u00e7in \"kerberos\" paketlerini kuruyoruz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># yum -y install samba4* krb5*<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">-- \u0130stemcimizi etki alan\u0131na \u00fcye yapmadan \u00f6nce sistemimizi yeniden ba\u015flat\u0131yoruz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># shutdown -r now<\/span><\/pre>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">2. \u0130\u015fletim sistemimizin grafik aray\u00fcz\u00fcnden (GUI) &#8220;System &gt; Administration &gt; Authentication&#8221; yolunu izleyerek yap\u0131land\u0131rma program\u0131m\u0131z\u0131 a\u00e7\u0131yoruz.<\/span><\/p>\n<p><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\"> <a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3958\" alt=\"Kerberos_Install_1\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_1.jpg\" width=\"542\" height=\"488\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_1.jpg 542w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_1-533x480.jpg 533w\" sizes=\"auto, (max-width: 542px) 100vw, 542px\" \/><\/a><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">3. A\u00e7\u0131lan aray\u00fczde varsay\u0131lan olarak kimlik do\u011frulama y\u00f6ntemi yerel hesaplar olarak gelmektedir. Buradan &#8220;User Account Database&#8221; se\u00e7ene\u011fini &#8220;Winbind&#8221; olarak se\u00e7iyoruz ve a\u015fa\u011f\u0131daki gibi de\u011fi\u015fkenleri kendi sistemize g\u00f6re ayarl\u0131yoruz. Burada etki alan\u0131 ismini b\u00fcy\u00fck harflerle yazmal\u0131y\u0131z. Burada &#8220;Winbind Domain Controllers&#8221; alan\u0131na etki alan\u0131 y\u00f6neticimizi yazmal\u0131y\u0131z ancak birden fazla var ise &#8220;*&#8221; i\u015fareti koyabiliriz.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3959\" alt=\"Kerberos_Install_2\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_2.jpg\" width=\"459\" height=\"611\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_2.jpg 459w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_2-360x480.jpg 360w\" sizes=\"auto, (max-width: 459px) 100vw, 459px\" \/><\/a><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">4. Yap\u0131land\u0131rma ekran\u0131m\u0131zdan &#8220;Advanced Options&#8221; sekmesine ge\u00e7erek &#8220;Other Authentication&#8221; se\u00e7ene\u011finde &#8220;Create home directories on the first login&#8221; kutucu\u011funu i\u015faretliyoruz. Bu se\u00e7enekle Linux sistemimizde oturum a\u00e7t\u0131\u011f\u0131m\u0131zda &#8220;home&#8221; klas\u00f6r\u00fcm\u00fcz olu\u015facakt\u0131r aksi takdirde oturum a\u00e7arken hata verecektir.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_3.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3960\" alt=\"Kerberos_Install_3\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_3.jpg\" width=\"459\" height=\"611\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_3.jpg 459w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_3-360x480.jpg 360w\" sizes=\"auto, (max-width: 459px) 100vw, 459px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">5.\u00a0 Tekrar &#8220;Identity &amp; Authentication&#8221; sekmesine geri d\u00f6nd\u00fc\u011f\u00fcm\u00fczde bize yapt\u0131\u011f\u0131m\u0131z de\u011fi\u015fiklikleri kaydetmek istedi\u011fimizi soruyor burada &#8220;Save&#8221; d\u00fc\u011fmesine t\u0131kl\u0131yoruz ve alt k\u0131s\u0131mda bulunan &#8220;Join Domain&#8221; d\u00fc\u011fmesine t\u0131kl\u0131yoruz.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3961\" alt=\"Kerberos_Install_4\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_4.jpg\" width=\"499\" height=\"611\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_4.jpg 499w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_4-392x480.jpg 392w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">6.