CN106656927B - Method and device for adding Linux account into AD domain - Google Patents
Method and device for adding Linux account into AD domain Download PDFInfo
- Publication number
- CN106656927B CN106656927B CN201510729749.4A CN201510729749A CN106656927B CN 106656927 B CN106656927 B CN 106656927B CN 201510729749 A CN201510729749 A CN 201510729749A CN 106656927 B CN106656927 B CN 106656927B
- Authority
- CN
- China
- Prior art keywords
- domain
- sharing service
- service
- client
- account information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method and a device for adding a Linux account into an AD domain, which relate to the field of network communication, and the method mainly comprises the following steps: restarting network service, file sharing service and account information sharing service through an AD domain script program; calling the configured automatic interaction script program through the AD domain script program, applying a token to the AD domain controller and carrying out administrator identity authentication; after the administrator passes the identity authentication, applying for adding an AD domain to an AD domain controller; and if the client successfully joins the AD domain, restarting the file sharing service, the account information sharing service and the remote control service. According to the method, the Linux account is added into the AD domain without manual intervention in the whole process, and compared with a manual method, the error rate is reduced, and meanwhile, the labor cost and the working hour cost are reduced.
Description
Technical Field
The invention relates to the field of network communication, in particular to a method and a device for adding a Linux account into an AD domain.
Background
In the field of computer and network communications, authorization and login between different devices is a common operation. In a network formed by a plurality of computers, in order to uniformly control accounts of the plurality of computers connected to the same network, microsoft provides a set of Active Directory (AD) which is convenient for operating system accounts to log in different places. The AD control software runs in Windows, and can realize uniform account management and control on computers added into an AD domain.
Specifically, the AD control software forms these computers into a domain, and installs and runs domain controller software on one of the computers to make it become a domain controller, and the other computers join the domain as clients. Therefore, the account opened in the domain controller can be used in any client, and unified management and control of the account is realized.
In the prior art, when a plurality of Linux clients need to be added into the AD domain, each client is operated in a manual mode, and the method for adding the Linux accounts into the AD domain is not only easy to mistake a manual input command line, but also time-consuming and labor-consuming.
Disclosure of Invention
In view of the above problems, the present invention is proposed to provide a method and apparatus for adding a Linux account to an AD domain that overcomes or at least partially solves the above problems.
In one aspect, the present invention provides a method for adding a Linux account to an AD domain, including:
restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program;
calling a configured automatic interaction script program on the client through an AD domain script program, wherein the automatic interaction script program is used for applying a token to an AD domain controller and adopting configured administrator identity information to carry out administrator identity verification;
after the administrator identity authentication is passed, applying for joining an AD domain to the AD domain controller through the automatic interaction script;
receiving an AD domain adding result returned by the AD domain controller;
and if the AD domain joining result indicates that the client has successfully joined the AD domain, restarting the file sharing service, the account information sharing service and the remote control service between the client and the AD domain controller.
On the other hand, the invention provides a device for adding the Linux account into the AD domain, which comprises the following components:
the restarting unit is used for restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program;
the authentication unit is used for calling a configured automatic interaction script program on the client through an AD domain script program, and the automatic interaction script program is used for applying a token to an AD domain controller and adopting configured administrator identity information to carry out administrator identity verification;
the application unit is used for applying for adding an AD domain to the AD domain controller through the automatic interaction script after the authentication unit determines that the administrator identity verification passes;
the receiving unit is used for receiving the result of adding the AD domain returned by the AD domain controller after the applying unit applies for adding the AD domain to the AD domain controller;
the restarting unit is further configured to restart a file sharing service, an account information sharing service, and a remote control service between the client and the AD domain controller when the AD domain joining result received by the receiving unit indicates that the client has successfully joined the AD domain.
