{"id":157019,"date":"2012-11-01T14:52:04","date_gmt":"2012-11-01T10:52:04","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=157019"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=157019","title":{"rendered":"<span class=\"post_title\">Samba4, Radius \u0438 PTTP \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c MS-CHAP v2<\/span>"},"content":{"rendered":"<div class=\"content html_format\"> \t\t\t\u2026\u0423-\u0444-\u0444, \u0441\u0432\u0435\u0440\u0448\u0438\u043b\u043e\u0441\u044c. \u0412\u0441\u0451 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e, \u0445\u043e\u0442\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u043e\u0442\u0440\u0430\u0442\u0438\u0442\u044c \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0438\u0437\u0440\u044f\u0434\u043d\u043e, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u043d\u0430 \u043f\u043e\u0438\u0441\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043a\u043e\u0435\u0439 \u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0440\u0430\u0445 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 (\u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439, \u043a\u043e\u043d\u0435\u0447\u043d\u043e) \u2013 \u043a\u043e\u0442 \u043d\u0430\u043f\u043b\u0430\u043a\u0430\u043b\u2026 \u0410 \u0443\u0436 \u043a\u0430\u043a \u043e\u043d\u0430 (\u044d\u0442\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f) \u0440\u0430\u0437\u0440\u043e\u0437\u043d\u0435\u043d\u0430! \u041f\u043e\u044d\u0442\u043e\u043c\u0443, \u0440\u0435\u0448\u0438\u043b \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u044d\u0442\u043e \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u043d\u0430 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c \u043e\u043f\u044b\u0442\u0435 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f. \u0413\u043b\u0430\u0432\u043d\u043e\u0435, \u0447\u0442\u043e \u0432\u0441\u0451 \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0431\u0440\u0430\u043d\u043e \u0432 \u043e\u0434\u043d\u043e\u043c \u043c\u0435\u0441\u0442\u0435 (\u043a\u0440\u043e\u043c\u0435, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a bind9, \u043d\u043e \u043e\u0431 \u044d\u0442\u043e\u043c \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435).<\/p>\n<p>  \u0418\u0442\u0430\u043a, \u0437\u0430\u0434\u0430\u0447\u0430. \u0415\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 \u0441 Ubuntu 12.04. \u041e\u043d \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u0442\u0430\u0442\u044c:<\/p>\n<ul>\n<li>PDC Windows-\u0434\u043e\u043c\u0435\u043d\u0430 c Active-Directory.<\/li>\n<li>\u0421\u0435\u0440\u0432\u0435\u0440\u043e\u043c VPN (\u043f\u0443\u0441\u0442\u044c, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 PPTP, \u043d\u043e \u0441 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 MS-CHAP v2 \u0438 MPPE-128) \u0441 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043d\u0430 Radius \u2013\u0441\u0435\u0440\u0432\u0435\u0440\u0435 (\u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0441\u0442\u0438 \u2013 freeradius).<\/li>\n<li>\u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u2013 Freeradius-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.<\/li>\n<li>\u0422\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 AD.<\/li>\n<\/ul>\n<p>  \u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u0435\u043c.<br \/>  <a name=\"habracut\"><\/a>  <\/p>\n<h5>\u0421\u0442\u0430\u0432\u0438\u043c Samba4<\/h5>\n<p>  \u0412\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0438\u0442\u0430\u0435\u043c <a href=\"http:\/\/wiki.samba.org\/index.php\/Samba4\/HOWTO\">Samba4\/HOWTO<\/a>. \u041d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u0447\u0430\u043b\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0431\u044b\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Samba4 -4.0.0rc2. \u0421\u0435\u0439\u0447\u0430\u0441, \u043d\u0430\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0437\u043d\u0430\u044e \u2013 4.0.0rc3. \u042f \u0436\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u043b \u0441 RC2 \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0431\u0443\u0434\u0443 \u0435\u0433\u043e.<br \/>  \u0414\u0435\u043b\u0430\u0435\u043c \u0432\u0441\u0435 \u043f\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 HOWTO, \u043d\u043e \u043d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043d\u044e\u0430\u043d\u0441\u0430\u0445:  <\/p>\n<ol>\n<li>\u041c\u044b \u0432\u0435\u0434\u044c \u0445\u043e\u0442\u0438\u043c, \u0447\u0442\u043e\u0431\u044b \u0443 \u043d\u0430\u0441 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043d\u0430\u0448\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 AD \u043d\u0430 Linux-\u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435? \u0422\u043e\u0433\u0434\u0430 \u043d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u0430\u043a\u0435\u0442<i> libpam0g-dev<\/i> (\u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a: <i>sudo apt-get install libpam0g-dev<\/i>). \u0411\u0435\u0437 \u044d\u0442\u0438\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 pam \u0432 samba4 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 (\u0432 \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043a\u0430\u0442\u0430\u043b\u043e\u0433<i> \/usr\/local\/samba\/lib\/security\/<\/i> \u0441 \u043e\u0447\u0435\u043d\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 <i>pam_winbind.so<\/i>).<\/li>\n<li>\u042f \u0431\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b (\u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e!) \u0432\u043c\u0435\u0441\u0442\u043e <i>.\/configure<\/i> \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c<i> .\/configure.developer<\/i>.<\/li>\n<\/ol>\n<p>  \u0414\u0430\u043b\u0435\u0435 \u0434\u0435\u043b\u0430\u0435\u043c, \u043a\u0430\u043a \u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0432 <a href=\"http:\/\/wiki.samba.org\/index.php\/Samba4\/HOWTO\">WiKi Samba4 HOWTO<\/a>. \u041f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u0430\u044f samba4 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0430 \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438<i> \/usr\/local\/samba<\/i>\/. \u0415\u0449\u0451 \u0440\u0430\u0437 \u043e\u0431\u0440\u0430\u0449\u0443 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u0432\u0441\u0435 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b samba4 \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435<i> \/usr\/local\/samba\/bin\/<\/i>, \u0441\u043b\u0443\u0436\u0431\u044b \u2013 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 <i>\/usr\/local\/samba\/sbin\/<\/i>, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u043a \u043d\u0438\u043c \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0443\u0436\u043d\u043e \u043f\u043e \u0430\u0431\u0441\u043e\u043b\u044e\u0442\u043d\u044b\u043c \u043f\u0443\u0442\u044f\u043c, \u043b\u0438\u0431\u043e \u0436\u0435 \u043f\u043e\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0443\u044e PATH, \u0438\u043b\u0438 \u0436\u0435 \u2013 \u043a\u0430\u043a \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b \u044f, \u0438\u0431\u043e \u0441\u0442\u0430\u0432\u0438\u043b samba4 \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0443 \u0431\u0435\u0437 samba3 \u2013 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u0432\u0441\u0435\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 <i>\/usr\/local\/samba\/bin\/<\/i> \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433<i> \/usr\/bin\/<\/i>, \u0430 \u0438\u0437 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 <i>\/usr\/local\/samba\/sbin\/<\/i> \u2013 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 <i>\/usr\/sbin\/<\/i>.