尝试通过AD

时间:2019-03-15 17:07:41

标签: active-directory samba

我希望有人能帮助我找出问题所在。我正在尝试将服务器与我的AD计算机一起加入,但出现此错误:

无法加入域:无法通过rpc查找域“ MYDOMAIN.LOCAL”的DC信息:无效的参数已传递给服务或功能。

有人可以帮我吗?显然,我在这里所做的事情有问题,但krb5.conf或smb.conf或sssd.conf都找不到问题,但显然必须存在。我试图包含尽可能多的相关信息,但我确定我可能会错过其他内容。我已经尝试解决这一问题超过一天了,但到目前为止,我在Google上搜索的所有内容都无济于事。

samba.x86_64                           4.8.3-4.el7                 @base
samba-client.x86_64                    4.8.3-4.el7                 @base
samba-client-libs.x86_64               4.8.3-4.el7                 @anaconda/7.6
samba-common.noarch                    4.8.3-4.el7                 @anaconda/7.6
samba-common-libs.x86_64               4.8.3-4.el7                 @anaconda/7.6
samba-common-tools.x86_64              4.8.3-4.el7                 @base
samba-libs.x86_64                      4.8.3-4.el7                 @base

我的/etc/sssd/sssd.conf:

[sssd]

config_file_version = 2
debug_level = 7
domains =  mydomain.local
services = nss, pam, sudo
# Uncomment/adjust as needed if IMU is not used:
override_homedir = /home/%d/%u
default_shell = /bin/bash

[domain/mydomain.local]

id_provider = ad
access_provider = ad
auth_provider = ad
cache_credentials = true
ad_server = mydomain-11.mydomain.local
ad_backup_server = mydomain-12.mydomain.local
ldap_search_timeout = 20
ldap_opt_timeout = 15
subdomain_inherit = ignore_group_members, ldap_purge_cache_timeout
ldap_purge_cache_timeout = 0

# Enables use of POSIX UIDs and GIDs:
ldap_id_mapping = true
ldap_schema = ad
fallback_homedir = /home/%d/%u
ldap_use_tokengroups = false

[nss]

memcache_timeout = 3600
override_shell = /bin/bash


[pam]

debug_level = 2
pam_id_timeout = 15

#[sudo]
#
#[autofs]
#
[ssh]
#
#[pac]
#
#[ifp]

我的/etc/samba/smb.conf:

[global]

            workgroup = MYDOMAIN
            realm = MYDOMAIN.LOCAL
            client signing = yes
            client use spnego = yes
            kerberos method = secrets and keytab
            security = ads
            server string = Samba Server Version %v
            log file = /var/log/samba/log.%m
            max log size = 50
            passdb backend = tdbsam
            idmap config * : backend = autorid
            idmap config * : range = 1000000 - 19999999
            idmap config * : rangesize = 1000000
[homes]

    comment = Home Directories
    browseable = no
    writable = yes
[printers]

    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

我的/etc/krb5.conf:

[libdefaults]

renew_lifetime = 7d
forwardable = true
default_realm = MYDOMAIN.LOCAL
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

[domain_realm]
mydomain.local = MYDOMAIN.LOCAL

[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log

[realms]

MYDOMAIN.LOCAL = (open bracket)
admin_server = mydomain-11.mydomain.local
kdc = MYDOMAIN-11.MYDOMAIN.local
(close bracket)

0 个答案:

没有答案