主页 / user-304493

eXe's questions

Martin Hope
eXe
Asked: 2017-03-07 01:38:28 +0800 CST
  • 0

分发服务器和软件:

Debian 8
TFTP Server
SAMBA Server
DHCP Server

现在我们使用以下方式将 Windows (2012) 分发到我们的服务器:

  • 安装任务 inkomming
  • 编辑 dhcp 服务器(新服务器)
  • 自动创建 wim 启动映像(通过 debian 服务器,通过wimlib修改 wim 模板)
  • 使用 unattended.xml 创建 samba 共享
  • 电脑开机
  • 新服务器的 dhcp 请求
  • tftp 下载 wim (winpe) 映像
  • winpe 启动和挂载 sambsa 共享
  • 无人值守安装windows

这按预期工作 - 但 tftp 下载仅限于一个修复源{TFTPSource}/Boot/startrom.0

由于路径的限制,目前只能一次启动一个windows安装,直到加载完wim镜像。完成 wim 映像后,可以触发下一次安装。

现在我们寻找一种“更好”的方式来一次安装多个 Windows 服务器。我们发现了几个像OPSIUnattended这样的项目,但它们似乎都不符合我们的要求:

OPSI 似乎需要在客户端上安装一个软件,该软件在客户端上是永久的。似乎没有对 Windows Server 2016 Distribution 的官方支持。

无人值守似乎仅适用于 Windows 2000 / XP / 2003。

我们需要(它可能是一个 Windows 部署服务器)一个部署服务器,它可以一次交付多个客户端(基于无人值守模板的无人值守安装,我们将在安装之前对其进行编辑)

将 Windows Server 2012(2016,可能还有其他 Windows 发行版)交付到多个客户端的正确方法是什么?

是否有满足此需求的免费 Windows 软件(最好可通过命令行远程控制)?

也许有一种方法可以修改{TFTPSource}/Boot/startrom.0Windows Bootrom 的修复编码路径?

windows unattended windows-pe tftp
Martin Hope
eXe
Asked: 2016-07-13 01:15:49 +0800 CST
  • 5

Ubuntu / Debian 的预置工作正常 - 系统是可启动的。

fdisk -l结果如下:

Disk /dev/sda: 50 GiB, 53687091200 bytes, 104857600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x000e157a

Device     Boot    Start       End  Sectors   Size Id Type
/dev/sda1             63    192779   192717  94.1M 83 Linux
/dev/sda2  *      192780   1172744   979965 478.5M 83 Linux
/dev/sda3        1172745  96470324 95297580  45.5G 83 Linux
/dev/sda4       96470325 104856254  8385930     4G 82 Linux swap / Solaris

Partition 1 does not start on physical sector boundary.
Partition 2 does not start on physical sector boundary.
Partition 3 does not start on physical sector boundary.
Partition 4 does not start on physical sector boundary.

我当前在 preseed 中的分区参数是:

d-i partman-lvm/device_remove_lvm                   boolean true
d-i partman-auto/purge_lvm_from_device              boolean true
d-i partman-md/device_remove_md                     boolean true
d-i partman-lvm/confirm                             boolean true
d-i partman/alignment                               select cylinder
d-i partman/confirm                                 boolean true
d-i partman-basicfilesystems/no_swap                  boolean false
d-i partman-partitioning/confirm_write_new_label    boolean true
d-i partman/choose_partition                        select finish
d-i partman/confirm_nooverwrite                     boolean true
d-i grub-installer/only_debian                      boolean true
d-i grub-installer/bootdev                                      string /dev/sda
d-i partman-auto/disk                               string /dev/sda
d-i partman-auto/method                             string regular
d-i partman-auto/expert_recipe string                         \
      boot-root ::                                            \
              100 50 100 free                                 \
                          $gptonly{ }                         \
                          $primary{ }                         \
                          $bios_boot{ }                       \
                          method{ biosgrub }                  \
              .                                               \
              500 50 500 ext2                                 \
                      $primary{ } $bootable{ }                \
                      method{ format } format{ }              \
                      use_filesystem{ } filesystem{ ext2 }    \
                      mountpoint{ /boot }                     \
              .                                               \
              500 10000 1000000000 ext4                       \
                      $primary{ }                             \
                      method{ format } format{ }              \
                      use_filesystem{ } filesystem{ ext4 }    \
                      mountpoint{ / }                         \
              .                                               \
              200% 500 200% linux-swap                        \
                      $primary{ }                             \
                      method{ swap } format{ }                \
              .

