SSSD AD 身份验证提供程序使用 tls 端口 636

tag-icon tag-icon linux rhel sssd
SSSD AD 身份验证提供程序使用 tls 端口 636

我们正在尝试使用 TLS 端口通过 sssd 为 RedHat Linux 8 进行 AD 通信。将服务器加入域后。使用下面的 sssd 配置进行用户身份验证。我希望 sssd 使用端口 636 连接到 AD,但它仍然使用端口 389。

sssd.conf 文件

[sssd]
domains = DEFAULT.COM
config_file_version = 2
services = nss, pam

[domain/DEFAULT.COM]
dns_resolver_timeout = 15    .
ldap_network_timeout = 15
ad_domain = DEFAULT.COM
dyndns_update = false
krb5_realm = DEFAULT.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
ldap_id_use_start_tls = True
ad_use_ldaps = True
ldap_tls_cacertdir = /etc/pki/ca-trust/source/anchors/
ldap_service_port = 636
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
debug_level = 9

日志显示仍在使用389端口。

(2021-09-02 17:46:11): [be[DEFAULT.COM]] [fo_set_port_status] (0x0100): Marking port 389 of server '  as 'not working'
(2021-09-02 17:46:11): [be[DEFAULT.COM]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server   as 'not working'
(2021-09-02 17:46:11): [be[DEFAULT.COM]] [get_port_status] (0x1000): Port status of port 389 for server   is 'neutral'
(2021-09-02 17:46:17): [be[DEFAULT.COM]] [fo_set_port_status] (0x0100): Marking port 389 of server   as 'not working'
(2021-09-02 17:46:17): [be[DEFAULT.COM]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server   as 'not working'
(2021-09-02 17:46:17): [be[DEFAULT.COM]] [get_port_status] (0x1000): Port status of port 389 for server   is 'neutral'
(2021-09-02 17:46:23): [be[DEFAULT.COM]] [fo_set_port_status] (0x0100): Marking port 389 of server as 'not working'
(2021-09-02 17:46:23): [be[DEFAULT.COM]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server   as 'not working'
(2021-09-02 17:46:23): [be[DEFAULT.COM]] [get_port_status] (0x1000): Port status of port 389 for server  is 'not working'
(2021-09-02 17:46:23): [be[DEFAULT.COM]] [get_port_status] (0x1000): Port status of port 389 for server  is 'not working'
(2021-09-02 17:46:23): [be[DEFAULT.COM]] [get_port_status] (0x1000): Port status of port 389 for server  is 'not working'

如何强制 sssd 使用安全端口进行通信。

谢谢SR

相关内容