CN106656927A - Method and device for enabling Linux account to be added to AD domain - Google Patents

Method and device for enabling Linux account to be added to AD domain Download PDF

Info

Publication number
CN106656927A
CN106656927A CN201510729749.4A CN201510729749A CN106656927A CN 106656927 A CN106656927 A CN 106656927A CN 201510729749 A CN201510729749 A CN 201510729749A CN 106656927 A CN106656927 A CN 106656927A
Authority
CN
China
Prior art keywords
service
file
domains
client
domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510729749.4A
Other languages
Chinese (zh)
Other versions
CN106656927B (en
Inventor
王琰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN201510729749.4A priority Critical patent/CN106656927B/en
Publication of CN106656927A publication Critical patent/CN106656927A/en
Application granted granted Critical
Publication of CN106656927B publication Critical patent/CN106656927B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a method and device for enabling a Linux account to be added to an AD domain, and relates to the field of network communication. The method mainly comprises the steps: restarting a network services, a file sharing service and an account information sharing service through an AD domain script program; carrying out the call of a configured automatic interactive script program through the AD domain script program, applying a token from an AD domain controller, and carrying out the administrator identity verification; applying the adding to the AD domain from the AD domain controller after the administrator identity verification is passed; restarting the file sharing service, an account information sharing service and a remote control service if a client is successfully adds to the AD domain. The method enables the Linux account to be added to the AD domain without manual intervention. Compared with a manual method, the method reduces the error rate, and reduces the manpower and time cost.

