我正在让一些 CentOS 7 机器加入 Windows 域,步骤如下:
#yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common
#nmcli c modify eth0 ipv4.dns 192.168.3.18
#nmcli c down eth0; nmcli c up eth0
#realm discover DOMAIN.CORP
#realm join DOMAIN.CORP -U domainadmin
#vim /etc/sssd/sssd.conf
[sssd]
domains = domain.corp
config_file_version = 2
services = nss, pam
[domain/domain.corp]
ad_domain = domain.corp
krb5_realm = DOMAIN.CORP
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/DOMAIN/%u
access_provider = ad
#systemctl restart sssd
#vim /etc/samba/smb.conf
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = @"[email protected]"
问题是,当机器启动时,所有来自 group.engineering 的用户都可以登录,但是如果机器一天未使用,则没有用户能够再登录,结果登录 /var/log/secure 将是:
Feb 23 15:25:45 api60 sshd[54971]: pam_unix(sshd:session): session opened for user ojohn by (uid=0)
Feb 23 15:25:54 api60 sudo: pam_sss(sudo:auth): authentication failure; logname=ojohn uid=1368235925 euid=0 tty=/dev/pts/1 ruser=ojohn rhost= user=ojohn
Feb 23 15:25:54 api60 sudo: pam_sss(sudo:auth): received for user ojohn: 4 (System error)
Feb 23 15:25:59 api60 sudo: pam_sss(sudo:auth): authentication failure; logname=ojohn uid=1368235925 euid=0 tty=/dev/pts/1 ruser=ojohn rhost= user=ojohn
Feb 23 15:25:59 api60 sudo: pam_sss(sudo:auth): received for user ojohn: 4 (System error)
Feb 23 15:25:59 api60 sudo: ojohn : 2 incorrect password attempts ; TTY=pts/1 ; PWD=/home/DOMAIN/ojohn ; USER=root ; COMMAND=/bin/su
Feb 23 15:28:24 api60 sshd[44759]: pam_unix(sshd:session): session closed for user ojohn
所有 CentOS 7 机器都有这个问题。有人知道这是从哪里来的吗?
非常感谢。