使用 realm 和 sssd 将 Ubuntu 14.04 机器加入活动目录

使用 realm 和 sssd 将 Ubuntu 14.04 机器加入活动目录

我已尝试按照本指南使用活动目录设置 realmd 和 sssd:http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/

当我运行该命令时,一切似乎都连接上了。我的 sssd.conf 如下所示:realm –verbose join domain.company.com –user-principal=c-u14-dev1/[email protected] –unattended

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[sssd]
domains = DOMAIN.COMPANY.COM
config_file_version = 2
services = nss, pam

[domain/DOMAIN.COMPANY.COM]
ad_domain = DOMAIN.COMPANY.COM
krb5_realm = DOMAIN.COMPANY.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad

我的/etc/pam.d/common-auth样子是这样的:

auth    [success=3 default=ignore]      pam_krb5.so minimum_uid=1000
auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_sss.so use_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional                        pam_cap.so

我能够使用 登录nwalke/DOMAIN.COMPANY.COM,我该如何更改这些配置以便能够使用 登录nwalke

答案1

Redhat 的 SSSD 指南

设置默认域名允许用户仅使用其用户名登录,而无需指定域名(这对于主域之外的用户来说是必需的)。

因此,在[sssd]配置文件部分下,将字段设置default_domain_suffix为空白。请记住,如果本地系统和域服务器上有用户,则本地用户将优先。

相关内容