我在我的专用网络中设置了 AD 服务器。我可以从 Windows PC 成功加入域。但是当我尝试加入我的 ubuntu 客户端 (ubuntu 23.04) 时,我收到错误,导致我在 google 上一无所获。
bp@legion:app (UM-200_usb) % sudo realm join -U -v Administrator sb.lan
* Resolving: _ldap._tcp.sb.lan
* Performing LDAP DSE lookup on: 172.19.0.2
* Performing LDAP DSE lookup on: 192.168.1.100
* Successfully discovered: sb.lan
Password for Administrator:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain sb.lan --domain-realm SB.LAN --domain-controller 192.168.1.100 --login-type user --login-user Administrator --stdin-password
* Using domain name: sb.lan
* Calculated computer account name from fqdn: LEGION
* Using domain realm: sb.lan
* Sending NetLogon ping to domain controller: 192.168.1.100
* Received NetLogon info from: dc.sb.lan
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-2BPZfj/krb5.d/adcli-krb5-conf-EO27Dm
! Couldn't authenticate as: [email protected]: Preauthentication failed
adcli: couldn't connect to sb.lan domain: Couldn't authenticate as: [email protected]: Preauthentication failed
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
聊天 gpt,太多论坛都指向 kerberos 配置。我什至不确定我是否使用 kerberos。我正在关注ubuntu官方文档。不管怎样,我没有/etc/krb5.conf,我也不知道是否应该......
所以我安装了:
sudo apt install sssd-ad sssd-tools realmd adcli
我确定:
- 域名正确
- 管理员存在(我使用相同的用户名/密码加入Windows 10客户端)
- 密码正确
- 这个问题在另外三台 ubuntu 笔记本电脑上重现(23.04 和 23.10)
有谁可以解释一下吗?难道我做错了什么?