Sida loo sahlo saxiixa LDAP ee Windows Server & Mashiinada Macmiilka

Saxeexa LDAP(LDAP signing) waa habka xaqiijinta ee Windows Server - ka kaas oo wanaajin kara amniga serfarka hagaha. Marka la furo, way diidi doontaa codsi kasta oo aan waydiisan saxeexa ama haddii codsiga la isticmaalayo sir aan SSL/TLS ahayn. Maqaalkan, waxaanu ku wadaagi doonaa sida aad awood ugu yeelan karto saxeexa LDAP ee (LDAP)Windows Server iyo mishiinada macmiilka. LDAP waxay u taagan tahay   Hab-raaca Helitaanka Hagaha Fudud(Lightweight Directory Access Protocol) (LDAP).

Sida loo sahlo saxiixa LDAP kombayutarada Windows

Si loo hubiyo in qofka wax weeraray aanu isticmaalin macmiil LDAP been abuur ah si uu u bedelo habaynta serverka iyo xogta, waxa lama huraan u ah in la suurtogeliyo saxiixa LDAP . Si la mid ah ayey muhiim u tahay in lagu sahlo mishiinnada macmiilka.

  1. Deji(Set) shuruudaha saxiixa LDAP server
  2. Deji(Set) shuruudaha saxiixa LDAP ee macmiilka adiga oo isticmaalaya siyaasada kombuyuutarka maxaliga ah(Local)
  3. Deji(Set) shuruudaha saxiixa LDAP ee macmiilka adiga oo isticmaalaya Shayga Siyaasadda Kooxda Domain(Domain Group Policy Object)
  4. Deji(Set) shuruudaha saxiixa LDAP ee macmiilka adiga oo isticmaalaya furayaasha Diiwaanka(Registry)
  5. Sida loo xaqiijiyo isbeddelada qaabeynta
  6. Sida loo helo macaamiisha aan isticmaalin ikhtiyaarka " u baahan(Require) saxiixa "

Qaybta ugu danbeysa waxay kaa caawinaysaa inaad ogaato macaamiisha aan u baahnayn saxeexa(do not have Require signing enabled) kumbiyuutarka. Waa qalab waxtar u leh maamulayaasha IT-ga si ay u go'doomiyaan kombuyuutarradaas, oo ay awood u yeeshaan goobaha amniga ee kombuyuutarrada.

1] Deji(Set) shuruudaha saxiixa LDAP ee serverka

Sida loo sahlo saxiixa LDAP ee Windows Server & Mashiinada Macmiilka

  1. Fur Console Maamulka Microsoft(Microsoft Management Console) (mmc.exe)
  2. Dooro Faylka>  Kudar(Add) /kasaar Snap-in> dooro  Tifaftiraha Shayga Siyaasadda Kooxda(Group Policy Object Editor) , ka dibna dooro  Ku dar(Add) .
  3. Waxay furi doontaa Wizard Siyaasadda Kooxda(Group Policy Wizard) . Guji badhanka (Click)Browse , oo dooro  Siyaasadda Domain Default(Default Domain Policy) halkii aad ka isticmaali lahayd Kombuyuutarka Maxalliga ah
  4. Guji(Click) badhanka OK, ka dibna badhanka dhame(Finish) , oo xidh.
  5. Dooro  Default Domain Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies , ka dibna dooro Doorashooyinka Ammaanka.
  6. Midig ku dhufo  Koontaroolka Domain-ka: Shuruudaha saxiixa server-ka LDAP(Domain controller: LDAP server signing requirements) , ka dibna dooro Guryaha.
  7. Xakamaynta Domain -ka  : Shuruudaha saxeexa serferka LDAP  Sanduuqa wada hadalka  Guryaha , karti (Properties)Qeexee(Define) dejinta siyaasadan, dooro u  baahan saxeexa Qeexi liiska dejinta siyaasada,(Require signing in the Define this policy setting list,) ka dibna dooro OK.
  8. Dib u hubi dejinta oo dabaq iyaga.

2] Deji(Set) shuruudaha saxiixa LDAP ee macmiilka adiga oo isticmaalaya siyaasadda kombuyuutarka maxalliga ah

Sida loo sahlo saxiixa LDAP ee Windows Server & Mashiinada Macmiilka

  1. Fur degdegga(Run) ah, oo ku qor gpedit.msc, oo taabo furaha Gelida(Enter) .
  2. Tafatiraha siyaasadda kooxda, u Local Computer Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies , ka dibna dooro  Doorashooyinka Ammaanka.(Security Options.)
  3. Midig ku dhufo amniga shabakada: Shuruudaha saxiixa macmiilka LDAP(Network security: LDAP client signing requirements) , ka dibna dooro Guryaha.
  4. Amniga  Shabakadda(Network) : Shuruudaha saxiixa macmiilka LDAP Sanduuqa wada hadalka (LDAP)Guryaha(Properties)  , dooro u  baahan saxeexa(Require signing) liiska ka dibna dooro OK.
  5. Xaqiiji isbeddelada oo ku dabaq.

