我希望有人能帮助我找出问题所在。我正在尝试将服务器与我的AD计算机一起加入,但出现此错误:
无法加入域:无法通过rpc查找域“ MYDOMAIN.LOCAL”的DC信息:无效的参数已传递给服务或功能。
有人可以帮我吗?显然,我在这里所做的事情有问题,但krb5.conf或smb.conf或sssd.conf都找不到问题,但显然必须存在。我试图包含尽可能多的相关信息,但我确定我可能会错过其他内容。我已经尝试解决这一问题超过一天了,但到目前为止,我在Google上搜索的所有内容都无济于事。
samba.x86_64 4.8.3-4.el7 @base
samba-client.x86_64 4.8.3-4.el7 @base
samba-client-libs.x86_64 4.8.3-4.el7 @anaconda/7.6
samba-common.noarch 4.8.3-4.el7 @anaconda/7.6
samba-common-libs.x86_64 4.8.3-4.el7 @anaconda/7.6
samba-common-tools.x86_64 4.8.3-4.el7 @base
samba-libs.x86_64 4.8.3-4.el7 @base
我的/etc/sssd/sssd.conf:
[sssd]
config_file_version = 2
debug_level = 7
domains = mydomain.local
services = nss, pam, sudo
# Uncomment/adjust as needed if IMU is not used:
override_homedir = /home/%d/%u
default_shell = /bin/bash
[domain/mydomain.local]
id_provider = ad
access_provider = ad
auth_provider = ad
cache_credentials = true
ad_server = mydomain-11.mydomain.local
ad_backup_server = mydomain-12.mydomain.local
ldap_search_timeout = 20
ldap_opt_timeout = 15
subdomain_inherit = ignore_group_members, ldap_purge_cache_timeout
ldap_purge_cache_timeout = 0
# Enables use of POSIX UIDs and GIDs:
ldap_id_mapping = true
ldap_schema = ad
fallback_homedir = /home/%d/%u
ldap_use_tokengroups = false
[nss]
memcache_timeout = 3600
override_shell = /bin/bash
[pam]
debug_level = 2
pam_id_timeout = 15
#[sudo]
#
#[autofs]
#
[ssh]
#
#[pac]
#
#[ifp]
我的/etc/samba/smb.conf:
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCAL
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
security = ads
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
idmap config * : backend = autorid
idmap config * : range = 1000000 - 19999999
idmap config * : rangesize = 1000000
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
我的/etc/krb5.conf:
[libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = MYDOMAIN.LOCAL
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[domain_realm]
mydomain.local = MYDOMAIN.LOCAL
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
MYDOMAIN.LOCAL = (open bracket)
admin_server = mydomain-11.mydomain.local
kdc = MYDOMAIN-11.MYDOMAIN.local
(close bracket)