linux – RHEL 7.2:使用realm加入AD域

前端之家收集整理的这篇文章主要介绍了linux – RHEL 7.2:使用realm加入AD域前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个全新安装的RHEL 7.2服务器,我想将它加入AD域.我已经在AD中预先安排了计算机名称,这就是当我按照“红帽企业 Linux 7 Windows集成指南”中的说明进行操作时会发生的情况.

我在我的部门使用拆分DNS:权威的校园范围的DNS服务器运行BIND并且不支持动态更新,所以我在我的部门运行一对Windows DNS服务器.

思考?

谢谢!

  1. [root@dept-example ~]# realm discover -v example.edu
  2. * Resolving: _ldap._tcp.example.edu
  3. * Performing LDAP DSE lookup on: 192.0.2.177
  4. * Performing LDAP DSE lookup on: 192.0.2.176
  5. * Successfully discovered: example.edu
  6. example.edu
  7. type: kerberos
  8. realm-name: EXAMPLE.EDU
  9. domain-name: example.edu
  10. configured: no
  11. server-software: active-directory
  12. client-software: sssd
  13. required-package: oddjob
  14. required-package: oddjob-mkhomedir
  15. required-package: sssd
  16. required-package: adcli
  17. required-package: samba-common
  18. [root@dept-example ~]# realm join example.edu -v -U 'example.edu\adm-jsmith'
  19. * Resolving: _ldap._tcp.example.edu
  20. * Performing LDAP DSE lookup on: 192.0.2.176
  21. * Performing LDAP DSE lookup on: 192.0.2.178
  22. * Successfully discovered: example.edu
  23. Password for example.edu\adm-jsmith:
  24. * required files: /usr/sbin/oddjobd,/usr/libexec/oddjob/mkhomedir,/usr/sbin/sssd,/usr/bin/net
  25. * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.K4T3EY -U fsu.edu\adm-jsmith ads join example.edu
  26. Enter example.edu\adm-jsmith's password:
  27. Using short domain name -- EXAMPLE
  28. Joined 'DEPT-EXAMPLE' to dns domain 'example.edu'
  29. * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.K4T3EY -U example.edu\adm-jsmith ads keytab create
  30. Enter example.edu\adm-jsmith's password:kerberos_kinit_password example.edu\adm-jsmith@EXAMPLE.EDU Failed: Client not found in Kerberos database
  31. kerberos_kinit_password example.edu\adm-jsmith@EXAMPLE.EDU Failed: Client not found in Kerberos database
  32.  
  33. ! Extracting host keytab Failed
  34. realm: Couldn't join realm: Extracting host keytab Failed
  35. [root@dept-example ~]#

@R_301_323@

我尝试了很多东西,直到我看到上面的答案只是使用用户名.这是关键.在我使用以下内容之前,我不断发现kerberos无法找到kdc和kerberos无法验证消息:
  1. realm --verbose join -U 'administrator' host.domain.com

猜你在找的Linux相关文章