我正在使用 Cloud-Init 脚本来设置我的 Ubuntu 22.04 服务器。
但是当我检查日志以加入活动目录时,它会删除子域名,为什么?
我只能通过IP地址进行远程连接,而不能通过机器注册的主机名或子域名进行远程连接?
我还将脚本包含在
hostname: "testmachine" # <--
fqdn: "testmachine.mrsomething.mr" # <--
write_files:
- path: /home/root/01-netcfg.yaml
content: |
network:
version: 2
ethernets:
ens3:
addresses:
- 10.1.44.181/24 <-- IP Address of the machine
nameservers:
addresses:
- 10.1.44.11 <-- Domain name controller 1
- 10.1.44.12 <-- Domain name controller 2
search:
- "mrsomething.mr"
- "mr"
routes:
- to: default
via: 10.1.44.1
mtu: 3000
owner: root:root
- path: /home/root/krb5.conf
content: |
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MRSOMETHING.MR
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = true
[realms]
MRSOMETHING.MR = {
kdc = dc1.mrsomething.mr
kdc = dc2.mrsomething.mr
admin_server = dc1.mrsomething.mr
default_domain = mrsomething.mr
primary_kdc = dc1.mrsomething.mr
}
[domain_realm]
.mrsomething.mr = MRSOMETHING.MR
mrsomething.mr = MRSOMETHING.MR
owner: root:root
- path: /home/root/sssd.conf
content: |
[sssd]
domains = mrsomething.mr, testmachine.mrsomething.mr, magic.mrsomething.mr
config_file_version = 2
services = nss, pam
default_domain_suffix = MRSOMETHING.MR
[domain/mrsomething.mr]
ad_domain = mrsomething.mr
krb5_realm = MRSOMETHING.MR
realmd_tags = manages-system joined-with-adcli
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
id_provider = ad
override_homedir = /home/%u
fallback_homedir = /home/%u
ldap_id_mapping = True
access_provider = simple
simple_allow_groups = domain admins
use_fully_qualified_names = True
runcmd:
- "rm /etc/netplan/*"
- "mv /home/root/01-netcfg.yaml /etc/netplan/01-netcfg.yaml"
- "netplan apply"
# download docker ....
# Update all installed packages.
# join realm
- "echo 'password123' | realm join mrsomething.mr --user=mrjoiner"
- "mv /home/root/krb5.conf /etc/krb5.conf"
- "mv /home/root/sssd.conf /etc/sssd/sssd.conf"
- "chmod 600 /etc/sssd/sssd.conf"
# Make sure our users get a home directory
- "pam-auth-update --enable mkhomedir"
- "systemctl enable sssd"
- "systemctl start sssd"
- "reboot"
当我检查“sssd_mrsomething.mr.log”日志时
我在里面看到了这一点。
“更新删除测试机。在 A 中更新添加测试机。3600 在 A 10.1.44.181 中发送更新删除测试机。在 AAAA 中”