UCS 2.4 - Univention

More documents

Recommendations

Info

7 UCS Directory service 7.4.6 Delegation of the privilege to reset user passwords To facilitate the delegation of the privilege to reset user passwords, the univention-admingrp-user- passwordreset package can be installed. It uses a join script to create the User Password Admins user group, in so far as this does not already exist. Members of this group receive the permission via additional LDAP ACLs to reset the passwords of other users. These LDAP ACLs are activated automatically during the package installation. To use another group, or a group that already exists, instead of the User Password Admins group, the DN of the group to be used can be entered in the Univention Configuration Registry variable ldap/acl/user/passwordreset/accesslist/groups/dn. Passwords can be reset via Univention Directory Manager. In the default setting, Univention Directory Manager only offers the user wizard to the Administrator user, which allows the setting of new passwords. During the installation a new default-user-password-admins policy is created automatically, which can be linked to the members of the User Password Admins group and/or a corresponding container in the LDAP directory. The policy makes it possible to search for users and create an overview of all the attributes of a user object. If an attempt is made to modify further attributes in addition to the password when the user does not have sufficient access rights to the LDAP directory, Univention Directory Manager denies him write access with the message Permission denied. Attention: The package should be installed on the domain controller master and the domain controller backup systems. During the installation, the LDAP server is restarted and is thus temporarily unavailable. To prevent the resetting of the passwords for certain users (e.g., domain administrators), the UIDs of the users to be protected can be entered, separated by commas, in the Univention Configuration Registry variable ldap/acl/user/passwordreset/protected/uid. Once a variable has been changed, it is necessary to restart the LDAP directoy service using the /etc/init.d/slapd restart command for the changed LDAP ACLs to take effect. In the default setting, the Administrator user is protected against having his password changed by the User Password Admins group. If access to additional LDAP attributes should be necessary for changing the password, the attribute names can be expanded in Univention Configuration Registry variable ldap/acl/user/passwordreset/attributes. After the change, the LDAP directory service must be restarted for the change to take effect. This variable is already set appropriately for a UCS standard installation. 186
8 Services for Windows Contents 8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 8.2 Univention Corporate Server and Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 8.2.1 Authentication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 8.2.2 File server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 8.2.3 Print server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 8.2.4 NetBIOS Network Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 8.3 Building Samba domains with UCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 8.4 Extended Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 8.1 Introduction 8.4.1 Trust relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 8.4.2 WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 8.4.3 NETLOGON share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 8.4.4 Creating objects in the LDAP directory using Samba . . . . . . . . . . . . . . . . . . 197 8.4.5 Configuring Windows user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 8.4.6 Configuring Samba servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 For the purposes of Windows systems, Univention Corporate Server can assume the tasks of Windows server systems. These tasks comprise, among other things, the functions of a domain controller as well as file services and authentication services within Samba domains. Printer services can also be provided over Samba. Trust relationships are possible between Samba and Windows domains. Alongside the chapters listed here there is also further documentation available on the topics of Windows domain migration with UCS [15] and the automatic installation of Windows clients with UCS [4]. 