我已经在我的私有网络中设置了一个 AD 服务器。我可以从 Windows PC 成功加入域。但是当我尝试加入我的 ubuntu 客户端(ubuntu 23.04)时,我收到错误,导致我在 google 上无处可去。
bp@legion:app (UM-200_usb) % sudo realm join -U -v Administrator sb.lan
* Resolving: _ldap._tcp.sb.lan
* Performing LDAP DSE lookup on: 172.19.0.2
* Performing LDAP DSE lookup on: 192.168.1.100
* Successfully discovered: sb.lan
Password for Administrator:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain sb.lan --domain-realm SB.LAN --domain-controller 192.168.1.100 --login-type user --login-user Administrator --stdin-password
* Using domain name: sb.lan
* Calculated computer account name from fqdn: LEGION
* Using domain realm: sb.lan
* Sending NetLogon ping to domain controller: 192.168.1.100
* Received NetLogon info from: dc.sb.lan
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-2BPZfj/krb5.d/adcli-krb5-conf-EO27Dm
! Couldn't authenticate as: [email protected]: Preauthentication failed
adcli: couldn't connect to sb.lan domain: Couldn't authenticate as: [email protected]: Preauthentication failed
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
chat gpt,太多论坛都指向 kerberos 配置。我甚至不确定我是否使用 kerberos。我正在关注官方ubuntu 文档。无论如何,我没有 /etc/krb5.conf,也不知道是否应该...
所以我已经安装了:
sudo apt install sssd-ad sssd-tools realmd adcli
我确定:
- 域名正确
- 管理员存在(我使用相同的用户名/密码加入 Windows 10 客户端)
- 密码正确
- 此确切问题在其他三台 Ubuntu 笔记本电脑上重现(23.04 和 23.10)
有谁可以解释一下这个问题吗?我做错什么了吗?
答案1
我在 YouTube 视频中找到了答案
在我的情况下,/etc/krb5.conf 尚不存在。使用以下内容创建它解决了问题。
[libdefaults]
default_realm = SB.LAN
rdns = false