By means of the technical scheme, the method and the device for adding the Linux account into the AD domain achieve automation of adding the Linux into the AD domain, only the program formed by the method or the device provided by the invention needs to be operated, a Linux computer can be added into the AD domain, manual intervention is not needed in the whole process, and particularly in a scene of adding the AD domain for a plurality of Linux clients, compared with a manual method, the method and the device provided by the invention reduce the error rate and reduce the labor cost and the working time cost.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flowchart illustrating a method for adding a Linux account to an AD domain according to an embodiment of the present invention;
fig. 2 shows a schematic diagram of an AD domain network in an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for adding a Linux account to an AD domain according to another embodiment of the present invention;
fig. 4 is a schematic diagram illustrating an apparatus for adding a Linux account to an AD domain in another embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Linux is a generic term for a computer operating system herein, including the Red Hat, Suse, CentoS, and like releases. Windows is a generic name for operating systems developed by Microsoft corporation, and includes versions Windows XP, Windows 7, Windows 8, and so on. The domain referred to herein is a logical set formed by a plurality of computers connected together via a network, and the computers in the domain are divided into a domain controller and a client. As shown in fig. 2, the domain controller refers to a Windows computer in which an AD is installed. And the domain controller uniformly controls the account number of the computer in the AD domain. The client added to the AD domain refers to a computer added to the AD domain, and can be a computer of Windows or a computer of Linux. The client in this patent refers to a Linux computer. The domain account is an account created in the domain controller, and can be logged in at a client by using the domain account, and the same domain account can be used in any client. The local account is an account created in a Linux local machine, and the local account can only be used for logging in the Linux local machine and cannot be used for logging in other computers.
As shown in fig. 1, a flowchart of a method for adding a Linux account to an AD domain according to an embodiment of the present invention is provided. The method may include, but is not limited to, the steps of:
101. and restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program.
In order to facilitate understanding of the application scenario of the present invention by those skilled in the art, an implementation scenario in which a Linux account is added to an AD domain is described below with reference to fig. 2 as an example. In fig. 2, an example of a network structure of an AD domain is shown, where a domain controller refers to a Windows computer installed with an AD, and a client is a Linux computer. An automated method and apparatus for adding a Linux computer to an AD domain under the premise of normal operation after the AD domain controller has been installed is described. In order to uniformly manage the accounts of the computers, the computers can form a domain, domain controller software is installed and operated on one computer to form a domain controller, and other computers are added into the domain as clients. Therefore, the account opened in the domain controller can be used in any client, and unified management and control of the account is realized.
102. And calling a configured automatic interaction script program on the client through the AD domain script program, wherein the automatic interaction script program is used for applying for a token to the AD domain controller and carrying out administrator identity authentication by adopting configured administrator identity information.
103. And after the administrator identity authentication is passed, applying for joining an AD domain to the AD domain controller through the automatic interaction script.
104. And receiving the result of adding the AD domain returned by the AD domain controller.
105. And if the AD domain joining result indicates that the client has successfully joined the AD domain, restarting the file sharing service, the account information sharing service and the remote control service between the client and the AD domain controller.
The method for adding the Linux account into the AD domain realizes the automation of adding the Linux into the AD domain, and can add the Linux computer into the AD domain only by running the program formed by the method or running the device provided by the invention without manual intervention in the whole process.
Another embodiment of the present invention provides a method for adding a Linux account to an AD domain, as shown in fig. 3, the steps of the method may include, but are not limited to, the following steps:
201. and respectively checking whether the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program are installed in the client.
For convenience of description, the present embodiment is described by taking a shell programming language as an example, and it is understood that the method and apparatus of the present invention may also adopt other programming languages, such as C + + or Python, and the like, and the embodiment of the present invention does not limit the types of the programming languages.
