|
首先安装各个依赖包; yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python ntp –y
确保至AD的解析正常,编辑 /etc/resolv.conf 文件; [root@@testLinux-WH ~]# cat /etc/resolv.conf search example.com nameserver 192.168.10.51
确保该账户具有相应权限,加入AD域; [root@@testLInux-WH ~]# realm join --user=administrator example.com Password for administrator:
如有报错可以使用命令 journalctl -xe REALMD_OPERATION=r549.7056 加错误代码查看信息报错。确认DNS解析正常,确认时间是否一致; ntpdate ntpserver
使用 realm list 确认 realm 信息; [root@@testLinux-WH ~]# realm list example.com type: kerberos realm-name: EXAMPLE.COM domain-name: example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools login-policy: allow-realm-logins
加域成功后,AD中自动创建了相关记录;
use_fully_qualified_names = False fallback_homedir = /home/%u
重启服务使其生效; systemctl restart sssd
尝试使用测试账户连接; fei-u031@192.168.0.101's password: Creating home directory for fei-u031. Last failed login: Wed Aug 7 15:52:22 CST 2019 from adsvr01.example.com on ssh:notty There were 4 failed login attempts since the last successful login. /usr/bin/xauth: file /home/fei-u031/.Xauthority does not exist [fei-u031@testLinux-WH ~]$ pwd /home/fei-u031
退出AD域; realm leave example.com | 
|手机版|灵易深论坛
( 沪ICP备2020036158号-2 )
发表于 2019-9-11 08:29:01