8.2 Univention Corporate Server and Samba In the following, a domain with domain controllers based on UCS with the Samba component in which the members communicate using the SMB/CIFS protocol amongst other things is called a Samba domain. In the following, a domain with domain controllers based on Microsoft Windows NT in which the members also communicate using the SMB/CIFS protocol is called a Windows NT domain. The same applies for Windows 2000/2003 etc. domains. The program Samba serves as a kind of switchboard between the Windows clients and the UCS server. 187
Page 1 and 2:
Univention Corporate Server Manual
Page 3 and 4:
Contents 1 Introduction 11 1.1 What
Page 5 and 6:
Contents 5.3.12 Reboot . . . . . .
Page 7 and 8:
Contents 10.7.2 Hardware drivers /
Page 9 and 10:
Contents 14.11Including additional
Page 11 and 12:
1 Introduction Contents 1.1 What is
Page 13 and 14:
1.3 Further documentation selective
Page 15 and 16:
2 Domain concept Contents 2.1 Intro
Page 17 and 18:
2.2 UCS system roles The DC backup
Page 19 and 20:
2.4 Joining domains 2.4 Joining dom
Page 21 and 22:
2.4.2 How to join domains with Wind
Page 23 and 24:
2.4 Joining domains If the computer
Page 25 and 26:
3 Installation Contents 3.1 Introdu
Page 27 and 28:
continued. 3.2 Text-based Installat
Page 29 and 30:
g) Base system Attention: 3.2 Text-
Page 31 and 32:
Figure 3.3: Partitioning hard drive
Page 33 and 34:
3.2 Text-based Installation as the
Page 35 and 36:
Figure 3.5: Selection of components
Page 37 and 38:
17. System settings 3.2 Text-based
Page 39 and 40:
3.4 Installing and Renewing Licence
Page 41 and 42:
4 Univention Directory Manager Cont
Page 43 and 44:
Figure 4.1: Unsecured start page 4.
Page 45 and 46:
Figure 4.3: Automatic log-out after
Page 47 and 48:
4.3 Univention Directory Manager Wi
Page 49 and 50:
last names of the users, a column w
Page 51 and 52:
4.4 Navigation in LDAP By clicking
Page 53 and 54:
4.5 Univention Directory Manager mo
Page 55 and 56:
’User account’ tab Account expi
Page 57 and 58:
Attention: 4.5 Univention Directory
Page 59 and 60:
Further information can be found in
Page 61 and 62:
’Groups’ tab 4.5 Univention Dir
Page 63 and 64:
the user is disconnected after auth
Page 65 and 66:
Mail address 4.5 Univention Directo
Page 67 and 68:
DNS Entry 4.5 Univention Directory
Page 69 and 70:
’General’ tab Name (*) 4.5 Univ
Page 71 and 72:
Reverse zone for DNS entry 4.5 Univ
Page 73 and 74:
’Deployment’ tab 4.5 Univention
Page 75 and 76:
Page 77 and 78:
Browseable 4.5 Univention Directory
Page 79 and 80:
Valid users 4.5 Univention Director
Page 81 and 82:
Page 83 and 84:
Clients can send a lock request wit
Page 85 and 86:
Subtree checking 4.5 Univention Dir
Page 87 and 88:
Disconnect Time 4.5 Univention Dire
Page 89 and 90:
Manufacturer 4.5 Univention Directo
Page 91 and 92:
Page 93 and 94:
’Samba’ tab 4.5 Univention Dire
Page 95 and 96:
Page 97 and 98:
’Alias’ tab Canonical name (*)
Page 99 and 100:
Page 101 and 102:
server. Attention: 4.5 Univention D
Page 103 and 104:
• Lease time • NetBIOS • Rout
Page 105 and 106:
Last address 4.5 Univention Directo
Page 107 and 108:
4.5.10.5 DHCP host 4.5 Univention D
Page 109 and 110:
4.5.11.1 Adding a policy 4.5 Univen
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Declines 4.5 Univention Directory M
Page 117 and 118:
’[DHCP NetBIOS]’ tab NetBIOS na
Page 119 and 120:
Page 121 and 122:
RAM on the graphics adapter in kb 4
Page 123 and 124:
System shutdown 4.5 Univention Dire
Page 125 and 126:
’[Print quota]’ tab Attention:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136: The DNs of the predefined container
Page 137 and 138: ’General’ tab Name (*) The name
Page 139 and 140: Tab name 4.5 Univention Directory M
Page 141 and 142: Displayed attributes 4.5 Univention
Page 143 and 144: 4.5 Univention Directory Manager mo
Page 145 and 146: Data type Syntax 4.5 Univention Dir
Page 147 and 148: • Wizards 4.6 Policy-controlled L
Page 149 and 150: 4.6 Policy-controlled Layouts for t
Page 151 and 152: 4.6 Policy-controlled Layouts for t