<\/span> <span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Etki alan\u0131na istemcimizi \u00fcye yapmak i\u00e7in Etki Alan\u0131 y\u00f6netici hesab\u0131 ve parolas\u0131n\u0131 giriyoruz ard\u0131ndan &#8220;OK&#8221; d\u00fc\u011fmesine t\u0131kl\u0131yoruz.<\/span><\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3962\" alt=\"Kerberos_Install_5\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_5.jpg\" width=\"462\" height=\"611\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_5.jpg 462w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_5-362x480.jpg 362w\" sizes=\"auto, (max-width: 462px) 100vw, 462px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">7. Etki alan\u0131na \u00fcye olma i\u015flemi tamamland\u0131. &#8220;Apply&#8221; d\u00fc\u011fmesine t\u0131kl\u0131yoruz ve istemcimizi yeniden ba\u015flat\u0131yoruz.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_6.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3963\" alt=\"Kerberos_Install_6\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_6.jpg\" width=\"462\" height=\"611\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_6.jpg 462w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_6-362x480.jpg 362w\" sizes=\"auto, (max-width: 462px) 100vw, 462px\" \/><\/a><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_7.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3964\" alt=\"Kerberos_Install_7\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_7.jpg\" width=\"520\" height=\"250\" \/><\/a><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">8.<\/span> <span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">\u0130stemcimiz yeniden a\u00e7\u0131ld\u0131\u011f\u0131nda &#8220;other&#8221; se\u00e7ene\u011fini se\u00e7erek etki alan\u0131 kullan\u0131c\u0131 ad\u0131 ve parolam\u0131z\u0131 giriyoruz. Grafik ekranda oturum a\u00e7t\u0131\u011f\u0131m\u0131z gibi &#8220;SSH&#8221; ba\u011flant\u0131s\u0131 ile ayn\u0131 \u015fekilde oturum a\u00e7abiliriz.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_8.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3965\" alt=\"Kerberos_Install_8\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_8.jpg\" width=\"520\" height=\"383\" \/><\/a> <a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_9.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3966\" alt=\"Kerberos_Install_9\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_9.jpg\" width=\"520\" height=\"383\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">9.<\/span> <span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Etki alan\u0131 kullan\u0131c\u0131m\u0131z ile oturum a\u00e7t\u0131k \u015fimdi sistemimizde \u00e7al\u0131\u015fabiliriz.<\/span><\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_10.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3967\" alt=\"Kerberos_Install_10\" src=\"http:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_10.jpg\" width=\"1024\" height=\"614\" srcset=\"https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_10.jpg 1024w, https:\/\/www.koraykey.com\/wp-content\/uploads\/Kerberos_Install_10-640x383.jpg 640w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">10.