adcli-adcli配置后,面对错误“用户不存在”

时间:2019-09-19 07:44:23

标签: active-directory ldap openldap nis

我正在尝试通过adcli将Oracle Linux 6.10计算机连接到Microsoft Win AD。完成所有配置后,当我尝试'id'时,它引发错误'user不存在'。

我已经安装了adcli sssd authconfig pam_krb5 samba4-common软件包。

我的sssd.conf文件是:

[sssd]
domains = addomain.com
config_file_version = 2
services = nss, pam

[domain/addomain.com]
ad_domain = addomain.com
krb5_realm = ADDOMAIN.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad

resolv.conf:

domain platform.internal.com
nameserver 172.28.231.26
nameserver 172.28.227.71
nameserver 192.168.3.71
search platform.internal.com addomain.com

krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = addomain.com
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]

 addomain.com = {
  kdc = addomain.com
  admin_server = addomain.com
 }

[domain_realm]
 addomain.com = addomain.com
 .addomain.com = addomain.com

日志消息:

(Tue Sep 17 15:24:22 2019) [[sssd[ldap_child[229738]]]] [sig_term_handler] (0x0010): Received signal [Terminated] [15], shutting down
(Tue Sep 17 15:24:22 2019) [[sssd[ldap_child[229738]]]] [sig_term_handler] (0x0010): Unlink file [/var/lib/sss/db/ccache_ADDOMAIN.COM_oVJxLg]
(Tue Sep 17 15:25:07 2019) [[sssd[ldap_child[230133]]]] [sig_term_handler] (0x0010): Received signal [Terminated] [15], shutting down
(Tue Sep 17 15:25:07 2019) [[sssd[ldap_child[230133]]]] [sig_term_handler] (0x0010): Unlink file [/var/lib/sss/db/ccache_ADDOMAIN.COM_qULCn9]

“ adcli info addomain.com”的输出:

[domain]

domain-name = addomain.com

domain-short = ADDOMAIN

domain-forest = addomain.com

domain-controller = mx.addomain.com

domain-controller-site = AdCOM

domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret ads-web domain-

controller-usable = yes

domain-controllers = mx.addomain.com

[computer] computer-site = AdCOM

有人可以帮忙吗?

0 个答案:

没有答案