Category:I804 Linux Windows administration: Difference between revisions
No edit summary |
No edit summary |
||
| Line 32: | Line 32: | ||
* Creating service accounts and authenticating network services (gogs, wiki, etc) with LDAP | * Creating service accounts and authenticating network services (gogs, wiki, etc) with LDAP | ||
* Guidelines for hardening Ubuntu installation | * Guidelines for hardening Ubuntu installation | ||
==Linux== | |||
===Interacting with domain controller=== | |||
Figure out what are the host name(s) of the domain controller(s) for INTRA.ITCOLLEGE.EE realm: | |||
dig -t SRV _ldap._tcp.intra.itcollege.ee | |||
Figure out which ports are open on the domain controller? | |||
nmap ... | |||
Attempt to query information about your user account from the domain controller. | |||
Where is the e-mail being forwarded to? | |||
What is the security identifier for the user? | |||
What script is being executed when the user logs in to Windows workstation? | |||
ldapsearch -H ldap://... -W -D your-username@itcollege.ee -b ... samaccountname=target-username | |||
Download and install Apache Directory Studio. Configure connection to the domain controller for browsing graphically. | |||
List Kerberos tickets: | |||
klist | |||
Flush credentials: | |||
kdestroy | |||
Obtain new credentials, what is the error message returned upon incorrect password? | |||
kinit your-username@INTRA.ITCOLLEGE.EE | |||
Try to renew: | |||
krenew | |||
Attempt same LDAP queries as you did before but now with Kerberos credentials by substituing -W -D ... flags with -Y GSSAPI: | |||
ldapsearch -H ldap://... -Y GSSAPI -b ... samaccountname=target-username | |||
Attempt the same query using Python, make modifications as necessary: | |||
<source lang="python"> | |||
import ldap, ldap.sasl | |||
l = ldap.initialize('ldap://...') | |||
l.set_option(ldap.OPT_REFERRALS, 0) | |||
l.sasl_interactive_bind_s('', ldap.sasl.gssapi()) | |||
filter = '(&(objectClass=user)(objectCategory=person)(samaccountname=mridaste))' | |||
r = l.search_s('dc=...,dc=...,dc=...',ldap.SCOPE_SUBTREE,filter,['cn','mail']) | |||
for dn,entry in r: | |||
if not dn: continue | |||
full_name, = entry["cn"] | |||
mail, = entry["mail"] | |||
print full_name, mail | |||
</source> | |||
Revision as of 21:19, 29 January 2017
Linux/Windows administration
General information
In this course we will take a look at how Linux and Windows machines are administered.
Assume that from previous courses there is familiarity with: basic virtualization, networks, partitions, filesystems, BIND9.
Windows:
- IP Configuration
- Installing Windows server
- Disk Configuration
- Hyper-V Configuration
- DNS Configuration
- Active Directory
- Setting up GPO-s
- Remotely configuring workstations
- Virtual Private Network
- Printer Configuration
- Server Back-up
- Exchange Server
Linux:
- Configuration management using Puppet
- Setting up fileserver using Samba, identity mapping
- Setting up Samba as domain controller and/or joining Samba to AD domain
- Using samba-tool to manage user accounts and DNS records on domain controller
- Interacting with domain controller using LDAP
- Configuring Postfix and Dovecot servers for sending e-mail via SMTP and receiving e-mail over IMAP
- Creating service accounts and authenticating network services (gogs, wiki, etc) with LDAP
- Guidelines for hardening Ubuntu installation
Linux
Interacting with domain controller
Figure out what are the host name(s) of the domain controller(s) for INTRA.ITCOLLEGE.EE realm:
dig -t SRV _ldap._tcp.intra.itcollege.ee
Figure out which ports are open on the domain controller?
nmap ...
Attempt to query information about your user account from the domain controller. Where is the e-mail being forwarded to? What is the security identifier for the user? What script is being executed when the user logs in to Windows workstation?
ldapsearch -H ldap://... -W -D your-username@itcollege.ee -b ... samaccountname=target-username
Download and install Apache Directory Studio. Configure connection to the domain controller for browsing graphically.
List Kerberos tickets:
klist
Flush credentials:
kdestroy
Obtain new credentials, what is the error message returned upon incorrect password?
kinit your-username@INTRA.ITCOLLEGE.EE
Try to renew:
krenew
Attempt same LDAP queries as you did before but now with Kerberos credentials by substituing -W -D ... flags with -Y GSSAPI:
ldapsearch -H ldap://... -Y GSSAPI -b ... samaccountname=target-username
Attempt the same query using Python, make modifications as necessary:
import ldap, ldap.sasl
l = ldap.initialize('ldap://...')
l.set_option(ldap.OPT_REFERRALS, 0)
l.sasl_interactive_bind_s('', ldap.sasl.gssapi())
filter = '(&(objectClass=user)(objectCategory=person)(samaccountname=mridaste))'
r = l.search_s('dc=...,dc=...,dc=...',ldap.SCOPE_SUBTREE,filter,['cn','mail'])
for dn,entry in r:
if not dn: continue
full_name, = entry["cn"]
mail, = entry["mail"]
print full_name, mail
This category currently contains no pages or media.