Description

Linux accounts are added into the method and device in AD domains
Technical field
The present invention relates to network communication field, more particularly to a kind of side by Linux accounts addition AD domains Method and device.
Background technology
In the cyber-net communications field, mandate and login between different devices are common Operation.In the network of multiple stage computers composition, in order to unify the multiple stage that management and control is connected to consolidated network The account of computer, Microsoft provides a set of control software for being easy to operation system account in different-place login Active Directory (Active Directory, AD).AD control softwares are operated in Windows, can To realize unified account management and control to the computer for being added to an AD domain.
Specifically, AD control softwares constitute a domain these computers, a computer wherein Upper installation, operation domain controller software, make domain controller, and other computers are used as client End is added to the domain.So, the account opened in domain controller can make in any client With realizing the unified management and control of account.
In prior art, when there is many platform linuxn clients to need to add AD domains, every client All operation is gone by manual type, it is this to add the method in AD domains to be not only manually entered Linux accounts Order line easily strikes mistake, and wastes time and energy.
The content of the invention
In view of the above problems, it is proposed that the present invention overcomes the problems referred to above or at least portion to provide one kind What is solved the above problems with dividing Linux accounts are added the method and device in AD domains.
On the one hand, the present invention provides a kind of method that Linux accounts are added into AD domains, and the method includes:
Network service, the text between client and AD domain controllers is restarted by AD domains shell script Part shared service and account information shared service;
Configured automatic interaction script journey is called by AD domains shell script in the client Sequence, the automatic interaction shell script is used for AD domain controller application tokens and using configured The manager's identity information person's of being managed authentication;
After manager's authentication passes through, by the automatic interaction script to the AD Domain controller application adds AD domains;
Receive the addition AD field results that the AD domain controllers are returned;
If the addition AD field results show that the client has been successfully joined AD domains, institute is restarted State file-sharing service between client and the AD domain controllers, account information shared service and Remote control service.
On the other hand, the present invention provides a kind of device by Linux accounts addition AD domains, including:
Unit is restarted, for restarting between client and AD domain controllers by AD domains shell script Network service, file-sharing service and account information shared service;
Authentication ' unit, for calling oneself configured by AD domains shell script in the client Dynamic interaction scripts program, the automatic interaction shell script is used for AD domain controller applications token simultaneously Using the configured manager's identity information person's of being managed authentication;
Application unit, for after the authentication ' unit determines that manager's authentication passes through, AD domains are added to the AD domain controllers application by the automatic interaction script;
Receiving unit, for adding AD domains to the AD domain controllers application in the application unit Afterwards, the addition AD field results that the AD domain controllers are returned are received;
It is described to restart unit, it is additionally operable to the addition AD field results received in the receiving unit When showing that the client has been successfully joined AD domains, the client is restarted with the AD domain controllers Between file-sharing service, account information shared service and remote control service.
By above-mentioned technical proposal, what the present invention was provided Linux accounts are added the method and dress in AD domains Put, realize the automatization that Linux adds AD domains, need to only run the program of method of the present invention composition, Or the device that the operation present invention is provided, just Linux computer can be added to AD domains, whole process is without the need for people Work is intervened, especially in the scene that AD domains are added for multiple stage linuxn client, method of the present invention phase Than in artificial method, while reducing error rate, reducing manpower and time cost.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the present invention's Technological means, and being practiced according to the content of description, and in order to allow the above-mentioned of the present invention and Other objects, features and advantages can become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By the detailed description for reading hereafter preferred implementation, various other advantage and benefit for Those of ordinary skill in the art will be clear from understanding.Accompanying drawing is only used for illustrating the mesh of preferred implementation , and it is not considered as limitation of the present invention.And in whole accompanying drawing, with identical with reference to symbol Number represent identical part.In the accompanying drawings:
Fig. 1 shows the method flow diagram by Linux accounts addition AD domains in the embodiment of the present invention;
Fig. 2 shows a kind of AD domains network diagram in the embodiment of the present invention;
Fig. 3 shows the method stream by Linux accounts addition AD domains in another embodiment of the present invention Cheng Tu;
Fig. 4 shows a kind of dress by Linux accounts addition AD domains in another embodiment of the present invention Put schematic diagram.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing in accompanying drawing The exemplary embodiment of the disclosure is shown, it being understood, however, that may be realized in various forms the disclosure And should not be limited by embodiments set forth here.On the contrary, there is provided these embodiments are able to more Thoroughly understand the disclosure, and can be by the complete technology for conveying to this area of the scope of the present disclosure Personnel.
Herein Linux is a kind of general designation of computer operating system, including Red Hat, Suse, The release versions such as CentOS.Windows is the general designation of the operating system of Microsoft's exploitation, including The versions such as Windows XP, Windows 7, Windows 8.Say that the domain for referring to is calculated by multiple stage herein Machine is got up by network connection, a logical collection of composition, and the Computer Role in domain is divided into domain control Device processed and client.As shown in Figure 2, domain controller refers to that the Windows for being mounted with AD is calculated Machine.Domain controller unifies the account of management and control AD domains Computer.The client in addition AD domains is referred to and added Enter the computer in AD domains, both can be computer, or the calculating of Linux of Windows Machine.Client in this patent refers to Linux computer.Domain account is the account created in domain controller Number, can be logged in using domain account in client, same domain account can be in any client Use.Local account refers to the account created in Linux the machine, and local account can only be used for logging in the machine, Can not be used for logging in other computers.