<\/span> <span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">E\u011fer i\u015flemlerimizi komut istemcisinden yapacaksak sunucumuzda \u201cActive Directory\u201d entegrasyonu i\u00e7in \u201c\/etc\/krb5.conf\u201d dosyas\u0131n\u0131 d\u00fczenleyerek \u201cKerberos\u201d ayarlar\u0131n\u0131 yap\u0131yoruz. Dikkat edece\u011fimiz konulardan biri \u201cKerberos\u201d zaman ba\u011f\u0131ml\u0131 bir servis oldu\u011fu i\u00e7in ortamda bulunan \u201cActive Directory\u201d hizmeti veren sunucumuzla zaman ayar\u0131n\u0131n ayn\u0131 olmas\u0131 gerekmektedir. Yani \u201cActive Directory\u201d sunucumuz ile &#8220;Kerberos&#8221; hizmetinin \u00e7al\u0131\u015faca\u011f\u0131\u00a0bilgisayarlar\u0131m\u0131zda senkronizasyon a\u00e7\u0131s\u0131ndan ayn\u0131 zaman sunucusunu (Ntp Server) kullanmas\u0131 \u00f6nerilir.\u00a0 Ayr\u0131ca \u201cActive Directory\u201d servisinin \u00e7al\u0131\u015ft\u0131\u011f\u0131 sunucuya isim \u00e7\u00f6z\u00fcmleyerek eri\u015febildi\u011fine emin olmal\u0131y\u0131z. Ayr\u0131ca komut sat\u0131r\u0131ndan da bu i\u015fi yapabilmek i\u00e7in yaz\u0131m\u0131z\u0131n 1. ad\u0131m\u0131ndaki paketleri sistemimize kurmam\u0131z gerekiyor.<br \/>\n<\/span><\/p>\n<pre class=\"brush: bash; gutter: false; first-line: 1\"><span style=\"font-family: courier new,courier; font-size: 12px;\">-- Test i\u00e7in a\u015fa\u011f\u0131daki komut kullan\u0131labilir.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># nslookup koraykey-pdc.koraykey.net<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">Server:         192.168.2.121<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">Address:        192.168.2.121#53<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">Name:   koraykey-pdc.koraykey.net<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">Address: 192.168.2.121<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">-- \u0130sim \u00e7\u00f6z\u00fcmleyemiyorsa \"etc\/hosts\" dosyas\u0131na sunucu adresini yazabiliriz <\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">veya yap\u0131land\u0131rmam\u0131zda isim yerine adres kullanabiliriz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># vim\/etc\/hosts<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">127.0.0.1       localhost.koraykey.net      localhost<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">192.168.2.131   koraykey-lnx.koraykey.net   koraykey-lnx<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">-- \u00d6rnekteki gibi yap\u0131land\u0131rd\u0131ktan sonra dosyam\u0131z\u0131 kaydedip \u00e7\u0131k\u0131yoruz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">-- Active Directory sunucumuza eri\u015febildi\u011fimizi test ediyoruz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># ping koraykey-pdc.koraykey.net\r\n\r\n<\/span><span style=\"font-family: courier new,courier; font-size: 10px;\">PING koraykey-pdc.koraykey.com (192.168.2.121) 56(84) bytes of data.<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 10px;\">64 bytes from koraykey-pdc.koraykey.net (192.168.2.121): icmp_seq=1 ttl=64 time=0.044 ms<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 10px;\">64 bytes from koraykey-pdc.koraykey.net (192.168.2.121): icmp_seq=2 ttl=64 time=0.040 ms<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 10px;\">64 bytes from koraykey-pdc.koraykey.net (192.168.2.121): icmp_seq=3 ttl=64 time=0.105 ms<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 10px;\">64 bytes from koraykey-pdc.koraykey.net (192.168.2.121): icmp_seq=4 ttl=64 time=0.049 ms<\/span><\/pre>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">11.<\/span><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\"> \u00a0\u201cActive Directory\u201d entegrasyonu i\u00e7in \u201c\/etc\/krb5.conf\u201d, &#8220;\/etc\/samba\/smb.conf&#8221; ve &#8220;\/etc\/nsswitch.conf&#8221; dosyas\u0131n\u0131 d\u00fczenliyoruz. Buradaki yap\u0131land\u0131rma de\u011fi\u015fkenleri m\u00fcmk\u00fcn oldu\u011funda i\u015fe yarayacak \u015fekilde d\u00fczenlenmi\u015ftir. Grafik Aray\u00fcz ile etki alan\u0131na dahil etti\u011fimizde bu kadar de\u011fi\u015fken gelmeyebilir. \u0130stersek grafik aray\u00fczden \u00fcye yapt\u0131ktan sonra dosyalar\u0131 a\u015fa\u011f\u0131daki gibi iste\u011fimize g\u00f6re d\u00fczenleyebiliriz.