The technical terms referred to below and their corresponding meanings are listed here. Command line: one way of operating Linux, like Dos, is by typing in commands and then knocking back car execution commands. vi: a text editing tool of Linux. A shell: the shell is an interface between the Linux and the user, and the user can operate the Linux through the shell. In addition, shell is also a programming language. shell script program: the script program which is written in the shell language can be analyzed in the shell. kerberos: a network authentication protocol. In this patent, a token is applied from an AD domain controller using kerberos. samba: one protocol for sharing files between Windows and Linux. winbind: in one of samba's suite, Linux uses winbind to obtain user account information for Windows. rpm: this patent uses the rpm command to detect whether software has been installed. yum: this patent uses the yum command to install software. The read command is as follows: the command reads one line of text at a time from the file. mv command: the method uses an mv command to replace a file, and replaces an original configuration file with a newly-built configuration file. echo command: an echo command may append content to a file, and if the file does not exist, the file may be automatically created. expect: software capable of realizing automatic interaction. In this patent, the software is used to implement automated entry of domain controller administrator passwords.
In this step, the check of the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program 4 are included.
For the network authentication protocol, the shell script program calls a query command provided by rpm software, checks whether kerberos (a network authentication protocol) is installed, analyzes the query result, and if kerberos exists in the returned result, indicates that kerberos is installed, then executes step 202, and skips installation of kerberos. Otherwise, it means that kerberos has not been installed, execution step 203 calls yum the tool to install kerberos.
For the file sharing service, the shell script program calls a query command provided by rpm software to check whether samba (a file sharing service) is installed or not, the program analyzes the query result, if samba exists in the returned result, the samba is indicated to be installed, and the step 202 is continuously executed; otherwise, if samba is not installed, execution proceeds to step 203 to call yum to install samba in the tool.
For the account number information sharing service, the shell script program calls a query command provided by rpm software, checks whether a winbind (an account number information sharing service) is installed, analyzes a query result, indicates that the winbind is installed if the winbind exists in the returned result, and continues to execute the step 202; otherwise, it means that the winbind is not installed, step 203 is executed to call yum to install the winbind.
For the automatic interaction script program, the shell script program calls a query command provided by rpm software, checks whether expect (an automatic interaction script program) is installed or not, analyzes a query result by the program, indicates that the expect is installed if the expect exists in a returned result, and continues to execute the step 202; otherwise, indicating that expect has not been installed, execution step 203 calls yum the tool install expect.
202. And if any one of the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program is installed, skipping an installation process of the installed item.
203. And installing a network authentication protocol, a file sharing service, an account information sharing service and an automatic interaction script program.
Wherein, after any one of the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program is installed, the shell script program can analyze the installation log, if the last line of the log is' Complete! ", it means the installation is successful, and proceed to step 204; otherwise, the installation is failed, the log module is called, and the log is recorded and quitted.
204. Authorizing the network authentication protocol in a profile of the remote control service.
Specifically, the shell script program calls a read command to read the configuration file sshd _ config of sshd (a remote control service) line by line, if the current line is a "kerberos authentication" configuration item, then calls an echo command to add "kerberos authentication" to the new file sshd _ config _ new, otherwise calls the echo command to add the line to the new file sshd _ config _ new. Thus, a new file sshd _ config _ new with the modified KerberosAuthentication configuration item is obtained, and then the shell script calls mv command to replace the original sshd _ config configuration file with the new file sshd _ config _ new, thereby realizing the automation of the configuration sshd.
205. And adding the IP address of the AD domain controller to a network card of the client, the network authentication protocol, the file sharing service and a configuration file of the account information sharing service.
In this step, for the network card device of the client, the shell script program calls a read command to read the local network card configuration file ifcfg-eth0 line by line, if the current line is the "DNS 1" configuration item, then calls an echo command to add "DNS 1 being the domain controller IP address" to the new file ifcfg-eth0-new, otherwise calls the echo command to add the line to the new file ifcfg-eth 0-new. Thus, a new file ifcfg-etho0-new with a configuration item of the DNS1 modified is obtained, and then the shell script calls an mv command to replace the original ifcfg-eth0 configuration file with the new file ifcfg-eht0-new, so that the DNS IP address configuration is automated.