As shown in figure 1, Linux accounts are added into AD domains for one kind that one embodiment of the invention is provided Method flow diagram.The method can include but is not limited to following steps:
101st, by AD domains shell script restart network service between client and AD domain controllers, File-sharing service and account information shared service.
In order to be more convenient for skilled artisan understands that the present invention application scene, below by taking Fig. 2 as an example To Linux accounts addition AD domains are realized into scene is introduced.In fig. 2 it is shown that AD domains Network structure citing, wherein domain controller refers to the Windows computers for being mounted with AD, client End is Linux computer.Described herein installed in AD domain controllers, normal operation On the premise of, Linux computer is added into a kind of automatic mode and device in AD domains.For unification The account of management and control these computers, can constitute a domain these computers, a meter wherein Install on calculation machine, run domain controller software, make domain controller, other computer conducts Client is added to the domain.So, the account opened in domain controller can be in any client Used in, realize the unified management and control of account.
102nd, configured automatic interaction script is called by AD domains shell script in the client Program, the automatic interaction shell script is used for AD domain controller application tokens and using configured The manager's identity information person's of being managed authentication.
103rd, after manager's authentication passes through, by the automatic interaction script to described The application of AD domain controllers adds AD domains.
104th, the addition AD field results that the AD domain controllers are returned are received.
If the 105, the addition AD field results show that the client has been successfully joined AD domains, weigh Open file-sharing service, the shared clothes of account information between the client and the AD domain controllers Business and remote control service.
The method that Linux accounts are added into AD domains that the present invention is provided, realizes Linux and adds AD The automatization in domain, need to only run the program of method of the present invention composition, or the dress that the operation present invention is provided Put, just Linux computer can be added to AD domains, it is whole without the need for manual intervention, especially for multiple stage Linuxn client is added in the scene in AD domains, and the method for the present invention is reduced compared to artificial method While error rate, manpower and time cost are reduced.
An alternative embodiment of the invention provides a kind of method that Linux accounts are added into AD domains, such as schemes Shown in 3, following steps can be included but is not limited to the step of the method:
201st, check respectively for whether the network authenticating protocol, file-sharing being installed in the client Service, account information shared service and automatic interaction shell script.
For the ease of description, the present embodiment is introduced by taking shell programming languages as an example, it is possible to understand that It is that methods and apparatus of the present invention can also adopt other programming languages, such as C++ or Python etc., The embodiment of the present invention is not limited the species of programming language.
Technical term the and its corresponding implication for below relating to is listed here.Order line:Linux A kind of mode of operation, similar to Dos, by knocking in order, then strike carriage return and perform order.vi: A kind of the text edit tool of Linux.shell:Shell is the interface between Linux and user, user Linux can be operated by shell.In addition, shell is also a kind of programming language.Shell shell scripts: Write with shell language, can parse execution script program in shell.kerberos:It is a kind of Network authenticating protocol.In this patent, using kerberos from AD domain controller application tokens.samba: A kind of agreement of shared file between Windows and Linux.winbind:One of external member of samba, Linux obtains the user account information of Windows using winbind.rpm:This patent uses rpm Whether order inspection software has been installed.yum:This patent uses yum Installing of Command softwares.read Order:The order reads a line text from file every time.Mv orders:This patent is replaced using mv orders Exchange of notes part, with newly-built configuration file original configuration file is replaced.Echo orders:Echo orders can Content is added in a conventional file, if this document is not present, this document can be first automatically created. expect:A software that can realize automatic interaction.In this patent, realize using the software automatic Change input domain controller management person's password.
In this step, including to network authenticating protocol, file-sharing service, the shared clothes of account information Business and the inspection of automatic interaction shell script 4.
For network authenticating protocol, shell shell scripts call the querying command that rpm softwares are provided, inspection Look into and whether kerberos (a kind of network authenticating protocol) has been installed, program analysis Query Result, if There is kerberos in returning result, then it represents that kerberos has been installed, then execution step 202, jump Cross the installation of kerberos.Otherwise represent and kerberos is not yet installed, then execution step 203 calls yum Instrument installs kerberos.
For file-sharing service, shell shell scripts call the querying command that rpm softwares are provided, inspection Look into and whether samba (a kind of file-sharing service) has been installed, program analysis Query Result, if returned Return in result and there is samba, then it represents that samba has been installed, and continues executing with step 202;Otherwise table Show and not yet install samba, then execution step 203 calls yum instruments to install samba.
For account information shared service, shell shell scripts call the querying command that rpm softwares are provided, Check whether and winbind (a kind of account information shared service) has been installed, program analysis Query Result, If there is winbind in returning result, then it represents that winbind has been installed, step 202 is continued executing with; Otherwise represent and winbind is not yet installed, then execution step 203 calls yum instruments to install winbind.
For automatic interaction shell script, shell shell scripts call the querying command that rpm softwares are provided, Check whether and expect (a kind of automatic interaction shell script) has been installed, program analysis Query Result, If there is expect in returning result, then it represents that expect has been installed, step 202 is continued executing with; Otherwise represent and expect is not yet installed, then execution step 203 calls yum instruments to install expect.