<br \/>\n<\/span><\/p>\n<pre class=\"brush: bash; gutter: false; first-line: 1\"><span style=\"font-family: courier new,courier; font-size: 12px;\"><span style=\"font-family: courier new,courier; font-size: 12px;\">-- Kerberos yap\u0131land\u0131rma dosyam\u0131z\u0131n bir yede\u011fini al\u0131p kendi Etki Alan\u0131m\u0131z\u0131n\r\nayarlar\u0131na <\/span><span style=\"font-family: courier new,courier; font-size: 12px;\">g\u00f6re yeni dosyam\u0131z\u0131 d\u00fczenliyoruz.\r\n\r\n# mv \/etc\/krb5.conf \/etc\/krb5.conf.bak<\/span>\r\n# vim \/etc\/krb5.conf<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">[logging]<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> default = FILE:\/var\/log\/krb5libs.log<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> kdc = FILE:\/var\/log\/krb5kdc.log<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> admin_server = FILE:\/var\/log\/kadmind.log<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">[libdefaults]<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> default_realm = KORAYKEY.NET<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> dns_lookup_realm = false<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> dns_lookup_kdc = true<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> ticket_lifetime = 24h<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> renew_lifetime = 7d<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> forwardable = true\r\n\r\n[appdefaults]\r\npam = {\r\n\u00a0\u00a0 debug = false\r\n\u00a0\u00a0 ticket_lifetime = 36000\r\n\u00a0\u00a0 renew_lifetime = 36000\r\n\u00a0\u00a0 forwardable = true\r\n\u00a0\u00a0 krb4_convert = false\r\n}\r\n<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">[realms]<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> KORAYKEY.NET = {<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">  kdc = koraykey-pdc.koraykey.net<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">  admin_server = koraykey-pdc.koraykey.net\r\n  kdc = *\r\n}<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">\r\n[domain_realm]<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> .koraykey.net = KORAYKEY.NET<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"> koraykey.net = KORAYKEY.NET\r\n\r\n<\/span><span style=\"font-family: courier new,courier; font-size: 12px;\"><span style=\"font-family: courier new,courier; font-size: 12px;\">-- Samba yap\u0131land\u0131rma dosyam\u0131z\u0131n bir yede\u011fini al\u0131p kendi Etki Alan\u0131m\u0131z\u0131n\r\nayarlar\u0131na g\u00f6re yeni dosyam\u0131z\u0131 d\u00fczenliyoruz. Yedek ald\u0131\u011f\u0131m\u0131z dosya daha\r\nsonra ihtiyac\u0131m\u0131z olan parametreleri incelememiz i\u00e7in gerekli olabilir.\r\n\r\n# mv \/etc\/samba\/smb.conf \/etc\/samba\/smb.conf.bak<\/span>\r\n# vim \/etc\/samba\/smb.conf\r\n\r\n[global]\r\n\u00a0\u00a0 workgroup = KORAYKEY\r\n\u00a0\u00a0 realm = KORAYKEY.NET\r\n\u00a0\u00a0 preferred master = no\r\n\u00a0\u00a0 server string = Samba Server Version %v\r\n\u00a0\u00a0 security = ads\r\n\u00a0\u00a0 encrypt passwords = yes\r\n\u00a0\u00a0 log level = 3\r\n\u00a0\u00a0 log file = \/var\/log\/samba\/%m\r\n\u00a0\u00a0 max log size = 50\r\n\u00a0\u00a0 printcap name = cups\r\n\u00a0\u00a0 printing = cups\r\n\u00a0\u00a0 winbind enum users = Yes\r\n\u00a0\u00a0 winbind enum groups = Yes\r\n\u00a0\u00a0 winbind use default domain = Yes\r\n\u00a0\u00a0 winbind nested groups = Yes\r\n\u00a0\u00a0 winbind separator = +\r\n\u00a0\u00a0 idmap uid = 1000-20000\r\n\u00a0\u00a0 idmap gid = 1000-20000\r\n\u00a0  template shell = \/bin\/bash\r\n\r\n-- Kimlik do\u011frulama y\u00f6ntemlerimizi ayarlamak i\u00e7in dosyam\u0131zda<\/span><span style=\"font-family: courier new,courier; font-size: 12px;\"><span style=\"font-family: courier new,courier; font-size: 12px;\"> bulunan a\u015fa\u011f\u0131daki\r\nalanlar\u0131 d\u00fczenliyoruz.