我正在尝试通过adcli将Oracle Linux 6.10计算机连接到Microsoft Win AD。完成所有配置后,当我尝试'id'时,它引发错误'user不存在'。
我已经安装了adcli sssd authconfig pam_krb5 samba4-common软件包。
我的sssd.conf文件是:
[sssd]
domains = addomain.com
config_file_version = 2
services = nss, pam
[domain/addomain.com]
ad_domain = addomain.com
krb5_realm = ADDOMAIN.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
resolv.conf:
domain platform.internal.com
nameserver 172.28.231.26
nameserver 172.28.227.71
nameserver 192.168.3.71
search platform.internal.com addomain.com
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = addomain.com
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
addomain.com = {
kdc = addomain.com
admin_server = addomain.com
}
[domain_realm]
addomain.com = addomain.com
.addomain.com = addomain.com
日志消息:
(Tue Sep 17 15:24:22 2019) [[sssd[ldap_child[229738]]]] [sig_term_handler] (0x0010): Received signal [Terminated] [15], shutting down
(Tue Sep 17 15:24:22 2019) [[sssd[ldap_child[229738]]]] [sig_term_handler] (0x0010): Unlink file [/var/lib/sss/db/ccache_ADDOMAIN.COM_oVJxLg]
(Tue Sep 17 15:25:07 2019) [[sssd[ldap_child[230133]]]] [sig_term_handler] (0x0010): Received signal [Terminated] [15], shutting down
(Tue Sep 17 15:25:07 2019) [[sssd[ldap_child[230133]]]] [sig_term_handler] (0x0010): Unlink file [/var/lib/sss/db/ccache_ADDOMAIN.COM_qULCn9]
“ adcli info addomain.com”的输出:
[domain]
domain-name = addomain.com
domain-short = ADDOMAIN
domain-forest = addomain.com
domain-controller = mx.addomain.com
domain-controller-site = AdCOM
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret ads-web domain-
controller-usable = yes
domain-controllers = mx.addomain.com
[computer] computer-site = AdCOM
有人可以帮忙吗?