If the 202, the network authenticating protocol, file-sharing service, account information shared service and automatically Any one of interaction scripts program has been installed, then skip the installation procedure for installing item.
The 203rd, network authenticating protocol, file-sharing service, account information shared service are installed and are handed over automatically Mutual shell script.
Wherein, in network authenticating protocol, file-sharing service, account information shared service and friendship automatically Mutually after any one installation in shell script, shell shell scripts can analyze installation day Will, if last column of daily record is " Complete!", then it represents that install successfully, continue executing with step 204;Install failure is otherwise represented, then calls log pattern, log simultaneously to exit.
204th, the network authenticating protocol is awarded in the configuration file of the remote control service Power.
Specifically, shell shell scripts call read orders to read a kind of sshd (remotely control clothes line by line Business) configuration file sshd_config, if current line is " KerberosAuthentication " configuration item, Then call echo orders that " KerberosAuthentication yes " is appended to new file In sshd_config_new, otherwise call echo orders that the row is appended to into new file In sshd_config_new.One will so be obtained and have modified KerberosAuthentication configurations New file sshd_config_new, then shell scripts call mv orders by new file Sshd_config_new replaces original sshd_config configuration files, it is achieved thereby that configuration sshd Automatization.
205th, the IP address of the AD domain controllers is appended to into the network interface card of the client, the net In the configuration file of network authentication protocol, the file-sharing service and the account information shared service.
In this step, for the network card equipment of client, shell shell scripts call read orders by Row reads the machine network card configuration file ifcfg-eth0, if current line is " DNS1 " configuration item, calls It is no during echo orders are appended to new file ifcfg-eth0-new " DNS1=domain controller IP address " Then call echo orders that the row is appended in new file ifcfg-eth0-new.One will so be obtained New file ifcfg-etho0-new of DNS1 configuration items is have modified, then shell scripts call mv orders New file ifcfg-eht0-new is replaced into original ifcfg-eth0 configuration files, it is achieved thereby that configuration The automatization of DNS IP address.
For network authenticating protocol, shell shell scripts call echo orders in the configuration text of kerberos The last of part krb5.conf adds 3 configurations, is respectively " kdc=domain controller IP address:Port ", " admin_server=domain controller IP address:Port ", " default_domain=domain controller IP Address ".It is achieved thereby that the automatization of configuration kerberos.
For file-sharing service, shell shell scripts call echo orders in the configuration file of samba The last of smb.conf adds 2 configurations, be respectively " workgroup=domain controller domain names ", " password server=domain controller IP address ".It is achieved thereby that the automatization of configuration kerberos.
For account information shared service, shell shell scripts call the read orders reading registered permanent residence line by line Make the configuration file nsswitch.conf of inspection rule, if current line be " passwd " (or " group ") configuration item, then call echo orders " passwd:Files winbind " (or " group: Files winbind ") new file nsswitch.conf.new is appended to, otherwise call the echo orders will The row is appended in new file nsswitch.conf.new.So will obtain one have modified passwd, New file nsswitch.conf.new of group configuration items, then shell scripts call mv orders new File nsswitch.conf.new replaces original nsswitch.conf configuration files, it is achieved thereby that The automatization of configuration user password inspection rule.
Finally, system authentication configuration file is configured.Shell shell scripts call read orders by Row read system authentication configuration file system-auth, if current line be " auth " (or " account ", " password ") configuration item, and be first " auth " (or " account ", " password ") configuration item, then first call echo orders " auth sufficient / lib/security/ $ ISA/pam_winbind.so use_first_pass " (or " account [default=bad Success=ok user_unknown=ignore]/lib/security/ $ ISA/pam_winbind.so ", " password sufficient/lib/security/ $ ISA/pam_winbind.so use_authtok ") it is appended to In new file system-auth-new, then current line content is also appended in new file.Otherwise adjust The row is appended in new file system-auth-new with echo orders.One will so be obtained to repair New file system-auth-new of auth, account, password configuration item is changed.Then shell Script calls mv orders that new file system-auth-new is replaced into original system-auth configurations File, it is achieved thereby that the automatization of configuration system authentication.
206th, by AD domains shell script restart network service between client and AD domain controllers, File-sharing service and account information shared service.
Specifically, for network service, shell shell scripts call service orders to restart network Service, the result that program analysis is returned, if last column of returning result is " OK ", then it represents that weight Open network to service successfully, continue executing with step 207;Otherwise represent and restart network failures, then Log pattern, log is called simultaneously to exit.
For file-sharing service, shell shell scripts call service orders to restart samba services, The result that program analysis is returned, if last column of returning result is " OK ", then it represents that restart samba Service successfully, continue executing with step 207;Otherwise represent and restart samba failures, then call log pattern, Log is simultaneously exited.
For account information shared service, shell shell scripts call service orders to restart winbind Service, the result that program analysis is returned, if last column of returning result is " OK ", then it represents that weight Open winbind to service successfully, continue executing with step 207;Otherwise represent and restart winbind failures, then Log pattern, log is called simultaneously to exit.
207th, configured automatic interaction script is called by AD domains shell script in the client Program, the automatic interaction shell script is used for AD domain controller application tokens and using configured The manager's identity information person's of being managed authentication.
In this step, shell shell scripts call expect shell scripts, expect routine call kinit Order to AD domain controller application kerberos tokens, at this moment AD domain controllers prompting input domain control The password of device manager carries out authentication, and expect automatically enters password and submits to domain controller and carries out Checking.Then, the result that the analysis of shell shell scripts is returned, if returning result is sky, Expression is proved to be successful, and continues executing with step 208;Authentication failed is otherwise represented, then calls log pattern, Log is simultaneously exited.