<br \/>  \u0422\u0435\u043f\u0435\u0440\u044c \u0434\u0435\u043b\u0430\u0435\u043c \u00ab\u0437\u0430\u0433\u043e\u0442\u043e\u0432\u043a\u0443\u00bb (provision) samba4, \u043a\u0430\u043a \u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0432 HOWTO. \u041f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e, \u044d\u0442\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0430 \u0441\u043e\u0437\u0434\u0430\u0441\u0442 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435<i> \/usr\/local\/samba\/etc\/<\/i> \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b samba \u2013<i> smb.conf<\/i>, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u043c\u0438 \u043e\u043f\u0446\u0438\u044f\u043c\u0438 \u0438 \u00ab\u0448\u0430\u0440\u0430\u043c\u0438\u00bb \u0438\u2026 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u0430\u043c\u0431\u0443! \u0412\u043e\u0442 \u043a\u0430\u043a \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043c\u043e\u0439 <i>\/usr\/local\/samba\/etc\/smb.conf<\/i>:  <\/p>\n<pre><code class=\"bash\"># Global parameters [global] \tdos charset = CP860 \tworkgroup = &lt;DOMAIN&gt; # NetBIOS \u0438\u043c\u044f \u0432\u0430\u0448\u0435\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430 \trealm = &lt;domain.\u0447\u0442\u043e-\u0442\u043e&gt;  #\u0432\u0430\u0448 \u0434\u043e\u043c\u0435\u043d  \tnetbios name = &lt;NetBIOS_Name&gt; # NetBIOS \u0438\u043c\u044f \u0432\u0430\u0448\u0435\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \tserver role = active directory domain controller \tdns forwarder = 127.0.0.1 # \u044d\u0442\u043e\u0442 \u0436\u0435 \u0441\u0435\u0440\u0432\u0435\u0440 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f dns-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \ttemplate shell = \/bin\/bash \t# \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 \u044f \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b \u0442\u0430\u043a, \u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439 \u2013 \u0445\u0443\u0436\u0435 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442\u2026 \twinbind use default domain = Yes \twinbind enum users = Yes \twinbind enum groups = Yes  [netlogon] \tpath = \/usr\/local\/samba\/var\/locks\/sysvol\/uchteno.local\/scripts \tread only = No  [sysvol] \tpath = \/usr\/local\/samba\/var\/locks\/sysvol \tread only = No  #[profiles] #\tpath = \/var\/lib\/samba\/profiles #\tread only = no #\tbrowseable = No # \u0434\u0430\u043b\u0435\u0435 \u0432\u0430\u0448\u0438 \u00ab\u0448\u0430\u0440\u044b\u00bb, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u044b\u0447\u043d\u044b\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c. <\/code><\/pre>\n<p>  \u0414\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 samba4 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435<i> \/etc\/init\/ <\/i>\u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b <i>samba4.conf<\/i> \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a\u043e\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u044f:<\/p>\n<pre><code class=\"bash\">description &quot;SMB\/CIFS File and Active Directory Server&quot; author      &quot;Jelmer Vernooij &lt;jelmer@ubuntu.com&gt;&quot;  start on (local-filesystems and net-device-up) stop on runlevel [!2345]  expect fork normal exit 0  pre-start script \t[ -r \/etc\/default\/samba4 ] && . \/etc\/default\/samba4 \tinstall -o root -g root -m 755 -d \/var\/run\/samba \tinstall -o root -g root -m 755 -d \/var\/log\/samba end script  exec \/usr\/local\/samba\/sbin\/samba \u2013D <\/code><\/pre>\n<p>  \u0417\u0430\u043f\u0443\u0441\u043a\/\u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0431\u0443\u0434\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0442\u0430\u043a:  <\/p>\n<pre><code class=\"bash\"># service samba4 start # service samba4 stop # service samba4 restart <\/code><\/pre>\n<p>  \u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u0435\u0441\u043d\u0438 \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 dns, \u0442.\u043a. \u043d\u0430 \u044d\u0442\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0443\u0436\u0435 \u043a\u0440\u0443\u0442\u0438\u043b\u0441\u044f bind9 \u0441\u043e \u0441\u0432\u043e\u0438\u043c\u0438 \u0437\u043e\u043d\u0430\u043c\u0438, \u0430 samba4, \u0438\u043c\u0435\u044f \u0441\u0432\u043e\u0439 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 dns-\u0441\u0435\u0440\u0432\u0435\u0440, \u043d\u0435 \u0437\u0430\u0445\u043e\u0442\u0435\u043b\u0430 \u00ab\u043f\u043e\u0434\u0440\u0443\u0436\u0438\u0442\u044c\u0441\u044f\u00bb \u0441 \u0443\u0436\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c bind9, \u043f\u043e\u044d\u0442\u043e\u043c\u0443\u2026 \u0434\u0430\u0432\u0430\u0439\u0442\u0435, \u043f\u043e\u043a\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u043c\u0441\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f\u043c\u0438 HOWTO, \u0430 \u0435\u0441\u043b\u0438 \u0431\u0443\u0434\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e \u2013 \u043f\u043e\u0442\u043e\u043c \u044f \u043e\u043f\u0438\u0448\u0443 \u0441\u0432\u044f\u0437\u043a\u0443 samba4-bind9.<br \/>  \u0412\u0441\u0451 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u2013 \u0441\u0442\u0440\u043e\u0433\u043e \u043f\u043e HOWTO, \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u043e\u043c \u0432\u044b\u0448\u0435, \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u044f\u043c\u0438.  <\/p>\n<ul>\n<li>\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 Windows 7 \u043f\u0430\u043a\u0435\u0442 Windows Remote Administration Tools \u0438\u043c\u0435\u0435\u0442 \u0434\u0432\u0435 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0435 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 (\u043f\u043e\u043a\u0430 \u0437\u0430\u043c\u0435\u0442\u0438\u043b \u0434\u0432\u0435):<br \/>   \u2014 \u0432\u043e-\u043f\u0435\u0440\u0432\u044b\u0445, \u0432 \u043e\u0441\u043d\u0430\u0441\u0442\u043a\u0435 ADUC \u0434\u043b\u044f \u0441\u0432\u043e\u0439\u0441\u0442\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0430\u043f\u0440\u043e\u0447\u044c \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432\u043a\u043b\u0430\u0434\u043a\u0430 \u00abDial-in\u00bb (\u0438\u043b\u0438 \u043a\u0430\u043a \u043e\u043d\u0430 \u043f\u043e-\u0440\u0443\u0441\u0441\u043a\u0438?), \u0438, \u0437\u043d\u0430\u0447\u0438\u0442, \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u0438\u0434\u0451\u0442\u0441\u044f \u0434\u0435\u043b\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0430\u043c\u0438;<br \/>   \u2014 \u0432\u043e-\u0432\u0442\u043e\u0440\u044b\u0445, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u043c\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0434 \u0443\u0447\u0451\u0442\u043a\u043e\u0439 Administrator, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u044b\u043b \u0432\u043a\u043b\u044e\u0447\u0451\u043d \u0432\u043e \u0432\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b\u2026<\/li>\n<li>\u0427\u0435\u0441\u0442\u043d\u043e \u0441\u043a\u0430\u0436\u0443, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u043b\u0441\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u0438\u0442\u0438\u043a \u043f\u043e\u0434 samba4\u2026<\/li>\n<\/ul>\n<p>  \u0418\u0442\u0430\u043a, samba4 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0438 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u0430. \u0422\u0435\u043f\u0435\u0440\u044c \u2013 \u0447\u0435\u0440\u0451\u0434 \u0430\u0443\u0442\u0435\u043d\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 AD \u0432 Linux <\/p>\n<h5>\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Winbind<\/h5>\n<p>  \u0418\u0434\u0451\u043c \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044e <a href=\"http:\/\/wiki.samba.org\/index.php\/Samba4\/Winbind\">Wiki Samba4\/Winbind<\/a> \u0438 \u0434\u0435\u043b\u0430\u0435\u043c \u0412\u0421\u0401-\u0412\u0421\u0401-\u0412\u0421\u0401, \u0447\u0442\u043e \u0442\u0430\u043c \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043e. \u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0440\u0435\u0441\u0442\u0430\u0440\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043f\u043e\u0441\u043b\u0435 \u0432\u043d\u0435\u0441\u0435\u043d\u0438\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432 \/etc\/nsswitch.conf, \u0438\u0431\u043e\u2026 \u0412 \u043e\u0431\u0449\u0435\u043c, \u043d\u0443\u0436\u043d\u0430 \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430. \u0410\u043a\u043a\u0443\u0440\u0430\u0442\u043d\u0435\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0432 \/etc\/pam.d\/, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u0435\u0441\u043b\u0438 \u043e\u0448\u0438\u0431\u0451\u0442\u0435\u0441\u044c \u2013 \u0443 \u0432\u0430\u0441 \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442\u0441\u044f \u0432 \u00ab\u0447\u0451\u0440\u043d\u044b\u0439 \u044f\u0449\u0438\u043a\u00bb, \u0442.\u043a. \u0437\u0430\u0439\u0442\u0438 \u0443\u0436\u0435 \u043d\u0430 \u043d\u0435\u0433\u043e \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u043d\u0438 \u043f\u043e ssh, \u043d\u0438 \u0441 \u043a\u043e\u043d\u0441\u043e\u043b\u0438\u2026 \u0415\u0436\u0435\u043b\u0438 \u0441\u0434\u0435\u043b\u0430\u043b\u0438 \u0432\u0441\u0451 \u0431\u0435\u0437 \u043e\u0448\u0438\u0431\u043e\u043a \u2013 \u0432\u0443\u0430\u043b\u044f, \u043c\u043e\u0436\u0435\u0442\u0435 \u0442\u0435\u043f\u0435\u0440\u044c \u043b\u043e\u0433\u0438\u043d\u0438\u0442\u044c\u0441\u044f \u043d\u0430 Linux-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u043e\u0434 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Active Directory!<br \/>  \u0412\u043f\u0440\u043e\u0447\u0435\u043c, \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u044f \u0435\u0449\u0451 \u0440\u0430\u0437 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u044e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0438 \u043f\u0440\u0438\u0432\u0435\u0434\u0443 \u0432\u0441\u0435 \u0441\u0432\u043e\u0438 (\u0440\u0430\u0431\u043e\u0447\u0438\u0435!) \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0447\u0442\u043e\u0431\u044b \u0432\u0441\u0451 \u0431\u044b\u043b\u043e \u0432 \u043e\u0434\u043d\u043e\u043c \u043c\u0435\u0441\u0442\u0435.<br \/>  \u0418\u0442\u0430\u043a.<br \/>  \u0414\u0435\u043b\u0430\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 <i>libnss_winbind.so<\/i>:  <\/p>\n<pre><code class=\"bash\"># ln -s \/usr\/local\/samba\/lib\/libnss_winbind.so.2 \/lib\/libnss_winbind.so # ln -s \/lib\/libnss_winbind.so \/lib\/libnss_winbind.so.2 <\/code><\/pre>\n<p>  \u041f\u0440\u0430\u0432\u0438\u043c<i> \/etc\/nsswitch.conf<\/i>:<br \/>  # \/etc\/nsswitch.conf  <\/p>\n<pre><code class=\"bash\">passwd:\t        compat winbind group:\t\tcompat winbind shadow:\t        compat  hosts:\t\tfiles dns networks:\tfiles  protocols:\tdb files services:\tdb files ethers:\t\tdb files rpc:\t        db files  netgroup:\tnis <\/code><\/pre>\n<p>  \u0412\u043e\u0442 \u043f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0439 \u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u043f\u0435\u0440\u0435\u0433\u0440\u0443\u0437\u0438\u0442\u0435\u0441\u044c!<br \/>  \u0422\u0435\u0441\u0442\u0438\u0440\u0443\u0435\u043c winbind. \u0414\u0430, \u043d\u0435 \u0441\u043c\u0443\u0449\u0430\u0439\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u0442\u0430\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043d\u0435\u0442 \u2013 \u0434\u0435\u043c\u043e\u043d samba \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0432\u0441\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438.<br \/>  \u0414\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c winbind:  <\/p>\n<pre><code class=\"bash\">$ \/usr\/local\/samba\/bin\/wbinfo -p  Ping to winbindd succeeded <\/code><\/pre>\n<p>  Winbind \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043e\u043c\u0435\u043d\u0430:  <\/p>\n<pre><code class=\"bash\">$ \/usr\/local\/samba\/bin\/wbinfo -u ... &lt;\u0412\u0410\u0428_\u0414\u041e\u041c\u0415\u041d&gt;\\Administrator ... <\/code><\/pre>\n<p>  getent passwd \u0434\u0430\u0451\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u0412\u0421\u0415\u0425 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u2013\u0438 \u043b\u0438\u043d\u0443\u043a\u0441\u043e\u0432\u044b\u0445, \u0438 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0445:  <\/p>\n<pre><code class=\"bash\">$ getent passwd root:x:0:0\u2026 ... &lt;\u0412\u0410\u0428_\u0414\u041e\u041c\u0415\u041d&gt;\\Administrator:x:0:100::\/home\/MATWS\/Administrator:\/bin\/false ... <\/code><\/pre>\n<p>  \u041a\u043e\u043c\u0430\u043d\u0434\u0430 id \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u0445 \u0434\u043e\u043c\u0435\u043d\u0430:  <\/p>\n<pre><code class=\"bash\">$ id Administrator uid=0(root) gid=100(users) groupes=0(root),100(users),3000004(Group Policy Creator Owners),3000008(Domain Admins) <\/code><\/pre>\n<p>  \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 \u00ab\u0437\u0430\u0433\u043e\u0442\u043e\u0432\u043a\u0438\u00bb samba4 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c Administrator \u0438\u043c\u0435\u0435\u0442 uid=0 \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0432\u044b\u0442\u0435\u043a\u0430\u044e\u0449\u0438\u043c\u0438 \u043e\u0442\u0441\u044e\u0434\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c\u0438!  <\/p>\n<h5>\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 pam<\/h5>\n<p>  \u041f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e, \u0434\u0435\u043b\u0430\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 <i>pam_winbind.so<\/i>:  <\/p>\n<pre><code class=\"bash\"># ln -s \/usr\/local\/samba\/lib\/security\/pam_winbind.so \/lib\/security <\/code><\/pre>\n<p>  \u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 <i>\/etc\/pam.d\/<\/i>:<br \/>  <i>\/etc\/pam.d\/common-auth<\/i>  <\/p>\n<pre><code class=\"bash\"># # \/etc\/pam.d\/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., \/etc\/shadow, LDAP, Kerberos, etc.).  The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules.  See # pam-auth-update(8) for details.  # here are the per-package modules (the &quot;Primary&quot; block) auth\tsufficient\t\t\tpam_winbind.so auth\t[success=1 default=ignore]\tpam_unix.so nullok_secure  use_first_pass # here's the fallback if no module succeeds auth\trequisite\t\t\tpam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth\trequired\t\t\tpam_permit.so # and here are more per-package modules (the &quot;Additional&quot; block) # end of pam-auth-update config <\/code><\/pre>\n<p>  <i>\/etc\/pam.d\/common-account<\/i>:  <\/p>\n<pre><code class=\"bash\"># # \/etc\/pam.d\/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system.  The default is to # only deny service to users whose accounts are expired in \/etc\/shadow. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules.  See # pam-auth-update(8) for details. #  # here are the per-package modules (the &quot;Primary&quot; block) account\tsufficient\t\t\t\t\t\tpam_winbind.so account\t[success=1 new_authtok_reqd=done default=ignore]\tpam_unix.so  # here's the fallback if no module succeeds account\trequisite\t\t\t\t\t\tpam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account\trequired\t\t\t\t\t\tpam_permit.so # and here are more per-package modules (the &quot;Additional&quot; block) # end of pam-auth-update config <\/code><\/pre>\n<p>  <i>\/etc\/pam.d\/common-session<\/i>:  <\/p>\n<pre><code class=\"bash\"># # \/etc\/pam.d\/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules.  See # pam-auth-update(8) for details.  # here are the per-package modules (the &quot;Primary&quot; block) session\t[default=1]\t\t\tpam_permit.so # here's the fallback if no module succeeds session\trequisite\t\t\tpam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session\trequired\t\t\tpam_permit.so # The pam_umask module will set the umask according to the system default in # \/etc\/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See &quot;man pam_umask&quot;. session\trequired\t\t\tpam_mkhomedir.so session\trequired\t\t\tpam_winbind.so session optional\t\t\tpam_umask.so # and here are more per-package modules (the &quot;Additional&quot; block) session\trequired\tpam_unix.so  session\toptional\t\t\tpam_ck_connector.so nox11 # end of pam-auth-update config <\/code><\/pre>\n<p>  \u0412\u043e\u0442 \u0442\u0435\u043f\u0435\u0440\u044c \u0443 \u0432\u0430\u0441 \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043b\u043e\u0433\u0438\u043d\u0438\u0442\u044c\u0441\u044f \u043d\u0430 Linux-\u043a\u043e\u043c\u043f\u0435 \u043f\u043e\u0434 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u043e\u043c\u0435\u043d\u0430!<\/p>\n<h5>Freeradius<\/h5>\n<p>  \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f \u2013 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 freeradius-\u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 pptpd \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u0441\u0432\u044f\u0437\u043a\u0435 \u0441 freeradius \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 Active Directory \u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 MS-CHAP v2 \u0438 MPPE-128. \u0418 \u043d\u0435 \u0432\u0435\u0440\u044c\u0442\u0435 \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 MS-CHAP v2 \u043d\u0430\u0434\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c samba3 \u0438\u043b\u0438, \u0447\u0442\u043e \u0435\u0449\u0451 \u043a\u0440\u0443\u0447\u0435 \u2013 \u0440\u0430\u0437\u043d\u0435\u0441\u0442\u0438 samba4 \u0438 radius-\u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u043e \u0440\u0430\u0437\u043d\u044b\u043c \u043c\u0430\u0448\u0438\u043d\u0430\u043c!<br \/>  \u0418\u0442\u0430\u043a, \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 \u043e\u043f\u044f\u0442\u044c \u0431\u0443\u0434\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c <a href=\"http:\/\/wiki.samba.org\/index.php\/Samba4\/HOWTO\/Virtual_Private_Network\">WiKi Samba4\/HOWTO\/Virtual_Private_Network<\/a>. \u041d\u043e \u043d\u0435 \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e. \u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u0435\u043c.<br \/>  \u0423\u0441\u0442\u0430\u043d\u0432\u043b\u0438\u0432\u0430\u0435\u043c freeradius:  <\/p>\n<pre><code class=\"bash\">sudo apt-get install freeradius freeradius-common freeradius-krb5 freeradius-ldap freeradius-utils radiusclient1 <\/code><\/pre>\n<p>  \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0451\u0439 \u043d\u0430 WiKi, \u0437\u0434\u0435\u0441\u044c \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043f\u0430\u043a\u0435\u0442\u0430 radiusclient1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b pptpd \u0441 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u043c\u0438 \u0440\u0430\u0434\u0438\u0443\u0441\u0430.<br \/>  \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u0443\u0435\u043c freeradius. \u0423 \u043c\u0435\u043d\u044f \u044d\u0442\u043e <i>\/etc\/freeradius\/radiusd.conf<\/i>:  <\/p>\n<pre><code class=\"bash\">prefix = \/usr exec_prefix = \/usr sysconfdir = \/etc localstatedir = \/var sbindir = ${exec_prefix}\/sbin logdir = \/var\/log\/freeradius raddbdir = \/etc\/freeradius radacctdir = ${logdir}\/radacct confdir = ${raddbdir} run_dir = ${localstatedir}\/run\/freeradius db_dir = ${raddbdir} libdir = \/usr\/lib\/freeradius pidfile = ${run_dir}\/freeradius.pid max_request_time = 30 cleanup_delay = 5 max_requests = 1024  listen {        type = auth        ipaddr = &lt;ip_address_\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430&gt; # \u0433\u0434\u0435 \u0431\u0443\u0434\u0435\u043c \u0441\u043b\u0443\u0448\u0430\u0442\u044c        port = 0        interface = eth0 } listen {        type = auth        ipaddr = 127.0.0.1        port = 0        interface = lo } listen {        type = acct        ipaddr = &lt;ip_address_\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430&gt;        port = 0        interface = eth0 } listen {        type = acct        ipaddr = 127.0.0.1        port = 0        interface = lo } #\u0435\u0441\u043b\u0438 \u0435\u0441\u0442\u044c \u0435\u0449\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b, \u0442\u043e \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u044c \u0434\u043b\u044f \u043d\u0438\u0445 #listen { type = auth \u2026} \u0438 listen {type = acct \u2026}  hostname_lookups = no allow_core_dumps = no regular_expressions     = yes extended_expressions    = yes  log {        destination = files        file = ${logdir}\/radius.log        syslog_facility = daemon        stripped_names = no        auth = no        auth_badpass = no        auth_goodpass = no } checkrad = ${sbindir}\/checkrad security {        max_attributes = 200        reject_delay = 1        status_server = yes } proxy_requests  = no $INCLUDE clients.conf thread pool {        start_servers = 5        max_servers = 32        min_spare_servers = 3        max_spare_servers = 10        max_requests_per_server = 0 } modules {        $INCLUDE ${confdir}\/modules\/ }  instantiate {        exec        expr        expiration        logintime } $INCLUDE policy.conf $INCLUDE sites-enabled\/ <\/code><\/pre>\n<p>  \u0414\u0430\u043b\u0435\u0435, \u0432 <i>\/etc\/freeradius\/clients.conf<\/i> \u043f\u0438\u0448\u0435\u043c:  <\/p>\n<pre><code class=\"bash\">client localhost {        ipaddr = 127.0.0.1        netmask = 32        secret = samba4 # \u044d\u0442\u043e \u0432\u0430\u0448 \u00ab\u0441\u0435\u043a\u0440\u0435\u0442\u00bb \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c        shortname = localhost } <\/code><\/pre>\n<p>  \u0423\u0434\u0430\u043b\u044f\u0435\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u044b inner-tunnel, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 EAP-TTLS \u0438 PEAP:  <\/p>\n<pre><code class=\"bash\">sudo rm -rf \/etc\/freeradius\/sites-enabled\/inner-tunnel <\/code><\/pre>\n<p>  \u0422\u0435\u043f\u0435\u0440\u044c \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 <i>\/etc\/freeradius\/sites-enabled\/<\/i> \u043e\u0441\u0442\u0430\u043b\u0441\u044f <i>default<\/i>, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u044b \u0438 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c:  <\/p>\n<pre><code class=\"bash\">authorize {        preprocess        auth_log        chap        mschap        #suffix # \u044f \u0443\u0431\u0440\u0430\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0434\u0443\u043b\u044f, \u0442.\u043a. \u0438 \u0431\u0435\u0437 \u043d\u0435\u0433\u043e \u0432\u0441\u0435 \u043e\u043a        ldap        expiration        logintime        pap } authenticate {        Auth-Type PAP {                pap        }        Auth-Type CHAP {                chap        }        Auth-Type MS-CHAP {                mschap        }        Auth-Type LDAP {                ldap        } } preacct {        preprocess        acct_unique        suffix        files } accounting {        detail        radutmp        attr_filter.accounting_response } session {        radutmp } post-auth {        exec        Post-Auth-Type REJECT {                attr_filter.access_reject        } } pre-proxy { } post-proxy { } <\/code><\/pre>\n<p>  \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 <i>\/etc\/freeradius\/modules\/<\/i> \u0438 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438.<br \/>  \u0424\u0430\u0439\u043b <i>\/etc\/freeradius\/modules\/ldap<\/i> (\u0437\u0430\u043c\u0435\u043d\u044f\u044f \u0432\u0441\u0435 cn \u0438 dc \u043d\u0430 \u0432\u0430\u0448\u0438):  <\/p>\n<pre><code class=\"bash\">ldap {        server = &quot;localhost&quot;        identity = &quot;cn=VPN,cn=users,dc=example,dc=com&quot; # \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 ldap                   # \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043c\u0435\u0435\u0442 \u043f\u0440\u0430\u0432\u043e \u0447\u0438\u0442\u0430\u0442\u044c \u0431\u0430\u0437\u0443        password = &lt;\u043f\u0430\u0440\u043e\u043b\u044c_\u044d\u0442\u043e\u0433\u043e_\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f&gt;        basedn = &quot;dc=example,dc=com&quot;        filter = &quot;(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})&quot;        ldap_connections_number = 5        timeout = 4        timelimit = 3        net_timeout = 1        tls {                start_tls = no        }        access_attr = &quot;msNPAllowDialin&quot;        dictionary_mapping = ${confdir}\/ldap.attrmap        edir_account_policy_check = no        # \u043f\u0440\u043e \u0434\u0432\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0432 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0435 \u043d\u0430 WiKi \u0437\u0430\u0431\u044b\u043b\u0438, \u0430        # \u0431\u0435\u0437 \u043d\u0438\u0445 \u044d\u0442\u043e\u0442 \u043c\u043e\u0434\u0443\u043b\u044c \u0441 Active Directory \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0435 \u0431\u0443\u0434\u0435\u0442!        chase-referrals = yes        rebind = yes } <\/code><\/pre>\n<p>  \u0420\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c<i> \/etc\/freeradius\/modules\/mschap<\/i>:  <\/p>\n<pre><code class=\"bash\">mschap {        use_mppe = yes (\u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 mppe-128)        require_encryption = yes        require_strong = yes        with_ntdomain_hack = no        # \u0438 \u0432\u043e\u0442 \u0442\u0443\u0442-\u0442\u043e \u2013 \u0433\u043b\u0430\u0432\u043d\u0430\u044f \u0445\u0438\u0442\u0440\u044e\u0449\u0430\u044f \u0445\u0438\u0442\u0440\u043e\u0441\u0442\u044c!!!        ntlm_auth = &quot;\/usr\/local\/samba\/bin\/ntlm_auth3 --request-nt-key \\        --username=%{Stripped-User-Name:-%{User-Name:-None}} \\        --challenge=%{mschap:Challenge:-00} \\        --nt-response=%{mschap:NT-Response:-00}&quot; } <\/code><\/pre>\n<p>  \u0415\u0449\u0451 \u0440\u0430\u0437 \u043e\u0431\u0440\u0430\u0449\u0443 \u0432\u0430\u0448\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 ntlm_auth = &quot;\/usr\/local\/samba\/bin\/ntlm_auth3\u2026\u201d Samba4 \u00ab\u0434\u0440\u0443\u0436\u0438\u0442\u00bb \u0441 samba3 \u0438 \u043a\u0440\u043e\u043c\u0435 \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a\u0430 ntlm_auth, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 MS-CHAP v2, \u0435\u0441\u0442\u044c \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a ntlm_auth3, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u0441\u0451 \u044d\u0442\u043e \u00ab\u0442\u0430\u0449\u0438\u0442\u00bb!<\/p>\n<h5>PPTPD<\/h5>\n<p>  \u0418, \u043d\u0430\u043a\u043e\u043d\u0435\u0446 \u2013 pptpd. \u041f\u043e\u0434\u0440\u0430\u0437\u0443\u043c\u0435\u0432\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0441\u0430\u043c pptpd \u0443 \u0432\u0430\u0441 \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d (\u0444\u0430\u0439\u043b <i>\/etc\/pptpd.conf<\/i> \u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043d\u0435 \u043d\u0430\u0434\u043e!)