全新安装和更新 && 升级后,我已按照本指南将机器添加到我们的 AD 基础设施,但在基本配置realm join -v [domain]返回后
! Can't contact LDAP server
realm: No such realm found
所以我启动了一个 CentOS 最小的虚拟机,并且能够通过它注册机器。交叉引用这两个输出,我注意到在 Ubuntu 上realm查找 LDAP 服务器时,相同的命令正在查询错误的 IP,但我没有找到任何有关如何在配置文件中或通过man realm.
所以我尝试ldapsearch -h [server IP]了,手动指定服务器并返回:
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0))
这应该不是问题,因为 CentOS VM 给出了相同的结果,尽管它已成功加入。所以,我从 CentOS 机器上复制了 krb5.conf、sssd.conf 和 realmd.conf 的配置文件(备份后),但给出了相同的原始错误。
我认为错误的 LDAP DSE 查找是问题所在,但我无法在任何地方找到要更改的参数。
谢谢你的帮助。
AD 服务器运行 Windows Server 2016。提供以下 .conf 文件:
krb5.conf
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
forwardable = true
rdns = false
[realms]
MYDOMAIN.COM = {
kdc = server.mydomain.com
admin_server = server.mydomain.com
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
sssd.conf
[sssd]
services = nss, pam
domains = mydomain.com
config_file_version = 2
[domain/mydomain.com]
id_provider = ad
access_provider = ad
ad_domain = mydomain.com
krb5_realm = MYDOMAIN.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
领域配置文件
[users]
default-home = /home/%D/%U
default-shell = /bin/bash
[active-directory]
default-client = sssd
os-name = Ubuntu
os-version = 18.04
[service]
automatic-install = no
[mydomain.com]
fully-qualified-names = yes
automatic-id-mapping = no
user-principal = yes
manage-system = yes