208th, after manager's authentication passes through, by the automatic interaction script to described The application of AD domain controllers adds AD domains.
Wherein, shell shell scripts call expect shell scripts, expect routine call net orders AD domains are added to the application of AD domain controllers, at this moment AD domain controllers prompting input domain controller management Member's password carries out authentication, and expect automatically enters password and submits to domain controller and verified.
209th, the addition AD field results that the AD domain controllers are returned are received.
Wherein, the result that the analysis of shell shell scripts is returned, if returning result is " Joined Domain domain names ", then it represents that plus domain success, continue executing with step 209;Otherwise represent plus domain failure, Log pattern, log is then called simultaneously to exit.
If the 210, the addition AD field results show that the client has been successfully joined AD domains, weigh Open file-sharing service, the shared clothes of account information between the client and the AD domain controllers Business and remote control service.
In this step, for file-sharing service, shell shell scripts call service orders to restart Samba is serviced, the result that program analysis is returned, if last column of returning result is " OK ", Expression is restarted samba and is serviced successfully, continues executing with step 211;Otherwise represent and restart samba failures, Log pattern, log is then called simultaneously to exit.
For account information shared service, shell shell scripts call service orders to restart winbind Service, analyzes the result for returning, if last column of returning result is " OK ", then it represents that restart Winbind is serviced successfully, continues executing with step 211;Otherwise represent and restart winbind failures, then adjust With log pattern, log is simultaneously exited.
For remote control service, shell shell scripts call service orders to restart sshd services, point The result that analysis is returned, if last column of returning result is " OK ", then it represents that restart sshd and service into Work(, continues executing with step 211;Otherwise represent and restart sshd failures, then call log pattern, record Daily record is simultaneously exited.
211st, result test request is sent to the AD domain controllers.
Wherein, Shell shell scripts call whether net orders test Linux is successfully joined AD domains.Point The result that analysis is returned, if last column of result is " Join to domain name is OK ", then it represents that this Linuxn client has been successfully joined AD domains;Otherwise represent plus domain failure, then call log pattern, Log is simultaneously exited.
212nd, analyze the test result that AD domains control is returned, determine the client whether into Work(adds the AD domains.
Wherein, the result that analysis is returned, if last column of result is " Join to domain name is OK ", Then represent that this linuxn client has been successfully joined AD domains;Otherwise represent plus domain failure, then call Log pattern, log is simultaneously exited.
Wherein, this programme also includes " daily record " functional module, in the whole service of shell scripts Cheng Zhong, calls " daily record " the functional module log where log is needed.
The method that Linux accounts are added into AD domains that the present invention is provided, realizes Linux and adds AD The automatization in domain, need to only run the program of method of the present invention composition, or the dress that the operation present invention is provided Put, just Linux computer can be added to AD domains, it is whole without the need for manual intervention, especially for multiple stage Linuxn client is added in the scene in AD domains, and the method for the present invention is reduced compared to artificial method While error rate, manpower and time cost are reduced.
Another embodiment of the present invention also provides a kind of device by Linux accounts addition AD domains, such as schemes Shown in 4, the device includes:Restart unit 31, authentication ' unit 32, application unit 33, receiving unit 34。
Restart unit 31, for by AD domains shell script restart client and AD domain controllers it Between network service, file-sharing service and account information shared service;
Authentication ' unit 32, it is configured for being called by AD domains shell script in the client Automatic interaction shell script, the automatic interaction shell script is used for AD domain controller application tokens And using the configured manager's identity information person's of being managed authentication;
Application unit 33, for determining that manager's authentication passes through in the authentication ' unit 32 Afterwards, AD domains are added to the AD domain controllers application by the automatic interaction script;
Receiving unit 34, for adding to the AD domain controllers application in the application unit 33 After AD domains, the addition AD field results that the AD domain controllers are returned are received;
It is described to restart unit 31, it is additionally operable to the addition AD received in the receiving unit 34 When field result shows that the client has been successfully joined AD domains, the client is restarted with the AD File-sharing service, account information shared service and remote control service between domain controller.
Further alternative, the device can also include:Test cell 35.
Test cell 35, for restarting unit 31 and restarting the client with the AD domains described After file-sharing service, account information shared service and remote control service between controller, to The AD domain controllers send result test request;The test result that the AD domains control is returned is analyzed, Determine whether the client has been successfully joined the AD domains.
Further alternative, the device can also include:Installation unit 36.
Installation unit 36, for restarting unit 31 and restarting client by AD domains shell script described Network service, file-sharing service and account information shared service between end and AD domain controllers it Before, network authenticating protocol, file-sharing service, account information shared service and automatic interaction foot are installed This program.
Further alternative, the device can also include:Preassembled unit 37.
Preassembled unit 37, for installing network authenticating protocol, file-sharing in the installation unit 36 Before service, account information shared service and automatic interaction shell script, the client is checked respectively for In whether installed the network authenticating protocol, file-sharing service, account information shared service and from Dynamic interaction scripts program;
The installation unit 36, is additionally operable in net described in the inspection result surface of the preassembled unit 37 In network authentication protocol, file-sharing service, account information shared service and automatic interaction shell script When any one has been installed, the installation procedure for installing item is skipped.
Further alternative, the device can also include:Dispensing unit 38.