Page 153 and 154: 5 Univention Management Console Con
Page 155 and 156: Figure 5.1: Login mask of Univentio
Page 157 and 158: 5.3.2 Kernel modules 5.3 Standard m
Page 159 and 160: Figure 5.4: Univention Configuratio
Page 161 and 162: Figure 5.6: List of partitions 5.3
Page 163 and 164: 5.3.10 Joining a domain Figure 5.8:
Page 165 and 166: 5.3.13 Online update Figure 5.10: R
Page 167 and 168: Figure 5.13: Online update: compone
Page 169 and 170: 6 Univention Virtual Machine Manage
Page 171 and 172: 6.3 Managing virtual machines with
Page 173 and 174: 6.3.2 Modifying virtual machines Fi
Page 175 and 176: 6.3.2.2 Operations (Starting/stoppi
Page 181 and 182: 7 UCS Directory service Contents 7.
Page 183 and 184: tions. 7.4 Configuration of LDAP AC
Page 185: - Using a concrete DN via dn.base,
Page 189 and 190: 8.2.3 Print server 8.3 Building Sam
Page 191 and 192: 8.4 Extended Configuration When set
Page 193 and 194: 8.4 Extended Configuration auth/use
Page 195 and 196: 8.4.2 WINS 8.4 Extended Configurati
Page 197 and 198: 8.4 Extended Configuration System p
Page 199 and 200: 8.4.5.4 Profile directory 8.4 Exten
Page 201 and 202: 8.4 Extended Configuration This nam
Page 203 and 204: 9 Desktop systems Contents 9.1 Intr
Page 205 and 206: 9.2.3 Mobile clients 9.3 Managing d
Page 207 and 208: 9.3.4 NX 9.4 VNC desktop sharing Li
Page 209 and 210: 9.5 Thin client environment are not
Page 211 and 212: 9.5 Thin client environment If thin
Page 213 and 214: 9.5 Thin client environment If ESD
Page 215 and 216: 9.6 Home directories computer on wh
Page 217 and 218: 9.7.1 Creating and modifying global
Page 219 and 220: Figure 9.1: Univention Directory Ma
Page 221 and 222: 10 Basic System Services Contents 1
Page 223 and 224: 10.3 Packet filter with Univention
Page 225 and 226: 10.3.5 Testing Univention Firewall
Page 227 and 228: sudo tool for running users with el
Page 229 and 230: 10.6 Logging of system messages and
Page 231 and 232: 10.8 GRUB boot manager The GRUB boo
Page 233 and 234: 10.9.3 Defining cron jobs in Univen
Page 235 and 236: 10.12 SSH In the basic setting, a r
Page 237 and 238:
11 Software maintenance Contents 11
Page 239 and 240:
11.2 UCS updates system version whi
Page 241 and 242:
11.3.1 Assigning repository servers
Page 243 and 244:
11.3 Package maintenance repository
Page 245 and 246:
Figure 11.2: Package list client 11
Page 247 and 248:
11.3.6.4 Information about installe
Page 249 and 250:
11.5 Repository management a reposi
Page 251 and 252:
univention-repository-merge --dest
Page 253 and 254:
example, synchronisation as of UCS
Page 255 and 256:
12 Mail Contents 12.1 Introduction
Page 257 and 258:
12.3 Setting up the mail server To
Page 259 and 260:
12.3 Setting up the mail server ent
Page 261 and 262:
12.5 Virus filters can be changed i
Page 263 and 264:
Field Value to be entered 12.6 Conf
Page 265 and 266:
13 Print services Contents 13.1 Int
Page 267 and 268:
13.2.3 Windows systems as print ser
Page 269 and 270:
13.3 Configuring printer shares Onc
Page 271 and 272:
13.5 Print quota 13.5 Print quota T
Page 273 and 274:
13.5 Print quota entry is confirmed
Page 275 and 276:
13.5 Print quota -G -pgroups pg1[,p
Page 277 and 278:
14 Univention Configuration Registr
Page 279 and 280:
sshd/permitroot: yes sshd/xforwardi
Page 281 and 282:
14.5 Creating new Univention Config
Page 283 and 284:
14.8 Regeneration of configuration
Page 285 and 286:
14.10 Univention Configuration Regi
Page 287 and 288:
closed with the string @!@. 14.12 I
Page 289 and 290:
15 Univention System Setup Contents
Page 291 and 292:
Figure 15.2: Basic settings in Univ
Page 293 and 294:
Figure 15.4: Language settings in U
Page 295 and 296:
15.2 Univention System Setup module
Page 297 and 298:
15.2.6 Time zone Time zones can be
Page 299 and 300:
15.5 Changing machine passwords/SSL
Page 301 and 302:
16 Frequently asked questions Conte
Page 303 and 304:
16.3 How does a user change his pas
Page 305 and 306:
16.7 Thin clients experience log-in
Page 307 and 308:
16.12 Avoiding double log-ins on Wi
Page 309 and 310:
Bibliography [1] Univention. Overvi
Page 311:
[26] Univention. Web proxies with U
show all

UCS 2.4 - Univention

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?