如何避免Partition {n} does not start on physical sector boundary错误。预置时如何在partman中设置正确的起始扇区和扇区大小?

ubuntu debian partition preseed partition-alignment
Martin Hope
eXe
Asked: 2015-12-11 23:58:29 +0800 CST
  • 1

系统是:

Debian GNU/Linux 8.2 (jessie)

BIND 9.9.5-9+deb8u3-Debian (Extended Support Version)

命名.conf.options:

options {
    directory "/var/cache/bind";
    key-directory "/etc/bind/keys";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

    // forwarders {
    //  0.0.0.0;
    // };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    dnssec-dnskey-kskonly yes;
    sig-validity-interval 21 16;
    inline-signing yes;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };

    // permit lookup of unknown dns names
    recursion no;

    // allow dynamicly new zones
    allow-new-zones yes;
};

缓存文件/var/cache/bind/3bf305731dd26307.nzf具有 thr 权限 0744 并归 bind:bind 所有

一切都按预期工作,我可以添加区域、统计信息、加载键和所有内容 - 除了:

rndc delzone {ZoneName}

如果我触发此命令(在控制台中以 root 身份),我会得到一个rndc: 'delzone' failed: permission denied

在日志中没有显示任何内容..

我真的被困在这里 - 任何人都知道为什么会发生此权限错误?

permissions
Martin Hope
eXe
Asked: 2015-12-09 08:55:30 +0800 CST
  • 1

有没有办法从正在运行的绑定服务器上的区域中删除所有与 dnssec 相关的东西?

像这里描述的那样配置了绑定。

如果我使用rndc signing -clear all domain.tld该区域不会发生任何事情。

如果我删除 dnssec 签名区域rndc delzone domain.tld 并通过 重新创建它rndc addzone domain.tld ...domain.tld.jnl将自动重新创建具有相关 dnssec 数据的文件,并且该区域再次进行 dnssec 签名。

如何使用 rndc 从区域中删除所有 dnssec 相关数据?

bind
Martin Hope
eXe
Asked: 2015-12-09 08:40:28 +0800 CST
  • 2

由 dnssec-keygen 生成的密钥的默认过期时间/期限是多少:

如果我执行: dnssec-keygen -a RSASHA256 -b 2048 -f KSK mydomain.com

我得到2个文件:

(Kmydomain.com.+008+21346.key)

; This is a key-signing key, keyid 21346, for mydomain.com.
; Created: 20151208123320 (Tue Dec 08 13:33:20 2015)
; Publish: 20151208123320 (Tue Dec 08 13:33:20 2015)
; Activate: 20151208123320 (Tue Dec 08 13:33:20 2015)
mydomain.com. IN DNSKEY 257 3 8 AwEAAfcTOQq0VoMZFTKMPsRzUlO4cUzZvHCf9sb+MMeZhfMyLOSc6j6j hKtfYOVAwxDu7hEG5pG+5V908r7EAgZfjJgBPFlz6c3xZ9Yf5FqU4vRR CAAMye/87e2J4TKoFnv6J/8Vigz21IvKGYgdsXMs5Pf8rgqPgpZjXP+D gMxezJH1dQYV3oW6zULttm1/4+yeXZrc1NIzbmS3AChwKCNtP+fcj0dt PpV8Z8lcd0EnhZWCN7KZTgs8kzRHVGNKZSJ7Mvlklt74vNXnjpwsl3LL Uxi0ucXiWd7zB3eBA92+lH13QJPZnlUGe7iGiD4HYOeFAyRQGGYzd1Gf 3xwtWyF/3h8=

和(Kmydomain.com.+008+21346.private)