Dispensing unit 38, for installing network authenticating protocol, file-sharing clothes in the installation unit 36 After business, account information shared service and automatic interaction shell script, in the remote control service The network authenticating protocol is authorized in configuration file;By the IP address of the AD domain controllers It is appended to network interface card, the network authenticating protocol, the file-sharing service and the institute of the client In stating the configuration file of account information shared service.
The present embodiment provide device in unit specific implementation may be referred to above-mentioned Fig. 1 and Corresponding content in the corresponding embodiments of the method for Fig. 3, the present embodiment is not repeated herein and repeats.
What the present invention was provided Linux accounts are added the device in AD domains, are realized Linux and are added AD The automatization in domain, need to only run the program of method of the present invention composition, or the dress that the operation present invention is provided Put, just Linux computer can be added to AD domains, it is whole without the need for manual intervention, especially for multiple stage Linuxn client is added in the scene in AD domains, and the method for the present invention is reduced compared to artificial method While error rate, manpower and time cost are reduced.
It is described to add the device in AD domains to include processor and memorizer Linux accounts, it is above-mentioned to restart list Unit, authentication ' unit, application unit, receiving unit, test cell, installation unit, preassembled unit etc. Store in memory as program unit, by computing device storage above-mentioned journey in memory Sequence unit is realizing corresponding function.
Kernel is included in processor, is gone in memorizer to transfer corresponding program unit by kernel.Kernel can To arrange one or more, Linux accounts are added into AD domains by adjusting kernel parameter.
Memorizer potentially includes the volatile memory in computer-readable medium, random access memory The form such as device (RAM) and/or Nonvolatile memory, such as read only memory (ROM) or flash memory (flash RAM), memorizer includes at least one storage chip.
Present invention also provides a kind of computer program, when performing in data handling equipment, It is adapted for carrying out initializing the program code of there are as below methods step:Visitor is restarted by AD domains shell script Network service, file-sharing service and account information shared service between family end and AD domain controllers; Configured automatic interaction shell script, institute are called by AD domains shell script in the client Automatic interaction shell script is stated for AD domain controller application tokens and using configured manager The identity information person's of being managed authentication;After manager's authentication passes through, by institute State automatic interaction script and add AD domains to the AD domain controllers application;Receive the AD domains control The addition AD field results that device is returned;If the addition AD field results show that the client successfully adds Enter AD domains, then restart file-sharing service, account between the client and the AD domain controllers Number information sharing service and remote control service.
Those skilled in the art it should be appreciated that embodiments herein can be provided as method, system, Or computer program.Therefore, the application can be implemented using complete hardware embodiment, complete software Example or with reference to the form of the embodiment in terms of software and hardware.And, the application can be adopted at one Or it is multiple wherein include computer usable program code computer-usable storage medium (including but not Be limited to disk memory, CD-ROM, optical memory etc.) on the computer program implemented Form.
The application is with reference to the method according to the embodiment of the present application, equipment (system) and computer program The flow chart and/or block diagram of product is describing.It should be understood that can be realized flowing by computer program instructions In each flow process and/or square frame and flow chart and/or block diagram in journey figure and/or block diagram Flow process and/or square frame combination.Can provide these computer program instructions to general purpose computer, specially With the processor of computer, Embedded Processor or other programmable data processing devices producing one Machine so that produced by the instruction of computer or the computing device of other programmable data processing devices It is raw to be used to realize in one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or multiple sides The device of the function of specifying in frame.
These computer program instructions may be alternatively stored in can guide computer or other programmable datas to process In the computer-readable memory that equipment works in a specific way so that be stored in the computer-readable and deposit Instruction in reservoir is produced and includes the manufacture of command device, and command device realization is in flow chart one The function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions can also be loaded into computer or other programmable data processing devices On so that series of operation steps is performed on computer or other programmable devices to produce computer The process of realization, so as to the instruction performed on computer or other programmable devices is provided for realizing Specify in one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or multiple square frames The step of function.
In a typical configuration, computing device include one or more processors (CPU), input/ Output interface, network interface and internal memory.
Memorizer potentially includes the volatile memory in computer-readable medium, random access memory The form such as device (RAM) and/or Nonvolatile memory, such as read only memory (ROM) or flash memory (flash RAM).Memorizer is the example of computer-readable medium.
Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be with Information Store is realized by any method or technique.Information can be computer-readable instruction, data knot Structure, the module of program or other data.The example of the storage medium of computer includes, but are not limited to phase Become internal memory (PRAM), static RAM (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read only memory (ROM), electricity can Erasable programmable read-only memory (EPROM) (EEPROM), fast flash memory bank or other memory techniques, read-only light Disk read only memory (CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic Cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus or any other non-transmission medium, Can be used to store the information that can be accessed by a computing device.Define according to herein, computer-readable Medium does not include temporary computer readable media (transitory media), the such as data signal and load of modulation Ripple.
Embodiments herein is these are only, the application is not limited to.For this area skill For art personnel, the application can have various modifications and variations.It is all spirit herein and principle it Interior made any modification, equivalent substitution and improvements etc., should be included in claims hereof model Within enclosing.

