Ubuntu 20.04 VNC Jumpserver AD动态用户管理 _jumpserver

千金一刻莫空度，老大无成空自伤。这篇文章主要讲述Ubuntu 20.04 VNC Jumpserver AD动态用户管理相关的知识，希望能为你提供帮助。

1.安装ubuntu 20.04.3 LTS
:??http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/current/legacy-images/netboot/mini.iso??
2.配置静态IP：
# nano /etc/netplan/01-netcfg.yaml

# netplan apply
关闭ipv6
# echo "net.ipv6.conf.all.disable_ipv6 = 1" > > /etc/sysctl.conf
# sysctl -p
# ip a

3. 配置软件更新源：
# nano /etc/apt/sources.list

4. 安装配置OpenSSH-Server:
# apt update -y
# apt install -y openssh-server net-tools
# nano /etc/ssh/sshd_config

# systemctl restart sshd
5.安装桌面 Gnome-session-flashback
# apt install gnome-session-flashback gnome-terminal nautilus gnome-settings-daemon open-vm-tools-desktop

.....

等待安装完成，reboot 后出现桌面登录界面，选择：GNOME Flashback (Metacity)

6. 安装NVC Server
# apt install tigervnc-standalone-server -y
设置VNC Password:
# su - gan
$ vncpasswd

为VNC 配置桌面环境：
即配置xstartup文件（每个用户目录下都要执行）

$ nano ~/.vnc/xstartup
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
export XDG_MENU_PREFIX="gnome-flashback-"
[ -x /etc/vnc/xstartup ] & & exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] & & xrdb $HOME/.Xresources
xsetroot -solid black
vncconfig -iconic &
gnome-terminal &
nautilus &
gnome-session --session=gnome-flashback-metacity --disable-acceleration-check &

$ chmod +x ~/.vnc/xstartup

# sudo -H -u gan /bin/bash -c "vncserver :1 -localhost no -geometry 1024x768"

下载vnc viewer: ??https://www.tightvnc.com/download/1.3.10/tightvnc-1.3.10_x86_viewer.zip??

7. Ubuntu 20.04.3 LTS 加入Windows AD 域：
1）安装必要的软件：
# apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
2）加入Windows AD 域：
# realm discover afd.ink

# realm join -v -U gazh afd.ink

# id ??gan@afd.ink??

3) 配置域用户登录Ubuntu 时自动创建Home 目录：
# nano /etc/pam.d/common-session
加入：
session optional pam_mkhomedir.so skel=/etc/skel umask=077

当su - AD 用户时出现：System error

# nano /etc/sssd/sssd.conf
加入：
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive

# systemctl restart sssd

4. 配置AD用户使用sudo:

# visudo
加入："%Domain Users@afd.ink" ALL=(ALL:ALL) NOPASSWD:ALL

5）设置VNC开机自动开启：
建立rc-local.service文件
# nano /etc/systemd/system/rc-local.service
加入如下内容：

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target

然后创建文件：rc.local

# nano /etc/rc.local

内容为：

#!/bin/sh -e
## rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution bits.
# By default this script does nothing.
#start script
sudo -H -u gan /bin/bash -c "vncserver :1 -localhost no -geometry 1024x768"
sudo -H -u gan@afd.ink /bin/bash -c "vncserver :2 -localhost no -geometry 1024x768"
#end script
echo "added sucessfully!" > /tmp/added_script.log
exit 0

添加执行权限:

# chmod +x /etc/rc.local

启动服务

# systemctl enable rc-local.service

reboot

8.隐藏Ubuntu 20.04服务器登录界面中的用户列表
1)将用户gdm添加到访问控制列表中：
# xhost +SI:localuser:gdm
2)在控制台中切换到用户gdm：
su gdm -l -s /bin/bash
3)禁用用户列表：
gsettings set org.gnome.login-screen disable-user-list true

【Ubuntu 20.04 VNC Jumpserver AD动态用户管理】