<br \/>  \u041f\u0440\u0430\u0432\u0438\u043c <i>\/etc\/ppp\/pptpd-options<\/i>:  <\/p>\n<pre><code class=\"bash\">############################################################################### # $Id: pptpd-options 4643 2006-11-06 18:42:43Z rene $ # # Sample Poptop PPP options file \/etc\/ppp\/pptpd-options # Options used by PPP when a connection arrives from a client. # This file is pointed to by \/etc\/pptpd.conf option keyword. # Changes are effective on the next connection.  See &quot;man pppd&quot;. # # You are expected to change this file to suit your system.  As # packaged, it requires PPP 2.4.2 and the kernel MPPE module. ###############################################################################   # Authentication  # Name of the local system for authentication purposes  # (must match the second field in \/etc\/ppp\/chap-secrets entries) name pptpd  # Optional: domain name to use for authentication #  # Strip the domain prefix from the username before authentication. # (applies if you use pppd with chapms-strip-domain patch) #chapms-strip-domain   # Encryption # Debian: on systems with a kernel built with the package # kernel-patch-mppe &gt;= 2.4.2 and using ppp &gt;= 2.4.2, ...  refuse-pap refuse-chap refuse-mschap # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication. require-mschap-v2 # Require MPPE 128-bit encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication) require-mppe-128    # Network and Routing  # If pppd is acting as a server for Microsoft Windows clients, this # option allows pppd to supply one or two DNS (Domain Name Server) # addresses to the clients.  The first instance of this option # specifies the primary DNS address; the second instance (if given) # specifies the secondary DNS address. # Attention! This information may not be taken into account by a Windows # client. See KB311218 in Microsoft's knowledge base for more information. ms-dns &lt;ip_dns&gt; # \u0432 \u043c\u043e\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u2013 \u044d\u0442\u043e 127.0.0.1  # If pppd is acting as a server for Microsoft Windows or &quot;Samba&quot; # clients, this option allows pppd to supply one or two WINS (Windows # Internet Name Services) server addresses to the clients.  The first # instance of this option specifies the primary WINS address; the # second instance (if given) specifies the secondary WINS address. ms-wins &lt;ip_wins&gt; # \u0442\u043e \u0436\u0435 \u0441\u0430\u043c\u043e\u0435 \u2013 127.0.0.1  # Add an entry to this system's ARP [Address Resolution Protocol] # table with the IP address of the peer and the Ethernet address of this # system.  This will have the effect of making the peer appear to other # systems to be on the local ethernet. # (you do not need this if your PPTP server is responsible for routing # packets to the clients -- James Cameron) proxyarp  # Debian: do not replace the default route nodefaultroute   # Logging  # Enable connection debugging facilities. # (see your syslog configuration for where pppd sends to) debug  # Print out all the option values which have been set. # (often requested by mailing list to verify options) #dump   # Miscellaneous  # Create a UUCP-style lock file for the pseudo-tty to ensure exclusive # access. lock  # Disable BSD-Compress compression nobsdcomp   auth  logfile \/var\/log\/pptpd.log # \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 radius \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u044d\u0442\u0438 \u0434\u0432\u0430 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 plugin radius.so plugin radattr.so <\/code><\/pre>\n<p>  \u0424\u0430\u0439\u043b <i>\/etc\/radiusclien\/radiusclient.conf<\/i> (\u043f\u043e-\u043c\u043e\u0435\u043c\u0443, \u044f \u0435\u0433\u043e \u043d\u0435 \u0442\u0440\u043e\u0433\u0430\u043b, \u0440\u0430\u0437\u0432\u0435 \u0447\u0442\u043e \u043f\u043e\u043f\u0440\u0430\u0432\u0438\u043b authserver \u0438 acctserver):  <\/p>\n<pre><code class=\"bash\"># General settings  # specify which authentication comes first respectively which # authentication is used. possible values are: &quot;radius&quot; and &quot;local&quot;. # if you specify &quot;radius,local&quot; then the RADIUS server is asked # first then the local one. if only one keyword is specified only # this server is asked. auth_order\tradius,local  # maximum login tries a user has login_tries\t4  # timeout for all login tries # if this time is exceeded the user is kicked out login_timeout\t60  # name of the nologin file which when it exists disables logins. # it may be extended by the ttyname which will result in # a terminal specific lock (e.g. \/etc\/nologin.ttyS2 will disable # logins on \/dev\/ttyS2) nologin \/etc\/nologin  # name of the issue file. it's only display when no username is passed # on the radlogin command line issue\t\/etc\/radiusclient\/issue  # RADIUS settings  # RADIUS server to use for authentication requests. this config # item can appear more then one time. if multiple servers are # defined they are tried in a round robin fashion if one # server is not answering. # optionally you can specify a the port number on which is remote # RADIUS listens separated by a colon from the hostname. if # no port is specified \/etc\/services is consulted of the radius # service. if this fails also a compiled in default is used. authserver \tlocalhost  # RADIUS server to use for accouting requests. All that I # said for authserver applies, too.  # acctserver \tlocalhost  # file holding shared secrets used for the communication # between the RADIUS client and server servers\t\t\/etc\/radiusclient\/servers  # dictionary of allowed attributes and values # just like in the normal RADIUS distributions dictionary \t\/etc\/radiusclient\/dictionary  # program to call for a RADIUS authenticated login login_radius\t\/usr\/sbin\/login.radius  # file which holds sequence number for communication with the # RADIUS server seqfile\t\t\/var\/run\/radius.seq  # file which specifies mapping between ttyname and NAS-Port attribute mapfile\t\t\/etc\/radiusclient\/port-id-map  # default authentication realm to append to all usernames if no # realm was explicitly specified by the user # the radiusd directly form Livingston doesnt use any realms, so leave # it blank then default_realm  # time to wait for a reply from the RADIUS server radius_timeout\t10  # resend request this many times before trying the next server radius_retries\t3  # LOCAL settings  # program to execute for local login # it must support the -f flag for preauthenticated login login_local\t\/bin\/login <\/code><\/pre>\n<p>  \u0424\u0430\u0439\u043b <i>\/etc\/radiusclien\/server<\/i>:  <\/p>\n<pre><code class=\"bash\"># Make sure that this file is mode 600 (readable only to owner)! # #Server Name or Client\/Server pair\t\tKey\t\t #----------------\t\t\t\t--------------- 127.0.0.1\t\t\t\t\tsamba4 # \u043f\u043e\u043c\u043d\u0438\u0442\u0435 \u0442\u043e\u0442 \u00ab\u0441\u0435\u043a\u0440\u0435\u0442\u00bb, \u0447\u0442\u043e \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043b\u0438 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 freeradius? <\/code><\/pre>\n<p>  \u041e\u0447\u0435\u043d\u044c \u0432\u0430\u0436\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u2013 \u0441\u043e\u0437\u0434\u0430\u0451\u043c \u0444\u0430\u0439\u043b <i>\/etc\/radiusclient\/dictionary.microsoft<\/i>. \u041f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u044c \u0435\u0433\u043e \u0442\u0435\u043a\u0441\u0442 \u043d\u0435 \u0431\u0443\u0434\u0443, \u0442.