Claims (10)

1. a kind of method that Linux accounts are added into AD domains, it is characterised in that include:
Network service, the text between client and AD domain controllers is restarted by AD domains shell script Part shared service and account information shared service;
Configured automatic interaction script journey is called by AD domains shell script in the client Sequence, the automatic interaction shell script is used for AD domain controller application tokens and using configured The manager's identity information person's of being managed authentication;
After manager's authentication passes through, by the automatic interaction script to the AD Domain controller application adds AD domains;
Receive the addition AD field results that the AD domain controllers are returned;
If the addition AD field results show that the client has been successfully joined AD domains, institute is restarted State file-sharing service between client and the AD domain controllers, account information shared service and Remote control service.
2. method according to claim 1, it is characterised in that restarting the client and institute State file-sharing service between AD domain controllers, account information shared service and remote control service Afterwards, methods described also includes:
Result test request is sent to the AD domain controllers;
The test result that the AD domains control is returned is analyzed, determines whether the client successfully adds Enter the AD domains.
3. method according to claim 1, it is characterised in that by AD domains shell script Restart the network service between client and AD domain controllers, file-sharing service and account information to be total to Before the service of enjoying, methods described also includes:
Network authenticating protocol, file-sharing service, account information shared service and automatic interaction foot are installed This program.
4. method according to claim 3, it is characterised in that install network authenticating protocol, Before file-sharing service, account information shared service and automatic interaction shell script, methods described is also Including:
Check respectively for whether having been installed in the client network authenticating protocol, file-sharing service, Account information shared service and automatic interaction shell script;
If the network authenticating protocol, file-sharing service, account information shared service and automatic interaction Any one of shell script has been installed, then skip the installation procedure for installing item.
5. method according to claim 3, it is characterised in that install network authenticating protocol, After file-sharing service, account information shared service and automatic interaction shell script, methods described is also Including:
The network authenticating protocol is authorized in the configuration file of the remote control service;
The IP address of the AD domain controllers is appended to into the network interface card of the client, the network to recognize In the configuration file of card agreement, the file-sharing service and the account information shared service.
6. a kind of device that Linux accounts add AD domains, it is characterised in that include:
Unit is restarted, for restarting between client and AD domain controllers by AD domains shell script Network service, file-sharing service and account information shared service;
Authentication ' unit, for calling oneself configured by AD domains shell script in the client Dynamic interaction scripts program, the automatic interaction shell script is used for AD domain controller applications token simultaneously Using the configured manager's identity information person's of being managed authentication;
Application unit, for after the authentication ' unit determines that manager's authentication passes through, AD domains are added to the AD domain controllers application by the automatic interaction script;
Receiving unit, for adding AD domains to the AD domain controllers application in the application unit Afterwards, the addition AD field results that the AD domain controllers are returned are received;
It is described to restart unit, it is additionally operable to the addition AD field results received in the receiving unit When showing that the client has been successfully joined AD domains, the client is restarted with the AD domain controllers Between file-sharing service, account information shared service and remote control service.
7. device according to claim 6, it is characterised in that also include:
Test cell, for restarting unit and restarting the client with the AD domain controllers described Between file-sharing service, account information shared service and remote control service after, to the AD Domain controller sends result test request;The test result that the AD domains control is returned is analyzed, it is determined that Whether the client has been successfully joined the AD domains.
8. device according to claim 6, it is characterised in that also include:
Installation unit, for restarting unit and restarting client and AD by AD domains shell script described Before network service, file-sharing service and account information shared service between domain controller, install Network authenticating protocol, file-sharing service, account information shared service and automatic interaction shell script.
9. device according to claim 8, it is characterised in that also include:
Preassembled unit, for the installation unit install network authenticating protocol, file-sharing service, Before account information shared service and automatic interaction shell script, whether check respectively in the client The network authenticating protocol, file-sharing service, account information shared service and automatic interaction have been installed Shell script;
The installation unit, is additionally operable in network authentication described in the inspection result surface of the preassembled unit Any one of agreement, file-sharing service, account information shared service and automatic interaction shell script When having installed, the installation procedure for installing item is skipped.
10. device according to claim 8, it is characterised in that also include:
Dispensing unit, for the installation unit install network authenticating protocol, file-sharing service, After account information shared service and automatic interaction shell script, in the configuration of the remote control service The network authenticating protocol is authorized in file;The IP address of the AD domain controllers is added Network interface card, the network authenticating protocol, the file-sharing service and the account to the client In the configuration file of number information sharing service.
CN201510729749.4A 2015-10-30 2015-10-30 Method and device for adding Linux account into AD domain Active CN106656927B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510729749.4A CN106656927B (en) 2015-10-30 2015-10-30 Method and device for adding Linux account into AD domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510729749.4A CN106656927B (en) 2015-10-30 2015-10-30 Method and device for adding Linux account into AD domain

