Ubuntu 20.04 VNC Jumpserver AD动态用户管理
Posted ganzy
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Ubuntu 20.04 VNC Jumpserver AD动态用户管理相关的知识,希望对你有一定的参考价值。
1.安装ubuntu 20.04.3 LTS
2.配置静态IP:
# nano /etc/netplan/01-netcfg.yaml
# netplan apply
关闭ipv6
# echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
# sysctl -p
# ip a
3. 配置软件更新源:
# nano /etc/apt/sources.list
4. 安装配置OpenSSH-Server:
# apt update -y
# apt install -y openssh-server net-tools
# nano /etc/ssh/sshd_config
# systemctl restart sshd
5.安装桌面 Gnome-session-flashback
# apt install gnome-session-flashback gnome-terminal nautilus gnome-settings-daemon open-vm-tools-desktop
.....
等待安装完成,reboot 后出现 桌面登录界面,选择:GNOME Flashback (Metacity)
6. 安装NVC Server
# apt install tigervnc-standalone-server -y
设置VNC Password:
# su - gan
$ vncpasswd
为VNC 配置桌面环境:
即配置xstartup文件(每个用户目录下都要执行)
$ nano ~/.vnc/xstartup
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
export XDG_MENU_PREFIX="gnome-flashback-"
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid black
vncconfig -iconic &
gnome-terminal &
nautilus &
gnome-session --session=gnome-flashback-metacity --disable-acceleration-check &
$ chmod +x ~/.vnc/xstartup
# sudo -H -u gan /bin/bash -c "vncserver :1 -localhost no -geometry 1024x768"
下载vnc viewer: https://www.tightvnc.com/download/1.3.10/tightvnc-1.3.10_x86_viewer.zip
7. Ubuntu 20.04.3 LTS 加入Windows AD 域:
1) 安装必要的软件:
# apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
2)加入Windows AD 域:
# realm discover afd.ink
# realm join -v -U gazh afd.ink
# id gan@afd.ink
3) 配置域用户登录Ubuntu 时自动创建Home 目录:
# nano /etc/pam.d/common-session
加入:
session optional pam_mkhomedir.so skel=/etc/skel umask=077
当su - AD 用户时出现:System error
# nano /etc/sssd/sssd.conf
加入:
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive
# systemctl restart sssd
4. 配置AD用户使用sudo:
# visudo
加入:"%Domain Users@afd.ink" ALL=(ALL:ALL) NOPASSWD:ALL
5)设置VNC开机自动开启:
建立rc-local.service文件
# nano /etc/systemd/system/rc-local.service
加入如下内容:
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
然后创建文件:rc.local
# nano /etc/rc.local
内容为:
#!/bin/sh -e
## rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution bits.
# By default this script does nothing.
#start script
sudo -H -u gan /bin/bash -c "vncserver :1 -localhost no -geometry 1024x768"
sudo -H -u gan@afd.ink /bin/bash -c "vncserver :2 -localhost no -geometry 1024x768"
#end script
echo "added sucessfully!" > /tmp/added_script.log
exit 0
添加执行权限:
# chmod +x /etc/rc.local
启动服务
# systemctl enable rc-local.service
reboot
8.隐藏Ubuntu 20.04服务器登录界面中的用户列表
1)将用户gdm添加到访问控制列表中:
# xhost +SI:localuser:gdm
2)在控制台中切换到用户gdm:
su gdm -l -s /bin/bash
3)禁用用户列表:
gsettings set org.gnome.login-screen disable-user-list true
以上是关于Ubuntu 20.04 VNC Jumpserver AD动态用户管理的主要内容,如果未能解决你的问题,请参考以下文章