For the network authentication protocol, the shell script program calls an echo command to add 3 configurations at the last of a configuration file krb5.conf of kerberos, wherein the configurations are respectively 'kdc ═ domain controller IP address: port', 'admin _ server ═ domain controller IP address: port' and 'default _ domain ═ domain controller IP address'. Thereby realizing the automation of the configuration of kerberos.
For the file sharing service, the shell script program calls an echo command to add 2 configurations to the last configuration of the configuration file smb. conf of samba, wherein the two configurations are respectively 'workgroup ═ domain controller domain name' and 'passswerver ═ domain controller IP address'. Thereby realizing the automation of the configuration of kerberos.
For account information sharing service, the shell script program calls read command to read the configuration file nsswitch.conf of user password check rule line by line, if the current line is "password" (or "group") configuration item, then calls echo command to add "password: files winbind" (or "group: files winbind") to the new file nsswitch.conf.new, otherwise calls echo command to add the line to the new file nsswitch.conf.new. Therefore, a new file nsswitch.conf.new with the password configuration items of password and group modified is obtained, and then the shell script calls the mv command to replace the original nsswitch.conf.new configuration file with the new file nsswitch.conf.new, so that the automation of the password inspection rule of the configuration user is realized.
And finally, configuring the system authentication configuration file. The shell script program calls read command to read system authentication configuration file system-auth line by line, if the current line is "auth" (or "account", "password") configuration item and is the first "auth" (or "account", "password") configuration item, then first calls echo command to add "authorization/lib/security/$ ISA/page _ bound. so _ first _ pass" (or "account [ default ] not user _ unknown/$ ISA/page _ bound. so.," password/security/$ ISA/page _ bound. so ], "password/security/$ ISA/page _ bound. so.," then adds new content-auth-author ") to the new line and then adds new content to the new line. Otherwise, an echo command is called to append the line to the new file system-auth-new. This results in a new file system-auth-new with the auth, account, password configuration items modified. And then the shell script calls an mv command to replace the original system-auth configuration file with the new file system-auth-new, thereby realizing the automation of the authentication of the configuration system.
206. And restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program.
Specifically, for the network service, the shell script program calls the service command to restart the network service, the program analyzes the returned result, if the last line of the returned result is "OK", it indicates that the network service is successfully restarted, and step 207 is continuously executed; otherwise, the network restart is failed, the log module is called, and the log is recorded and quitted.
For the file sharing service, the shell script program calls a service command to restart the samba service, the program analyzes the returned result, if the last line of the returned result is 'OK', the samba service is successfully restarted, and the step 207 is continuously executed; otherwise, the Samba is restarted, and the log module is called, logs are recorded and quitting is performed.
For account information sharing service, the shell script program calls a service command to restart the winbind service, the program analyzes the returned result, if the last line of the returned result is 'OK', the winbind service is successfully restarted, and step 207 is continuously executed; otherwise, the winbind is failed to restart, the log module is called, and the log is recorded and quitted.
207. And calling a configured automatic interaction script program on the client through the AD domain script program, wherein the automatic interaction script program is used for applying for a token to the AD domain controller and carrying out administrator identity authentication by adopting configured administrator identity information.
In the step, the shell script program calls an expect script program, the expect program calls a Kiit command to apply for a kerberos token to the AD domain controller, the AD domain controller prompts a password input to a domain controller administrator to carry out identity verification, and the expect automatically inputs the password and submits the password to the domain controller to carry out verification. Then, the shell script program analyzes the returned verification result, if the returned result is null, the verification is successful, and the step 208 is continuously executed; otherwise, the verification is failed, the log module is called, and the log is recorded and quitted.
208. And after the administrator identity authentication is passed, applying for joining an AD domain to the AD domain controller through the automatic interaction script.
The shell script program calls an expect script program, the expect program calls a net command to apply for adding an AD domain to the AD domain controller, the AD domain controller prompts an administrator password input to the domain controller to carry out identity authentication, and the expect automatically inputs the password and submits the password to the domain controller to carry out authentication.