Publications (2)

Publication Number Publication Date
CN106656927A true CN106656927A (en) 2017-05-10
CN106656927B CN106656927B (en) 2020-09-25

Family

ID=58811006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510729749.4A Active CN106656927B (en) 2015-10-30 2015-10-30 Method and device for adding Linux account into AD domain

Country Status (1)

Country Link
CN (1) CN106656927B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107172183A (en) * 2017-06-07 2017-09-15 郑州云海信息技术有限公司 A kind of method for being managed collectively user, apparatus and system
CN107508823A (en) * 2017-09-08 2017-12-22 新浪网技术(中国)有限公司 Realize back the method and system of source certification
CN109088879A (en) * 2018-09-07 2018-12-25 郑州云海信息技术有限公司 LDAP domain server authentication interface implementation method outside distributed memory system
CN109218089A (en) * 2018-09-07 2019-01-15 郑州云海信息技术有限公司 A kind of interface realizing method of distributed memory system transparent fault switching
CN111181935A (en) * 2019-12-19 2020-05-19 广东电网有限责任公司 Method for batch adding and timed deleting domain users in AD domain security group
CN114363165A (en) * 2022-01-06 2022-04-15 中国工商银行股份有限公司 Configuration method of electronic equipment, electronic equipment and server
CN114363334A (en) * 2021-12-30 2022-04-15 阿里巴巴(中国)有限公司 Network configuration method, device and equipment for cloud system and cloud desktop virtual machine
CN114844697A (en) * 2022-04-29 2022-08-02 杭州云缔盟科技有限公司 Method, device and application for realizing remote access of Windows computer to AD domain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101493779A (en) * 2009-02-27 2009-07-29 中国工商银行股份有限公司 Remote terminal control method
WO2010050923A1 (en) * 2008-10-27 2010-05-06 Hewlett-Packard Development Company, L.P. Imaging process
CN202309766U (en) * 2011-10-26 2012-07-04 上海讯首软件有限公司 Online service system based on activity catalog verification
CN103188249A (en) * 2011-12-31 2013-07-03 北京亿阳信通科技有限公司 Concentration permission management system, authorization method and authentication method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010050923A1 (en) * 2008-10-27 2010-05-06 Hewlett-Packard Development Company, L.P. Imaging process
CN101493779A (en) * 2009-02-27 2009-07-29 中国工商银行股份有限公司 Remote terminal control method
CN202309766U (en) * 2011-10-26 2012-07-04 上海讯首软件有限公司 Online service system based on activity catalog verification
CN103188249A (en) * 2011-12-31 2013-07-03 北京亿阳信通科技有限公司 Concentration permission management system, authorization method and authentication method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LIXIAOHAOKU: "Linux加入域的最终完整版修改", 《HTTPS://BLOG.51CTO.COM/MUFAN/1318937》 *
TURBOMAIL_ZHW: ""Linux加入到Windows域"", 《HTTPS://BLOG.CSDN.NET/TURBOMAIL_ZHW/ARTICLE/DETAILS/4558962》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107172183A (en) * 2017-06-07 2017-09-15 郑州云海信息技术有限公司 A kind of method for being managed collectively user, apparatus and system
CN107508823B (en) * 2017-09-08 2020-02-11 新浪网技术(中国)有限公司 Method and system for realizing source return authentication
CN107508823A (en) * 2017-09-08 2017-12-22 新浪网技术(中国)有限公司 Realize back the method and system of source certification
CN109088879B (en) * 2018-09-07 2021-05-11 郑州云海信息技术有限公司 Method for realizing authentication interface of external LDAP domain server of distributed storage system
CN109218089A (en) * 2018-09-07 2019-01-15 郑州云海信息技术有限公司 A kind of interface realizing method of distributed memory system transparent fault switching
CN109088879A (en) * 2018-09-07 2018-12-25 郑州云海信息技术有限公司 LDAP domain server authentication interface implementation method outside distributed memory system
CN109218089B (en) * 2018-09-07 2021-09-17 郑州云海信息技术有限公司 Interface implementation method for transparent fault switching of distributed storage system
CN111181935A (en) * 2019-12-19 2020-05-19 广东电网有限责任公司 Method for batch adding and timed deleting domain users in AD domain security group
CN114363334A (en) * 2021-12-30 2022-04-15 阿里巴巴(中国)有限公司 Network configuration method, device and equipment for cloud system and cloud desktop virtual machine
CN114363334B (en) * 2021-12-30 2024-04-02 阿里巴巴(中国)有限公司 Cloud system, network configuration method, device and equipment of cloud desktop virtual machine
CN114363165A (en) * 2022-01-06 2022-04-15 中国工商银行股份有限公司 Configuration method of electronic equipment, electronic equipment and server
CN114363165B (en) * 2022-01-06 2024-01-30 中国工商银行股份有限公司 Configuration method of electronic equipment, electronic equipment and server
CN114844697A (en) * 2022-04-29 2022-08-02 杭州云缔盟科技有限公司 Method, device and application for realizing remote access of Windows computer to AD domain

Also Published As

Publication number Publication date
CN106656927B (en) 2020-09-25

Similar Documents

Publication Publication Date Title
US11281457B2 (en) Deployment of infrastructure in pipelines
CN106656927A (en) Method and device for enabling Linux account to be added to AD domain
US10977111B2 (en) Constraint solver execution service and infrastructure therefor
US9923888B2 (en) Single sign-on method for appliance secure shell
US9602598B2 (en) Coordinating application migration processes
CN111181727A (en) Open API full life cycle management method based on micro service
US20090307763A1 (en) Automated Test Management System and Method
US11245577B2 (en) Template-based onboarding of internet-connectible devices
CN105872019A (en) Method and device for logging in Docker container by Web end
KR102080156B1 (en) Auto Recharge System, Method and Server
US10735280B1 (en) Integration and customization of third-party services with remote computing infrastructure
US20220294788A1 (en) Customizing authentication and handling pre and post authentication in identity cloud service
CN106487815A (en) A kind of container operation safety verification processing method based on white list and system
CN111475795A (en) Method and device for unified authentication and authorization facing to multiple applications
CN103870727B (en) A kind of method and system for being managed collectively authority
CN110221949A (en) Automate operation management method, apparatus, equipment and readable storage medium storing program for executing
CN105162774A (en) Virtual machine login method and device used for terminal
CN111586022A (en) Firewall opening verification method, electronic device, computer equipment and storage medium
CN104967515B (en) A kind of identity identifying method and server
CN107493204A (en) The method and device of a kind of microscope testing
CN116627595A (en) Virtual machine creation method and related components
CN116319242A (en) Cloud management platform micro-service scheduling method and device based on RPA technology
CN102647419B (en) Security policy online detection system facing to terminal computers
CN113901428A (en) Login method and device of multi-tenant system
CN107105036B (en) Activity tracing method and system for server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing

Applicant after: Beijing Guoshuang Technology Co.,Ltd.

Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing

Applicant before: Beijing Guoshuang Technology Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant