active-directory – 如何让centos 7在活动目录中使用uids和gids?

前端之家收集整理的这篇文章主要介绍了active-directory – 如何让centos 7在活动目录中使用uids和gids?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在准备从CentOS 6到CentOS 7的最终升级.现在,在版本6中,我们只使用LDAP映射到AD进行身份验证.然后,它使用Unix的Active Directory扩展中的UID和GID.

在我对CentOS 7的实验中,我通过文档(我认为它来自Red Hat)解释了如何加入域.这个过程大多是直截了当的,而且大多数都很有效.但是,它不仅仅使用AD Unix属性中的UID和GID.它将这些ID映射到完全不同的ID.在AD中,用户在10000范围内. CentOS7为每个用户提供625000000范围内的UID.

到目前为止,在我的小规模测试(3个盒子)中,UID似乎在所有这些中都是一致的,这很好.但是,当我开始在生产中推出7个时,它将逐步升级.我不会同时升级每个盒子.我担心用户在不同的盒子上有不同的UID.有没有办法让CentOS 7在AD Unix属性中使用UID和GID?

这是我的smb.conf:

[global]
    workgroup = COMPANY
    client signing = yes
    client use spnego = yes
    kerberos method = secrets and keytab
    log file = /var/log/samba/%m.log
    password server = ad_domaincontroller.company.net
    realm = COMPANY.NET
    security = ads
    server string = Samba Server Version %v
    max log size = 50

这是我的sssd.conf

[sssd]
config_file_version = 2
domains = company.net
services = nss,pam,pac

[nss]
filter_groups = root
filter_users = root

[domain/company.net]
id_provider = ad
ad_server = ad_domiancontroller.company.net
ad_hostname = centos7-22.company.net
auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
use_fully_qualified_names = False
cache_credentials = true
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true

编辑:我已经尝试将ldap_id_mapping = False添加到sssd.conf,但是包含该行,sssd.service将无法启动.这是输出

Sep 29 12:59:55 centos7-22 sssd[32827]: Starting up
Sep 29 12:59:55 centos7-22 sssd[32828]: Starting up
Sep 29 12:59:55 centos7-22 sssd[32831]: Starting up
Sep 29 12:59:55 centos7-22 sssd[32830]: Starting up
Sep 29 12:59:55 centos7-22 sssd[32829]: Starting up
Sep 29 12:59:55 centos7-22 sssd[32832]: Starting up
Sep 29 12:59:56 centos7-22 sssd[be[32833]: Starting up
Sep 29 12:59:56 centos7-22 systemd[1]: sssd.service: control process exited,code=exited status=1
Sep 29 12:59:56 centos7-22 systemd[1]: Failed to start System Security Services Daemon.
-- Subject: Unit sssd.service has Failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sssd.service has Failed.
--
-- The result is Failed.
Sep 29 12:59:56 centos7-22 systemd[1]: Unit sssd.service entered Failed state.
来自sssd-ad的手册页:

默认情况下,AD提供程序将映射Active Directory中objectSID参数的UID和GID值.有关详细信息,请参阅下面的“ID映射”部分.如果要禁用ID映射,而是依赖于Active Directory中定义的POSIX属性,则应进行设置ldap_id_mapping = False

猜你在找的CentOS相关文章