209. And receiving the result of adding the AD domain returned by the AD domain controller.
Wherein, the shell script program analyzes the returned verification result, if the returned result is the "Joined domain name", it indicates that the domain adding is successful, and continues to execute step 209; otherwise, the domain adding fails, the log module is called, and the log is recorded and quitted.
210. And if the AD domain joining result indicates that the client has successfully joined the AD domain, restarting the file sharing service, the account information sharing service and the remote control service between the client and the AD domain controller.
In this step, for the file sharing service, the shell script program calls a service command to restart the samba service, the program analyzes the returned result, if the last line of the returned result is "OK", it indicates that the samba service is successfully restarted, and step 211 is continuously executed; otherwise, the Samba is restarted, and the log module is called, logs are recorded and quitting is performed.
For the account information sharing service, the shell script program calls a service command to restart the winbind service, analyzes the returned result, if the last line of the returned result is 'OK', the winbind service is successfully restarted, and continues to execute the step 211; otherwise, the winbind is failed to restart, the log module is called, and the log is recorded and quitted.
For the remote control service, the shell script program calls the service command to restart the sshd service, analyzes the returned result, if the last line of the returned result is 'OK', it indicates that the sshd service is successfully restarted, and continues to execute step 211; otherwise, the sshd is failed to restart, the log module is called, and the log is recorded and quitted.
211. And sending a result test request to the AD domain controller.
And calling a net command by the Shell script program to test whether the Linux is successfully added into the AD domain. Analyzing the returned result, and if the last line of the result is 'Join to domain name is OK', indicating that the Linux client has successfully added the AD domain; otherwise, the domain adding fails, the log module is called, and the log is recorded and quitted.
212. And analyzing a test result returned by the AD domain control, and determining whether the client is successfully added into the AD domain.
Analyzing a returned result, and if the last line of the result is 'Join to domain name is OK', indicating that the Linux client has successfully added the AD domain; otherwise, the domain adding fails, the log module is called, and the log is recorded and quitted.
The scheme also comprises a log function module, and the log function module is called to record logs at a place where the logs need to be recorded in the whole running process of the shell script.
The method for adding the Linux account into the AD domain realizes the automation of adding the Linux into the AD domain, and can add the Linux computer into the AD domain only by running the program formed by the method or running the device provided by the invention without manual intervention in the whole process.
Another embodiment of the present invention further provides an apparatus for adding a Linux account to an AD domain, as shown in fig. 4, the apparatus includes: a restarting unit 31, an authentication unit 32, an application unit 33 and a receiving unit 34.
A restart unit 31, configured to restart a network service, a file sharing service, and an account information sharing service between the client and the AD domain controller through an AD domain script program;
the authentication unit 32 is configured to call a configured automatic interaction script program on the client through an AD domain script program, where the automatic interaction script program is configured to apply for a token to an AD domain controller and perform administrator identity verification using configured administrator identity information;
an applying unit 33, configured to apply for joining an AD domain to the AD domain controller through the automatic interaction script after the authentication unit 32 determines that the administrator identity verification passes;
a receiving unit 34, configured to receive an AD domain joining result returned by the AD domain controller after the applying unit 33 applies for joining an AD domain to the AD domain controller;
the restarting unit 31 is further configured to restart a file sharing service, an account information sharing service, and a remote control service between the client and the AD domain controller when the AD domain joining result received by the receiving unit 34 indicates that the client has successfully joined the AD domain.
Further optionally, the apparatus may further include: a test unit 35.
A testing unit 35, configured to send a result testing request to the AD domain controller after the restarting unit 31 restarts a file sharing service, an account information sharing service, and a remote control service between the client and the AD domain controller; and analyzing a test result returned by the AD domain control, and determining whether the client is successfully added into the AD domain.
Further optionally, the apparatus may further include: a mounting unit 36.
And the installation unit 36 is configured to install a network authentication protocol, a file sharing service, an account information sharing service, and an automatic interaction script program before the restart unit 31 restarts the network service, the file sharing service, and the account information sharing service between the client and the AD domain controller through the AD domain script program.