3] Deji shuruudaha saxiixa (Set)LDAP ee macmiilka adiga oo isticmaalaya Shayga Siyaasadda Kooxda ee(Group Policy Object) domainka

  1. Fur Console Maamulka Microsoft (mmc.exe)(Open Microsoft Management Console (mmc.exe))
  2. Dooro  Faylka(File)  >  Add/Remove Snap-in >  dooro  Tifaftiraha Shayga Siyaasadda Kooxda(Group Policy Object Editor) , ka dibna dooro  Ku dar(Add) .
  3. Waxay furi doontaa Wizard Siyaasadda Kooxda(Group Policy Wizard) . Guji badhanka (Click)Browse , oo dooro  Siyaasadda Domain Default(Default Domain Policy) halkii aad ka isticmaali lahayd Kombuyuutarka Maxalliga ah
  4. Guji(Click) badhanka OK, ka dibna badhanka dhame(Finish) , oo xidh.
  5. Dooro  Nidaamka Domain Default(Default Domain Policy)  >  Habaynta Kombiyuutarka(Computer Configuration)  >  Dejinta Windows(Windows Settings)  >  Dejinta Amniga(Security Settings)  >  Xeerarka Maxalliga ah(Local Policies) , ka dibna dooro  Doorashooyinka Ammaanka(Security Options) .
  6. Amniga  Shabakadda: Shuruudaha saxiixa macmiilka LDAP (Network security: LDAP client signing requirements Properties ) Sanduuqa wada hadalka Guryaha, dooro u  baahan saxeexa (Require signing ) liiska ka dibna dooro  OK .
  7. Xaqiiji(Confirm) isbeddelada oo mari dejinta

4] Deji shuruudaha saxiixa (Set)LDAP macmiilka adiga oo isticmaalaya furayaasha diiwaangelinta

Waxa ugu horreeya oo ugu muhiimsan in la sameeyo waa in aad kayd ka qaadato diiwaankaaga

  • Furo Tifaftiraha Diiwaanka
  • U HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ <InstanceName> \Parameters
  • Midig ku dhufo(Right-click) shayga midig, oo samee DWORD cusub oo leh magaca LDAPServerIntegrity
  • U dhaaf qiimihiisii ​​caadiga ahaa.

<InstanceName >: Magaca tusaalaha AD LDS(AD LDS) ee aad rabto inaad beddesho.

5] Sida(How) loo xaqiijiyo haddii qaabeynta isbedelku hadda u baahan yahay saxiix

Si loo hubiyo in siyaasadda ammaanku ay halkan ku shaqaynayso waa sida loo hubiyo daacadnimadeeda.

  1. Saxeex kombuyuutar uu ku rakiban yahay AD DS Admin Tools .
  2. Fur degdegga ah, oo ku qor ldp.exe(Run) , oo taabo furaha Gelida(Enter) . Waa UI loo isticmaalo ka dhex dhex maris meelaynta Hagaha(Active Directory) Active
  3. Dooro Xidhiidhka > Isku xidhka.
  4. Gudaha  Server -  ka iyo  Dekedda(Port) , ku qor magaca server-ka iyo dekedda aan SSL/TLS ahayn ee seerfarkaaga, ka dibna dooro OK.
  5. Ka dib markii xiriir la sameeyo, dooro Connection> Bind.
  6. Nooca bind  hoostiisa(Bind) , dooro  xidhid fudud(Simple) .
  7. Ku qor magaca isticmaalaha iyo erayga sirta ah, ka dibna dooro OK.

Haddii aad hesho fariin khalad ah oo leh  Ldap_simple_bind_s() guuldareystay: Xaqiijin adag ayaa loo baahan yahay(Ldap_simple_bind_s() failed: Strong Authentication Required) , ka dib waxaad si guul leh u habaysay server-kaaga hagaha.

6] Sida(How) loo helo macaamiisha aan isticmaalin ikhtiyaarka " u baahan(Require) saxiixa "

Mar kasta oo mashiinka macmiilku ku xidho server-ka isagoo isticmaalaya hab maamuuska isku xirka amniga, wuxuu abuuraa Aqoonsiga Dhacdada 2889(Event ID 2889) . Gelida loggu waxa kale oo ka koobnaan doona ciwaanka IP-ga ee macaamiisha. Waxaad u baahan doontaa inaad tan karti u yeelatid adiga oo dejinaya 16  LDAP Interface Events  goobta ogaanshaha  2 (Aasaasiga ah). (2 (Basic). )Baro sida loo habeeyo AD iyo LDS dhacdada ogaanshaha ogaanshaha halkan Microsoft(here at Microsoft) .

Saxeexa LDAP(LDAP Signing) waa muhiim, waxaana rajeynayaa in uu awooday inuu kaa caawiyo inaad si cad u fahanto sida aad awood ugu yeelan karto saxiixa LDAP gudaha (LDAP)Windows Server , iyo mishiinada macmiilka.



Mario Morgan

About the author

Waxaan ahay injineer software ah oo khibrad u leh Xbox Explorer, Microsoft Excel, iyo Windows 8.1 Explorer. Waqtiga firaaqada, waxaan jeclahay inaan ciyaaro ciyaaraha fiidiyaha oo aan daawado TV-ga. Waxaan shahaadada ka qaatay Jaamacadda Utah, waxaanan hadda u shaqeynayaa sidii injineer software ah oo shirkad caalami ah.


Related posts