Loading

Linux Server Join Windows Active Directory 

[root@linux ~]# egrep -i "dns1|domain" /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.2.50
DOMAIN='sqlrepro.edu'
[root@linux ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sqlrepro.edu
nameserver 192.168.2.50
nameserver 10.50.50.50
####
[root@linux ~]# realm join -v -U Administrator sqlrepro.edu
 * Resolving: _ldap._tcp.sqlrepro.edu
 * Performing LDAP DSE lookup on: 192.168.2.50
 * Successfully discovered: sqlrepro.edu
Password for Administrator:
...
 * Successfully enrolled machine in realm
[root@linux ~]# kinit Administrator@sqlrepro.edu   # lower case will have this error
Password for Administrator@sqlrepro.edu:
kinit: KDC reply did not match expectations while getting initial credentials

[root@linux ~]# egrep -v "^#|^$|#" /etc/krb5.conf
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 dns_lookup_realm = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
 default_ccache_name = KEYRING:persistent:%{uid}
 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
 default_realm = SQLREPRO.EDU
[realms]
 SQLREPRO.EDU = {
        kdc = PRIMARYDC.SQLREPRO.EDU
        admin_server = PRIMARYDC.SQLREPRO.EDU
        default_domain = PRIMARYDC.SQLREPRO.EDU
 }
[domain_realm]
 sqlrepro.edu = SQLREPRO.EDU
 .sqlrepro.edu = SQLREPRO.EDU
[root@linux ~]# kinit Administrator@SQLREPRO.EDU    # Needs to be upper case
Password for Administrator@SQLREPRO.EDU:
[root@linux ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: Administrator@SQLREPRO.EDU

Valid starting       Expires              Service principal
07/27/2022 03:46:44  07/27/2022 13:46:44  krbtgt/SQLREPRO.EDU@SQLREPRO.EDU
        renew until 08/03/2022 03:46:39
[root@linux ~]# id sqladmin@SQLREPRO.EDU
uid=1626404604(sqladmin@sqlrepro.edu) gid=1626400513(domain users@sqlrepro.edu) groups=1626400513(domain users@sqlrepro.edu)
[administrator@sqlrepro.edu@linux ~]$ ssh sqladmin@sqlrepro.edu@linux.sqlrepro.edu
sqladmin@sqlrepro.edu@linux.sqlrepro.edu's password:
Last login: Wed Jul 27 04:50:58 2022 from linux.sqlrepro.edu
[sqladmin@sqlrepro.edu@linux ~]$ id
uid=1626404604(sqladmin@sqlrepro.edu) gid=1626400513(domain users@sqlrepro.edu) groups=1626400513(domain users@sqlrepro.edu) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
posted @ 2022-09-01 11:07  Jas0n0ss  阅读(56)  评论(0编辑  收藏  举报