<\/span>\r\n\r\n# vim \/etc\/nsswitch.conf\r\n\r\npasswd:\u00a0\u00a0\u00a0\u00a0 compat winbind files\r\nshadow:\u00a0\u00a0\u00a0\u00a0 compat winbind files\r\ngroup:\u00a0\u00a0\u00a0\u00a0\u00a0 compat winbind files\r\n\r\n-- \u0130stemcimizde oturum a\u00e7acak kullan\u0131c\u0131lar\u0131n bir \"home folder\" dedi\u011fimiz ev\r\ndizinine ihtiya\u00e7lar\u0131 olacakt\u0131r. Bunun i\u00e7in a\u015fa\u011f\u0131daki gibi dosyam\u0131z\u0131 a\u00e7\u0131p uygun\r\nbir sat\u0131ra parametremizi ekliyoruz.\r\n\r\n# vim \/etc\/pam.d\/system-auth\r\n\r\nsession\u00a0\u00a0\u00a0\u00a0 optional\u00a0\u00a0\u00a0\u00a0\u00a0 pam_mkhomedir.so<\/span><\/pre>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">12.<\/span> <span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Yukar\u0131da b\u00fcy\u00fck harf kullan\u0131larak yaz\u0131lm\u0131\u015f ifadelerin k\u00fc\u00e7\u00fck harf kullan\u0131larak yaz\u0131lmas\u0131 durumunda Kerberos AD\u2019ye ba\u011flanamayacakt\u0131r. Kerberos ayarlar\u0131n\u0131z\u0131n do\u011frulu\u011funu \u201ckinit\u201d komutunu kullanarak test edebilirsiniz. \u201ckinit\u201d komutuna parametre olarak verilen domain ad\u0131n\u0131n b\u00fcy\u00fck harflerle yaz\u0131ld\u0131\u011f\u0131na dikkat edin. Komutu \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131n\u0131zda belirtilen kullan\u0131c\u0131 i\u00e7in parola girmenizi isteyecektir. Girdi\u011finiz parola ile AD \u00fczerinde oturum a\u00e7\u0131labilirse komut, herhangi bir mesaj g\u00f6stermeden sonlanacakt\u0131r.<\/span><\/p>\n<pre class=\"brush: bash; gutter: false; first-line: 1\"><span style=\"font-family: courier new,courier; font-size: 12px;\">AD ile Samba sunucusu aras\u0131nda 5 dakikadan daha fazla <\/span><span style=\"font-family: courier new,courier; font-size: 12px;\">bir zaman fark\u0131 varsa \r\nkinit komutunu \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131n\u0131zda a\u015fa\u011f\u0131daki <\/span><span style=\"font-family: courier new,courier; font-size: 12px;\">hata mesaj\u0131 g\u00f6r\u00fcnt\u00fclenecektir.\r\nAyarlar\u0131m\u0131z do\u011fruysa ba\u015far\u0131l\u0131 bir \u015fekilde \u00e7al\u0131\u015facakt\u0131r.<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">\r\n-- Kerberos kimlik do\u011frulama ayarlar\u0131m\u0131z\u0131 test ediyoruz.<\/span>\r\n\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\"># kinit administrator@KORAYKEY.NET<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">Password for koray_gunduz@KORAYKEY.COM:<\/span>\r\n<span style=\"font-family: courier new,courier; font-size: 12px;\">kinit(v5): Clock skew too great while getting initial credentials\r\n\r\n# kinit administrator@KORAYKEY.NET\r\nPassword for administrator@KORAYKEY.NET: \r\nWarning: Your password will expire in 41 days on Tue Jul 23 16:30:56 2013\r\n\r\n-- \u0130stemcimizi etki alan\u0131m\u0131za \u00fcye yap\u0131yoruz.\r\n\r\n# net ads join -W koraykey.net -S koraykey-pdc -U Administrator\r\nEnter Administrator's password: **********\r\nUsing short domain name -- KORAYKEY\r\nJoined 'KORAYKEY-FS' to realm 'koraykey.net'\r\n\r\n-- E\u011fer bir \"DNS\" hatas\u0131 ile kar\u015f\u0131la\u015f\u0131rsak istemcimizin DNS kayd\u0131n\u0131 sunucumuzda\r\nolu\u015fturup yeniden deneyebiliriz.