\u043a. \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0435\u0433\u043e \u0446\u0435\u043b\u0438\u043a\u043e\u043c \u043c\u043e\u0436\u043d\u043e <a href=\"http:\/\/safesrv.net\/public\/dictionary.microsoft.zip\">\u0432\u043e\u0442 \u0437\u0434\u0435\u0441\u044c<\/a> )<\/p>\n<p>  \u0418 \u0432 \u043a\u043e\u043d\u0435\u0446 \u0444\u0430\u0439\u043b\u0430 <i>\/etc\/radiusclient\/dictionary<\/i> \u0434\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0435 \u0441\u0442\u0440\u043e\u0447\u043a\u0443 <br \/>  INCLUDE \/etc\/radiusclient\/dictionary.microsoft, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435:  <\/p>\n<pre><code class=\"bash\"># # Updated 97\/06\/13 to livingston-radius-2.01 miquels@cistron.nl # #\tThis file contains dictionary translations for parsing #\trequests and generating responses.  All transactions are #\tcomposed of Attribute\/Value Pairs.  The value of each attribute #\tis specified as one of 4 data types.  Valid data types are: # #\tstring - 0-253 octets #\tipaddr - 4 octets in network byte order #\tinteger - 32 bit value in big endian order (high byte first) #\tdate - 32 bit value in big endian order - seconds since #\t\t\t\t\t00:00:00 GMT,  Jan.  1,  1970 # #\tEnumerated values are stored in the user file with dictionary #\tVALUE translations for easy administration. # #\tExample: # #\tATTRIBUTE\t  VALUE #\t---------------   ----- #\tFramed-Protocol = PPP #\t7\t\t= 1\t(integer encoding) #  # #\tFollowing are the proper new names. Use these. # # \u0434\u0430\u043b\u0435\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u0442\u0435\u043a\u0441\u0442 \u0444\u0430\u0439\u043b\u0430  # !!!! \u042d\u0442\u043e \u043d\u0430\u0434\u043e \u0434\u043e\u043f\u0438\u0441\u0430\u0442\u044c \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0430\u0439\u043b\u0430!!!!! INCLUDE \/etc\/radiusclient\/dictionary.microsoft <\/code><\/pre>\n<p>  \u041a\u0430\u0436\u0435\u0442\u0441\u044f, \u0432\u0441\u0451. Samba4 \u0443 \u0432\u0430\u0441 \u0443\u0436\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u0430, \u043d\u0430\u0434\u043e \u0440\u0435\u0441\u0442\u0430\u0440\u0442\u043e\u0432\u0430\u0442\u044c freeradius-\u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u0434\u0435\u043c\u043e\u043d pptpd.<\/p>\n<h5>\u0420\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0432\u043a\u043b\u0430\u0434\u043a\u0438 \u00abDial-in\u00bb \u0432 \u043e\u0441\u043d\u0430\u0441\u0442\u043a\u0435 ADUC<\/h5>\n<p>  \u0410\u0445, \u0434\u0430. \u041f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c\/\u0437\u0430\u043f\u0440\u0435\u0442\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e VPN \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c. \u0412\u044b \u0432\u0435\u0434\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 \u043f\u0430\u043a\u0435\u0442 Windows Remote Administration Tools? \u0422\u0430\u043a \u0432\u043e\u0442, \u0442\u0443 \u043a\u0430\u0440\u0442\u0438\u043d\u043a\u0443 \u043e\u0441\u043d\u0430\u0441\u0442\u043a\u0438 ADUC, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u0430 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0447\u043a\u0430\u0445 WiKi \u043f\u043e\u0434 Windows 7 \u0441 \u0432\u043a\u043b\u0430\u0434\u043a\u043e\u0439 \u00abDial-in\u00bb, \u0432\u044b \u043d\u0435 \u0443\u0432\u0438\u0434\u0438\u0442\u0435. \u0410 \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u0432\u044b \u043d\u0435\u0447\u0442\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0435:<br \/>  <img decoding=\"async\" src=\"http:\/\/habrastorage.org\/storage2\/02f\/5cf\/45e\/02f5cf45e89291f9c666b9e53ef826c8.png\"\/><\/p>\n<p>  \u0418 \u0433\u0434\u0435 \u0436\u0435 \u0442\u0443\u0442 \u0432\u043a\u043b\u0430\u0434\u043a\u0430 \u00abDial-in\u00bb \u0438\u043b\u0438 \u0435\u0451 \u0440\u0443\u0441\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u043e\u0433 \u00ab\u0412\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u0437\u0432\u043e\u043d\u043a\u0438\u00bb? \u041a\u0430\u043a \u0442\u0443\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439? \u041d\u0438\u0447\u0435\u0433\u043e \u0441\u0442\u0440\u0430\u0448\u043d\u043e\u0433\u043e. \u041c\u044b \u0436\u0435 \u043d\u0435 \u0431\u043e\u0438\u043c\u0441\u044f \u0442\u0440\u0443\u0434\u043d\u043e\u0441\u0442\u0435\u0439? \u0412\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c (\u0434\u0443\u043c\u0430\u044e \u2013 \u0432\u044b \u0438 \u043d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u043b\u0438!) \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u2013 \u044d\u0442\u043e, \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e, \u0435\u0449\u0451 \u0438 LDAP-\u0441\u0435\u0440\u0432\u0435\u0440, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0442\u0430\u0432\u0438\u043c \u043b\u044e\u0431\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u043f\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u0442\u0430\u043a\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, <a href=\"http:\/\/www.ldapadmin.org\/download\/index.html\">LdapAdmin<\/a>) \u2013 \u0438 \u0440\u0443\u043b\u0438\u043c \u0438\u043c.