witchkinkofAngmar's questions

我有两个域——一个用于开发，一个用于公司。

由于可传递林信任，我可以将 Windows 计算机加入 dev 域并以 corp 用户身份登录。我可以将 Linux 计算机加入开发域（使用领域加入或 adcli 加入），但无法使用 corp 用户帐户使用 ssh 或控制台登录。是否有解决方案，无需加入（使用领域/adcli）公司领域？他们不希望公司广告服务器上有开发计算机对象。

echo "password" | realm join --user=user --computer-ou='OU=Linux_Servers,DC=dev,DC=domain,DC=com' --os-name='Linux'  dev.domain.com

克雷布5

[libdefaults]
    default_realm       =           DEV.DOMAIN.COM    # domain specific parameter (full domain name)
    clockskew           =           300
    ticket_lifetime     =           1d
    forwardable         =           true
    proxiable           =           true
    dns_lookup_realm    =           true
    dns_lookup_kdc      =           true
   
 
   [realms]
        DEV.DOMAIN.COM = {
        kdc            =       adserver.domain.com   # domain specific parameter (domain controller name)
        admin_server   =       adserver.domain.com   # domain specific parameter (domain controller name)
        default_domain =       DEV.DOMAIN.COM         # domain specific parameter (full domain name)
        }

        CORP.DOMAIN.COM = {
        kdc            =       corpadserver.domain.com   # domain specific parameter (domain controller name)
        admin_server   =       corpadserver.domain.com   # domain specific parameter (domain controller name)
        default_domain =       CORP.DOMAIN.COM         # domain specific parameter (full domain name)
        }
 
[domain_realm]
        .dev.domain.com = DEV.DOMAIN.COM  # domain specific parameter (domain name for dns names)
        dev.domain.com = DEV.DOMAIN.COM   # domain specific parameter (domain name for dns names)

 
[appdefaults]
        pam = {
        ticket_lifetime         = 1d
        renew_lifetime          = 1d
        forwardable             = true
        proxiable               = false
        retain_after_close      = false
        minimum_uid             = 0
        debug                   = false

固态硬盘

[sssd]
domains = dev.domain.com, corp.domain.com
config_file_version = 2
services = nss, pam
default_domain_suffix = example.com

[nss]
homedir_substring = /home

[pam]

[domain/dev.domain.com]
ad_domain = dev.domain.com
krb5_realm = DEV.DOMAIN.COM
realmd_tags = manages-system joined-with-samba 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

基尼特

[root@vm ~]# kinit corpadaccount@corp.domain.com
Password for corpadaccount@corp.domain.com:
kinit: KDC reply did not match expectations while getting initial credentials
[root@gbr7testvmjuly ~]# kinit localdevadmin
Password for localdevadmin@DEV.DOMAIN.COM:
[root@gbr7testvmjuly ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: localdevadmin@DEV.DOMAIN.COM

Valid starting       Expires              Service principal
07/14/2023 10:44:11  07/14/2023 20:44:11  krbtgt/DEV.DOMAIN.COM@DEV.DOMAIN.COM
    renew until 07/14/2023 20:44:11

我正在尝试导出一个 CSV 文件，该文件包含集群中所有虚拟机的列表，这些虚拟机没有我用于调整大小的特定标签。但是，CSV 没有填充除此之外的任何内容：ÿþ

Get-Module -Name VMware* -ListAvailable | Import-Module -Force
$exportto = "C:\Users\username\Desktop\rightSizingFilter3.csv"
$VMs = Get-Cluster -name clustername | Get-VM
 
foreach ($VM in $VMs){
    If (((Get-Tagassignment $VM).Tag.Name -notcontains "testtag")){
         Out-file $exportto -Append
    }
}