\r\n\r\n-- Winbind servisimizi ba\u015flat\u0131yoruz ve sunucumuz a\u00e7\u0131l\u0131rken ba\u015flamas\u0131 i\u00e7in\r\ngerekli ayar\u0131 yap\u0131yoruz.\r\n\r\n# service winbind start\r\n# chkconfig winbind on\r\n<\/span><\/pre>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Linux i\u015fletim sistemli bilgisayar veya sunucumuz art\u0131k etki alan\u0131 \u00fcyesi olmu\u015f oluyor. Etki alan\u0131nda bulunan &#8220;Domain Users&#8221; \u00fcyesi bir kullan\u0131c\u0131 ile oturum a\u00e7\u0131labilir a\u011f payla\u015f\u0131mlar\u0131na eri\u015filebilir.\u00a0 &#8220;Active Directory Users And Computers&#8221; konsolunda &#8220;Computers&#8221; alt\u0131nda bakt\u0131\u011f\u0131m\u0131zda Linux \u0130\u015fletim Sistemli bilgisayar\u0131m\u0131z\u0131 g\u00f6rebiliriz. Tabi bu \u00f6zellik Etki Alan\u0131 i\u00e7in uygulad\u0131\u011f\u0131m\u0131z g\u00fcvenlik politikalar\u0131n\u0131 (group\u00a0policy)\u00a0uygulamayacakt\u0131r. Bunlar sadece Windows \u0130\u015fletim Sistemleri ile uyumlu oldu\u011fundan Linux \u0130\u015fletim Sistemlerini desteklemeyecektir. Linux i\u015fletim sistemide etki alan\u0131 denetleyicisi kurulumu i\u00e7in &#8220;Linux \u0130\u015fletim Sistemlerinde Birincil Etki Alan\u0131 Sunucu\u00a0Yap\u0131land\u0131rmas\u0131\u00a0(Samba Domain Controller)&#8221; makalemizi inceleyebilirsiniz.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Linux \u0130\u015fletim Sistemlerinde &#8220;Kerberos ile Kimlik Do\u011frulama&#8221; yap\u0131land\u0131rmam\u0131z\u0131 tamamlad\u0131k art\u0131k kullan\u0131labilir. Burada uygulanan ad\u0131mlar CentOS Linux 6.4 ve\u00a0 Oracle Enterprise Linux 6.4 64 Bit \u00fczerinde denenmi\u015ftir. Ayn\u0131 zamanda di\u011fer Linux s\u00fcr\u00fcmleriyle uyumludur.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial,helvetica,sans-serif; font-size: 12px;\">Ba\u015fka bir makalede g\u00f6r\u00fc\u015fmek \u00fczere\u2026<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bu makalemizde Linux \u0130\u015fletim Sistemlerinde &#8220;Kerberos&#8221; yap\u0131land\u0131rmas\u0131n\u0131 ve Linux \u0130\u015fletim Sistemli bir istemci bilgisayar\u0131n Windows Etki Alan\u0131na (Active Directory Domain)\u00a0dahil edilmesini inceleyece\u011fiz. Kerberos Nedir ? Kerberos ad\u0131n\u0131 yunan mitolojisindeki 3 ba\u015fl\u0131 k\u00f6pekten al\u0131r. Microsoft Windows 2000 ve sonras\u0131 i\u015fletim sistemleri &hellip; <a href=\"https:\/\/www.koraykey.com\/?p=776\">Okumaya devam et <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[21,290,520,463,585,20,19,79,509,77,512,515,496,78,368,769,661,497,514,76,80,495,513],"class_list":["post-776","post","type-post","status-publish","format-standard","hentry","category-unix-linux","tag-h-koray-gunduz","tag-halil-koray-gunduz","tag-kerberos","tag-kerberos-kimlik-dogrulama","tag-kerberos-nedir","tag-koray-gunduz","tag-koraykey","tag-linux-active-directory","tag-linux-active-directory-authentication","tag-linux-active-directory-entegrasyon","tag-linux-active-directory-kerberos","tag-linux-active-directory-samba-winbind","tag-linux-adding-domain","tag-linux-domain-eklemek","tag-linux-domaine-alma","tag-linux-domaine-dahil-etme","tag-linux-domaine-uye-yapmak","tag-linux-domin-join","tag-linux-join-domain","tag-linux-kerberos","tag-linux-kerberos-kurulumu","tag-linux-winbind","tag-linux-winbind-active-directory"],"_links":{"self":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts\/776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=776"}],"version-history":[{"count":0,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts\/776\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}