Further optionally, the apparatus may further include: pre-assembled unit 37.
A pre-installation unit 37, configured to check whether the network authentication protocol, the file sharing service, the account information sharing service, and the automatic interaction script program are installed in the client before the installation unit 36 installs the network authentication protocol, the file sharing service, the account information sharing service, and the automatic interaction script program;
the installing unit 36 is further configured to skip an installation process of an installed item when the check result of the pre-installing unit 37 shows that any one of the network authentication protocol, the file sharing service, the account information sharing service, and the automatic interaction script program is installed.
Further optionally, the apparatus may further include: a configuration unit 38.
A configuration unit 38, configured to authorize the network authentication protocol in a configuration file of the remote control service after the installation unit 36 installs the network authentication protocol, the file sharing service, the account information sharing service, and the automatic interaction script program; and adding the IP address of the AD domain controller to a network card of the client, the network authentication protocol, the file sharing service and a configuration file of the account information sharing service.
The specific implementation manner of each unit in the apparatus provided in this embodiment may refer to corresponding content in the method embodiment corresponding to fig. 1 and fig. 3, and details are not repeated here.
The device for adding the Linux account into the AD domain realizes the automation of adding the Linux into the AD domain, and can add the Linux computer into the AD domain only by running the program formed by the method or running the device provided by the invention without manual intervention in the whole process.
The device for adding the Linux account into the AD domain comprises a processor and a memory, wherein the restarting unit, the authentication unit, the application unit, the receiving unit, the testing unit, the installation unit, the pre-installation unit and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. One or more kernel can be set, and the Linux account is added into the AD domain by adjusting the kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The present application further provides a computer program product adapted to perform program code for initializing the following method steps when executed on a data processing device: restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program; calling a configured automatic interaction script program on the client through an AD domain script program, wherein the automatic interaction script program is used for applying a token to an AD domain controller and adopting configured administrator identity information to carry out administrator identity verification; after the administrator identity authentication is passed, applying for joining an AD domain to the AD domain controller through the automatic interaction script; receiving an AD domain adding result returned by the AD domain controller; and if the AD domain joining result indicates that the client has successfully joined the AD domain, restarting the file sharing service, the account information sharing service and the remote control service between the client and the AD domain controller.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (12)
1. A method for adding a Linux account into an AD domain is characterized by comprising the following steps:
restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program;
calling a configured automatic interaction script program through an AD domain script program on the client, wherein the automatic interaction script program is used for applying for a token to an AD domain controller and carrying out administrator identity authentication by adopting configured administrator identity information, and the automatic interaction script program comprises a script for realizing automatic input of an administrator password of the domain controller;
after the administrator identity authentication is passed, applying for joining an AD domain to the AD domain controller through the automatic interaction script;
receiving an AD domain adding result returned by the AD domain controller;
and if the AD domain joining result indicates that the client has successfully joined the AD domain, restarting the file sharing service, the account information sharing service and the remote control service between the client and the AD domain controller.
2. The method of claim 1, wherein after restarting a file sharing service, an account information sharing service, and a remote control service between the client and the AD domain controller, the method further comprises:
sending a result test request to the AD domain controller;
and analyzing a test result returned by the AD domain control, and determining whether the client is successfully added into the AD domain.
3. The method of claim 1, wherein before restarting the network service, the file sharing service, and the account information sharing service between the client and the AD domain controller through the AD domain script program, the method further comprises:
and installing a network authentication protocol, a file sharing service, an account information sharing service and an automatic interaction script program.
4. The method of claim 3, wherein prior to installing the network authentication protocol, the file sharing service, the account information sharing service, and the automated interaction script, the method further comprises:
respectively checking whether the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program are installed in the client;
and if any one of the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program is installed, skipping an installation process of the installed item.
