溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
首先安裝各個依賴包;
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python ntp –y
確保至AD的解析正常,編輯 /etc/resolv.conf 文件;
[root@@testLinux-WH ~]# cat /etc/resolv.conf
search example.com
nameserver 192.168.10.51
確保該賬戶具有相應權限,加入AD域;
[root@@testLInux-WH ~]# realm join --user=administrator example.com
Password for administrator:
如有報錯可以使用命令 journalctl -xe REALMD_OPERATION=r549.7056 加錯誤代碼查看信息報錯。確認DNS解析正常,確認時間是否一致;
ntpdate ntpserver
使用 realm list 確認 realm 信息;
[root@@testLinux-WH ~]# realm list
example.com
type: kerberos
realm-name: EXAMPLE.COM
domain-name: example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U@example.com
login-policy: allow-realm-logins
加域成功后,AD中自動創建了相關記錄;
由于CentOS中默認使用完整用戶名“administrator@example.com”,需要修改 /etc/sssd/sssd.conf 配置文件來達到使用短用戶名的目的;
use_fully_qualified_names = False
fallback_homedir = /home/%u
重啟服務使其生效;
systemctl restart sssd
嘗試使用測試賬戶連接;
ssh fei-u031@192.168.0.101
fei-u031@192.168.0.101's password:
Creating home directory for fei-u031.
Last failed login: Wed Aug 7 15:52:22 CST 2019 from adsvr01.example.com on ssh:notty
There were 4 failed login attempts since the last successful login.
/usr/bin/xauth: file /home/fei-u031/.Xauthority does not exist
[fei-u031@testLinux-WH ~]$ pwd
/home/fei-u031
退出AD域;
realm leave example.com
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