Private-key-format: v1.3
Algorithm: 8 (RSASHA256)
Modulus: 9xM5CrRWgxkVMow+xHNSU7hxTNm8cJ/2xv4wx5mF8zIs5JzqPqOEq19g5UDDEO7uEQbmkb7lX3TyvsQCBl+MmAE8WXPpzfFn1h/kWpTi9FEIAAzJ7/zt7YnhMqgWe/on/xWKDPbUi8oZiB2xcyzk9/yuCo+ClmNc/4OAzF7MkfV1BhXehbrNQu22bX/j7J5dmtzU0jNuZLcAKHAoI20/59yPR20+lXxnyVx3QSeFlYI3splOCzyTNEdUY0plInsy+WSW3vi81eeOnCyXcstTGLS5xeJZ3vMHd4ED3b6UfXdAk9meVQZ7uIaIPgdg54UDJFAYZjN3UZ/fHC1bIX/eHw==
PublicExponent: AQAB
PrivateExponent: vn6qry8luIRBTKzGxC5p3jTJ3kfOO0OKQBjBwVMD7OLVrBmznUHzyzGJgpgxDcA5+xTH9r0pGjUP57c2HHXU72mcfxeYv3kN5xDFvnUmmtpTAb7af1cSlt+EqsrgMwxHhCu2OZKhg3n5v3GtXDDUBMNj6K6HL65CiJp6VpgMv8btbDMBkc+eytFmJDIJ0FdOtlWxJYzFTZ6lAcxR7sSOidP/nKz8/5GLwwU/dxdMWS5xavzJYTZjG7ZQRwkTcEGZ9/PjgSzeqOUvJt2pcQXt6mi5/ZNpcC1843JYt+N6/O0sHSmphtv7WYOl5FOBYJP66akfv1XeNaYHKDZg+A+kUQ==
Prime1: /0oPncwFldrW/Iu3HmymBk4ntelWsKJgtaEZNXe7p5KXs4w8V48t+y2bz6k89ZSdR5cpVPmXd28BHqbODgetBkKKCi+P2+3N//7EuKr4qEVT/w7BWtp6+5zBnl6nBtblxz4RuBIb6kuues6GfHfIRMngeggxduuSCpOlSRyyGlc=
Prime2: 98NOx4xaPweAgz98gxPWXEQ6uB3CzVI1NFIGN1xGhS9qSq1FRWDe2bH5RjXh9m2tDCXC/TKzBjUfe3+xNKliO+Kkr7V45jpAlAfU2M3GKJ4Yqv9zHgk4ueQAtOFx6cQNywOLUnY4ms+JkmnWVWQxuBkcFPBY+9iuGLc3NbL9DXk=
Exponent1: qsieB9+MQQMk3dCOEbF3pDI2yLCwSPxoHDoIxkcyZ9le2UPQvnbPuQB7AwJiAJyKV3FdujY7STAenKXUpXgnHU/4TvYglG3TaRXD/xKJxPCUT8ZMPf55Vcg5kzwZGy86iv8QFYcv258Du65cM/piJPq0zI6coMTZb2/0nCOxVoM=
Exponent2: D578xJAQ0JCEhcHm88y4YzDaEumtcoyQVjAlvC/RMmx+4x5xk6I76rXR5Z9YE9VuZ6mp1ZTwvJ900LCIV62mR+hOQdXLPZjGoY6s2M6Ag+cT3xQkCezC6tV5Re5A5GA8DmS20AgsIXacUeLiZJfgmp7aqmdM9PQAZgaHMJeMZOE=
Coefficient: jmEpQL+U4NCvGrucQHHwdSlNphGI86rpuyB32vBs5khx1kiVyfj06/0yP2QAXjZv9DLoKxpfDwv7VGJb9hqr98E27zhdHzSNV5mo5COR7wMcApPfPZvu7k9pwiqf+MT1eNdzS31fOIp8APpaDMCnYPiIxbtynUHeUCU/etH2oxg=
Created: 20151208123320
Publish: 20151208123320
Activate: 20151208123320

因为我认为密钥有一个验证时间,并且在时间结束后会自动撤销。

是否有过期的默认值 - 或者我是否必须通过@ dnssec-keygen 手册页-R描述的标志手动设置它?

还是我在这里误解了一些完全错误的东西?

bind