5. The method of claim 3, wherein after installing the network authentication protocol, the file sharing service, the account information sharing service, and the automatic interaction script, the method further comprises:
authorizing the network authentication protocol in a configuration file of the remote control service;
and adding the IP address of the AD domain controller to a network card of the client, the network authentication protocol, the file sharing service and a configuration file of the account information sharing service.
6. An apparatus for adding a Linux account to an AD domain, comprising:
the restarting unit is used for restarting network service, file sharing service and account information sharing service between the client and the AD domain controller through the AD domain script program;
the authentication unit is used for calling a configured automatic interaction script program on the client through an AD domain script program, the automatic interaction script program is used for applying a token for an AD domain controller and carrying out administrator identity verification by adopting configured administrator identity information, and the automatic interaction script program comprises a script for realizing automatic input of an administrator password of the domain controller;
the application unit is used for applying for adding an AD domain to the AD domain controller through the automatic interaction script after the authentication unit determines that the administrator identity verification passes;
the receiving unit is used for receiving the result of adding the AD domain returned by the AD domain controller after the applying unit applies for adding the AD domain to the AD domain controller;
the restarting unit is further configured to restart a file sharing service, an account information sharing service, and a remote control service between the client and the AD domain controller when the AD domain joining result received by the receiving unit indicates that the client has successfully joined the AD domain.
7. The apparatus of claim 6, further comprising:
the test unit is used for sending a result test request to the AD domain controller after the restart unit restarts a file sharing service, an account information sharing service and a remote control service between the client and the AD domain controller; and analyzing a test result returned by the AD domain control, and determining whether the client is successfully added into the AD domain.
8. The apparatus of claim 6, further comprising:
and the installation unit is used for installing a network authentication protocol, a file sharing service, an account information sharing service and an automatic interaction script program before the restarting unit restarts the network service, the file sharing service and the account information sharing service between the client and the AD domain controller through the AD domain script program.
9. The apparatus of claim 8, further comprising:
the pre-installation unit is used for respectively checking whether the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program are installed in the client before the installation unit installs the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program;
the installation unit is further configured to skip an installation process of an installed item when any one of the network authentication protocol, the file sharing service, the account information sharing service, and the automatic interaction script program is installed on the check result of the pre-installation unit.
10. The apparatus of claim 8, further comprising:
the configuration unit is used for authorizing the network authentication protocol in a configuration file of the remote control service after the installation unit installs the network authentication protocol, the file sharing service, the account information sharing service and the automatic interaction script program; and adding the IP address of the AD domain controller to a network card of the client, the network authentication protocol, the file sharing service and a configuration file of the account information sharing service.
11. A computer-readable storage medium, comprising a stored program, wherein the program, when executed by a processor, implements the method of joining a Linux account to an AD domain of any one of claims 1 to 5.
12. An apparatus for adding a Linux account to an AD domain, comprising a processor and a memory, wherein the processor executes a program stored in the memory to implement the method of adding a Linux account to an AD domain of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510729749.4A CN106656927B (en) | 2015-10-30 | 2015-10-30 | Method and device for adding Linux account into AD domain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510729749.4A CN106656927B (en) | 2015-10-30 | 2015-10-30 | Method and device for adding Linux account into AD domain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106656927A CN106656927A (en) | 2017-05-10 |
| CN106656927B true CN106656927B (en) | 2020-09-25 |
