Linux Server Join Windows Active Directory
[root@linux ~]# egrep -i "dns1|domain" /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.2.50
DOMAIN='sqlrepro.edu'
[root@linux ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sqlrepro.edu
nameserver 192.168.2.50
nameserver 10.50.50.50
[root@linux ~]#
[root@linux ~]# realm join -v -U Administrator sqlrepro.edu
* Resolving: _ldap._tcp.sqlrepro.edu
* Performing LDAP DSE lookup on: 192.168.2.50
* Successfully discovered: sqlrepro.edu
Password for Administrator:
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.WDI7P1 -U Administrator ads join sqlrepro.edu
Enter Administrator's password:DNS update failed: NT_STATUS_UNSUCCESSFUL
Using short domain name -- SQLREPRO
Joined 'LINUX' to dns domain 'sqlrepro.edu'
DNS Update for linux.sqlrepro.edu failed: ERROR_DNS_UPDATE_FAILED
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.WDI7P1 -U Administrator ads keytab create
Enter Administrator's password:
* /usr/bin/systemctl enable sssd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/sssd.service to /usr/lib/systemd/system/sssd.service.
* /usr/bin/systemctl restart sssd.service
* /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
* Successfully enrolled machine in realm
[root@linux ~]# kinit Administrator@sqlrepro.edu # lowwer case will have this error
Password for Administrator@sqlrepro.edu:
kinit: KDC reply did not match expectations while getting initial credentials
[root@linux ~]# egrep -v "^#|^$|#" /etc/krb5.conf
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
default_ccache_name = KEYRING:persistent:%{uid}
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_realm = SQLREPRO.EDU
[realms]
SQLREPRO.EDU = {
kdc = PRIMARYDC.SQLREPRO.EDU
admin_server = PRIMARYDC.SQLREPRO.EDU
default_domain = PRIMARYDC.SQLREPRO.EDU
}
[domain_realm]
sqlrepro.edu = SQLREPRO.EDU
.sqlrepro.edu = SQLREPRO.EDU
[root@linux ~]# kinit Administrator@SQLREPRO.EDU # Needs to be upper case
Password for Administrator@SQLREPRO.EDU:
[root@linux ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: Administrator@SQLREPRO.EDU
Valid starting Expires Service principal
07/27/2022 03:46:44 07/27/2022 13:46:44 krbtgt/SQLREPRO.EDU@SQLREPRO.EDU
renew until 08/03/2022 03:46:39
[root@linux ~]# id sqladmin@SQLREPRO.EDU
uid=1626404604(sqladmin@sqlrepro.edu) gid=1626400513(domain users@sqlrepro.edu) groups=1626400513(domain users@sqlrepro.edu)
[administrator@sqlrepro.edu@linux ~]$ ssh sqladmin@sqlrepro.edu@linux.sqlrepro.edu
sqladmin@sqlrepro.edu@linux.sqlrepro.edu's password:
Last login: Wed Jul 27 04:50:58 2022 from linux.sqlrepro.edu
[sqladmin@sqlrepro.edu@linux ~]$ id
uid=1626404604(sqladmin@sqlrepro.edu) gid=1626400513(domain users@sqlrepro.edu) groups=1626400513(domain users@sqlrepro.edu) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
本文来自博客园,作者:Jas0n0ss,转载请注明原文链接:https://www.cnblogs.com/Jas0n0ss/p/16645832.html