<br \/>  \u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0441 \u043d\u0430\u0448\u0438\u043c samba4-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c: \u043f\u0440\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c \u0430\u0434\u0440\u0435\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0434\u0430\u0432\u0438\u043c \u043d\u0430 \u043a\u043d\u043e\u043f\u043e\u0447\u043a\u0443 \u00abFetch DNs\u00bb, \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u0431\u0430\u0437\u0443 \u0441\u0430\u043c\u043e\u0433\u043e \u0432\u0435\u0440\u0445\u043d\u0435\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f, radio-box \u00abGSS-API\u00bb, \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u2013Administrator, \u043f\u0430\u0440\u043e\u043b\u044c \u044d\u0442\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u0438\u043c\u0441\u044f. \u0412\u0438\u0434\u0438\u043c \u0432\u0435\u0441\u044c \u043d\u0430\u0448 \u043a\u0430\u0442\u0430\u043b\u043e\u0433, \u0447\u0442\u043e \u043d\u0430\u0432\u0430\u044f\u043b\u0438 \u043f\u0440\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0438 \u0434\u043e\u043c\u0435\u043d\u0430. \u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u0437\u0430\u0445\u043e\u0434\u0438\u043c \u0432 \u0440\u0435\u0436\u0438\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041d\u0430\u0445\u043e\u0434\u0438\u043c \u0430\u0442\u0440\u0438\u0431\u0443\u0442 msNPAllowDialin \u0438 \u0432\u043f\u0438\u0441\u044b\u0432\u0430\u0435 TRUE \u0438\u043b\u0438 FALSE (\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u2013 \u0437\u0430\u0433\u043b\u0430\u0432\u043d\u044b\u043c\u0438 \u0431\u0443\u043a\u0432\u0430\u043c\u0438!):<br \/>  <img decoding=\"async\" src=\"http:\/\/habrastorage.org\/storage2\/ffa\/aa8\/691\/ffaaa86917ce74a4161a35f5739d7242.png\"\/><\/p>\n<p>  \u0421\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u043c. \u0414\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e (\u0438\u043b\u0438 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043e) \u0437\u0430\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u043e VPN. <\/p>\n<h5>\u0418\u0442\u043e\u0433\u0438<\/h5>\n<p>  \u041f\u043e-\u043c\u043e\u0435\u043c\u0443, \u0432\u0441\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043f\u043e\u0441\u0442\u0430 \u0437\u0430\u0434\u0430\u0447\u0438 \u0440\u0435\u0448\u0435\u043d\u044b. \u0412\u0440\u0435\u043c\u044f, \u0437\u0430\u0442\u0440\u0430\u0447\u0435\u043d\u043d\u043e\u0435 \u043d\u0430 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 (\u043e\u043a\u043e\u043b\u043e \u0434\u0432\u0443\u0445 \u0441 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u044c) \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043f\u043e\u0442\u0440\u0430\u0447\u0435\u043d\u043e \u043d\u0430 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u043e\u043f\u044b\u0442\u0430 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439, \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441 \u0440\u0435\u0430\u043b\u0438\u044f\u043c\u0438, \u043a\u043e\u0438 \u044f \u0432\u0438\u0434\u0435\u043b \u0441\u0432\u043e\u0438\u043c\u0438 \u0433\u043b\u0430\u0437\u0430\u043c\u0438 \u043d\u0430 \u043d\u0430\u0448\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u044e-\u043f\u0435\u0440\u0435\u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u044e samba4, \u0438 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0438 \u0435\u0449\u0451 \u0440\u0430\u0437 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u043e\u0432\u2026 \u041d\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043c\u0435\u043d\u044f \u043f\u043e\u0440\u0430\u0434\u043e\u0432\u0430\u043b: \u0432 \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430\u0441\u044c \u043f\u043e\u0447\u0442\u0438 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u043c\u0435\u043d\u0430 Windows Server 2008 R2 c Active Directory, \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0441\u0435\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430 (\u043f\u043e\u0434 wine, \u043a\u043e\u043d\u0435\u0447\u043d\u043e, \u043d\u043e \u043e\u0431 \u044d\u0442\u043e\u043c \u043d\u0438 \u0441\u043b\u043e\u0432\u0430 \u043d\u0435 \u043d\u0430\u043f\u0438\u0441\u0430\u043b). \t\t\t \t\t\t<\/p>\n<div class=\"clear\"><\/div>\n<\/p><\/div>\n<p> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"http:\/\/habrahabr.ru\/post\/157019\/\"> http:\/\/habrahabr.ru\/post\/157019\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"content html_format\"> \t\t\t\u2026\u0423-\u0444-\u0444, \u0441\u0432\u0435\u0440\u0448\u0438\u043b\u043e\u0441\u044c. \u0412\u0441\u0451 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e, \u0445\u043e\u0442\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u043e\u0442\u0440\u0430\u0442\u0438\u0442\u044c \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0438\u0437\u0440\u044f\u0434\u043d\u043e, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u043d\u0430 \u043f\u043e\u0438\u0441\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043a\u043e\u0435\u0439 \u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0440\u0430\u0445 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 (\u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439, \u043a\u043e\u043d\u0435\u0447\u043d\u043e) \u2013 \u043a\u043e\u0442 \u043d\u0430\u043f\u043b\u0430\u043a\u0430\u043b\u2026 \u0410 \u0443\u0436 \u043a\u0430\u043a \u043e\u043d\u0430 (\u044d\u0442\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f) \u0440\u0430\u0437\u0440\u043e\u0437\u043d\u0435\u043d\u0430! \u041f\u043e\u044d\u0442\u043e\u043c\u0443, \u0440\u0435\u0448\u0438\u043b \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u044d\u0442\u043e \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u043d\u0430 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c \u043e\u043f\u044b\u0442\u0435 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f. \u0413\u043b\u0430\u0432\u043d\u043e\u0435, \u0447\u0442\u043e \u0432\u0441\u0451 \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0431\u0440\u0430\u043d\u043e \u0432 \u043e\u0434\u043d\u043e\u043c \u043c\u0435\u0441\u0442\u0435 (\u043a\u0440\u043e\u043c\u0435, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a bind9, \u043d\u043e \u043e\u0431 \u044d\u0442\u043e\u043c \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435).<\/p>\n<p>  \u0418\u0442\u0430\u043a, \u0437\u0430\u0434\u0430\u0447\u0430. \u0415\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 \u0441 Ubuntu 12.04. \u041e\u043d \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u0442\u0430\u0442\u044c:<\/p>\n<ul>\n<li>PDC Windows-\u0434\u043e\u043c\u0435\u043d\u0430 c Active-Directory.<\/li>\n<li>\u0421\u0435\u0440\u0432\u0435\u0440\u043e\u043c VPN (\u043f\u0443\u0441\u0442\u044c, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 PPTP, \u043d\u043e \u0441 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 MS-CHAP v2 \u0438 MPPE-128) \u0441 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043d\u0430 Radius \u2013\u0441\u0435\u0440\u0432\u0435\u0440\u0435 (\u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0441\u0442\u0438 \u2013 freeradius).<\/li>\n<li>\u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u2013 Freeradius-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.<\/li>\n<li>\u0422\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 AD.<\/li>\n<\/ul>\n<p>  \u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u0435\u043c.  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-157019","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/157019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=157019"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/157019\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=157019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=157019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=157019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}