Family
ID=58811006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510729749.4A Active CN106656927B (en) | 2015-10-30 | 2015-10-30 | Method and device for adding Linux account into AD domain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106656927B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172183A (en) * | 2017-06-07 | 2017-09-15 | 郑州云海信息技术有限公司 | A kind of method for being managed collectively user, apparatus and system |
| CN107508823B (en) * | 2017-09-08 | 2020-02-11 | 新浪网技术(中国)有限公司 | Method and system for realizing source return authentication |
| CN109218089B (en) * | 2018-09-07 | 2021-09-17 | 郑州云海信息技术有限公司 | Interface implementation method for transparent fault switching of distributed storage system |
| CN109088879B (en) * | 2018-09-07 | 2021-05-11 | 郑州云海信息技术有限公司 | Method for realizing authentication interface of external LDAP domain server of distributed storage system |
| CN111181935A (en) * | 2019-12-19 | 2020-05-19 | 广东电网有限责任公司 | Method for batch adding and timed deleting domain users in AD domain security group |
| CN114363334B (en) * | 2021-12-30 | 2024-04-02 | 阿里巴巴(中国)有限公司 | Cloud system, network configuration method, device and equipment of cloud desktop virtual machine |
| CN114363165B (en) * | 2022-01-06 | 2024-01-30 | 中国工商银行股份有限公司 | Configuration method of electronic equipment, electronic equipment and server |
| CN114844697B (en) * | 2022-04-29 | 2023-03-24 | 杭州云缔盟科技有限公司 | Method and device for realizing remote access of Windows computer to AD domain and readable storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8762701B2 (en) * | 2008-10-27 | 2014-06-24 | Hewlett-Packard Development Company, L.P. | Process for installing a computer image and joining a computer to a directory based on a unique identifier associated with an end-user |
| CN101493779A (en) * | 2009-02-27 | 2009-07-29 | 中国工商银行股份有限公司 | Remote terminal control method |
| CN202309766U (en) * | 2011-10-26 | 2012-07-04 | 上海讯首软件有限公司 | Online service system based on activity catalog verification |
| CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
-
2015
- 2015-10-30 CN CN201510729749.4A patent/CN106656927B/en active Active
Non-Patent Citations (2)
| Title |
|---|
| "Linux加入到Windows域";turbomail_zhw;《https://blog.csdn.net/turbomail_zhw/article/details/4558962》;20090916;全文 * |
| Linux加入域的最终完整版修改;lixiaohaoku;《https://blog.51cto.com/mufan/1318937》;20131102;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106656927A (en) | 2017-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106656927B (en) | Method and device for adding Linux account into AD domain | |
| US20230198974A1 (en) | Application user single sign-on | |
| US10911546B1 (en) | Robotic process automation with automated user login for multiple terminal server hosted user sessions | |
| US10089130B2 (en) | Virtual desktop service apparatus and method | |
| CN109450976B (en) | Method and device for accessing service system | |
| US11245577B2 (en) | Template-based onboarding of internet-connectible devices | |
| US10735280B1 (en) | Integration and customization of third-party services with remote computing infrastructure | |
| CN105373417A (en) | Method and system for virtual machine management in cloud computing | |
| CN112346818A (en) | Container application deployment method and device, electronic equipment and storage medium | |
| US11210206B1 (en) | Spoofing stateful dependencies during software testing | |
| US10180900B2 (en) | Recordation of user interface events for script generation | |
| CN113032805B (en) | Data access method and device, electronic equipment and storage medium | |
| US11360880B1 (en) | Consistent replay of stateful requests during software testing | |
| CN105653342A (en) | Method and system for achieving automatic domain entering of Windows pool desktop | |
| CN117093977A (en) | User authentication method, system, device, storage medium and electronic equipment | |
| CN111683091A (en) | Method, device, equipment and storage medium for accessing cloud host console | |
| CN107172082B (en) | File sharing method and system | |
| WO2022127583A1 (en) | Virtual machine control method, cloud management device and storage medium | |
| US11567857B1 (en) | Bypassing generation of non-repeatable parameters during software testing | |
| US10922249B2 (en) | Input/output control code filter | |
| CN104717080A (en) | Detection method and system for broadband dialing faults | |
| CN115113972A (en) | Application transformation method, system, cluster, medium and program product | |
| CN112835680A (en) | Method for automatically setting password of Windows operating system virtual machine | |
| CN112287327A (en) | Method, apparatus, medium, and device for easily reconfiguring a single sign-on system | |
| CN113158146A (en) | Script management method, script management platform, computing device and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Applicant after: Beijing Guoshuang Technology Co.,Ltd. Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing Applicant before: Beijing Guoshuang Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |