我已经尝试了好几天这些说明工作,但尽管一切顺利,我还是无法加入我的域。
当我执行时realm discover
,我能够很好地看到我的域:
[root@centos5 ~]# realm discover home.domain.com
home.domain.com
type: kerberos
realm-name: HOME.domain.COM
domain-name: home.domain.com
configured: no
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
[root@centos5 ~]#
但是当我尝试加入时,在要求输入密码后,我收到以下信息:
[root@centos5 ~]# realm join -U user home.domain.com
Password for user:
See: journalctl REALMD_OPERATION=r158905.22733
realm: Couldn't join realm: Joining the domain home.domain.com failed
[root@centos5 ~]#
journalctl 显示以下内容:
Mar 05 10:37:47 centos5.home.domain.com dbus[731]: [system] Activating service name='org.freedesktop.realmd' (using servicehelper)
Mar 05 10:37:47 centos5.home.domain.com dbus-daemon[731]: dbus[731]: [system] Activating service name='org.freedesktop.realmd' (using servicehelper)
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Loaded settings from: /usr/lib64/realmd/realmd-defaults.conf /usr/lib64/realmd/realmd-distro.conf
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: holding daemon: startup
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: starting service
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: connected to bus
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: released daemon: startup
Mar 05 10:37:47 centos5.home.domain.com dbus[731]: [system] Successfully activated service 'org.freedesktop.realmd'
Mar 05 10:37:47 centos5.home.domain.com dbus-daemon[731]: dbus[731]: [system] Successfully activated service 'org.freedesktop.realmd'
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: claimed name on bus: org.freedesktop.realmd
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: client using service: :1.112
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: holding daemon: :1.112
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Using 'r158905.22733' operation for method 'Discover' invocation on 'org.freedesktop.realmd.Provider' interface
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Registered cancellable for operation 'r158905.22733'
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: * Resolving: _ldap._tcp.home.domain.com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: * Resolving: _ldap._tcp.home.domain.com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: * Performing LDAP DSE lookup on: 192.168.2.6
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: * Performing LDAP DSE lookup on: 192.168.2.6
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Searching for (objectClass=*)
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Got defaultNamingContext: DC=home,DC=domain,DC=com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Sending TCP Netlogon request
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Received TCP Netlogon response
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: * Successfully discovered: home.domain.com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: * Successfully discovered: home.domain.com
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Using 'r158905.22733' operation for method 'Join' invocation on 'org.freedesktop.realmd.KerberosMembership' interface
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Registered cancellable for operation 'r158905.22733'
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: holding daemon: current-invocation
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.7OYXDY -U user ads join home.domain.com
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.7OYXDY -U user ads join home.domain.com
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: process started: 22742
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Could not initialise message context. Try running as root
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Could not initialise message context. Try running as root
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Failed to join domain: Access is denied
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Failed to join domain: Access is denied
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: process exited: 22742
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: ! Joining the domain home.domain.com failed
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: ! Joining the domain home.domain.com failed
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: released daemon: current-invocation
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: client gone away: :1.112
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: released daemon: :1.112
让我困惑的是,日志信息说无法初始化消息上下文。尝试以 root 身份运行。我不知道这是否有任何意义,但我肯定是以 root 身份运行的。
另一件令人困惑的事情是拒绝访问消息。我 100% 确定在尝试加入域时我拥有正确的用户名和密码。
只是为了完整性,我尝试按照在我的 Centos 6 虚拟机上运行良好的相同说明进行操作,但运行时也出现错误authconfig
:
[root@centos5 ~]# authconfig --disablecache --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=HOME --smbrealm=HOME.DOMAIN.COM --enablewinbindusedefaultdomain --winbindtemplatehomedir=/home/HOME.ABO PU.COM/%U --winbindtemplateshell=/bin/bash --enablekrb5 --krb5realm=HOME.DOMAIN.COM --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall
Job for winbind.service failed because the control process exited with error code. See "systemctl status winbind.service" and "journalctl -xe" for details.
[root@centos5 ~]#
并且,我在 journalctl 中得到以下内容:
Mar 05 10:47:54 centos5.home.domain.com yum[22762]: Updated: krb5-libs-1.13.2-10.el7.x86_64
Mar 05 10:47:55 centos5.home.domain.com yum[22762]: Installed: pam_krb5-2.4.8-4.el7.x86_64
Mar 05 10:47:57 centos5.home.domain.com yum[22762]: Installed: krb5-workstation-1.13.2-10.el7.x86_64
Mar 05 10:47:58 centos5.home.domain.com yum[22762]: Updated: authconfig-6.2.8-10.el7.x86_64
Mar 05 10:48:13 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22831:15953076 (system bus name :1.116 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:13 centos5.home.domain.com systemd[1]: Reloading.
Mar 05 10:48:13 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Mar 05 10:48:13 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Mar 05 10:48:13 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22831:15953076 (system bus name :1.116, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:14 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22849:15953158 (system bus name :1.117 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:14 centos5.home.domain.com systemd[1]: Stopped Samba Winbind Daemon.
Mar 05 10:48:14 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22849:15953158 (system bus name :1.117, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:14 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22854:15953171 (system bus name :1.118 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:15 centos5.home.domain.com systemd[1]: Starting Samba Winbind Daemon...
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: [2016/03/05 10:48:16.221209, 0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache)
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: [2016/03/05 10:48:16.564406, 0] ../source3/winbindd/winbindd_util.c:736(init_domain_list)
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: Could not fetch our SID - did we join?
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: [2016/03/05 10:48:16.564586, 0] ../source3/winbindd/winbindd.c:1294(winbindd_register_handlers)
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: unable to initialize domain list
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: winbind.service: main process exited, code=exited, status=1/FAILURE
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Failed to start Samba Winbind Daemon.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Unit winbind.service entered failed state.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: winbind.service failed.
Mar 05 10:48:16 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22854:15953171 (system bus name :1.118, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:16 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22864:15953418 (system bus name :1.119 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Reloading.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Mar 05 10:48:16 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22864:15953418 (system bus name :1.119, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22882:15953455 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Stopped privileged operations for unprivileged applications.
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22882:15953455 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22887:15953465 (system bus name :1.121 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Started privileged operations for unprivileged applications.
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Starting privileged operations for unprivileged applications...
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22887:15953465 (system bus name :1.121, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22901:15953526 (system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Stopped System Security Services Daemon.
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22901:15953526 (system bus name :1.123, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22907:15953544 (system bus name :1.124 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Reloading.
Mar 05 10:48:18 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Mar 05 10:48:18 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Mar 05 10:48:18 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22907:15953544 (system bus name :1.124, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:18 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22925:15953582 (system bus name :1.125 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:18 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22925:15953582 (system bus name :1.125, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
这可能是什么原因造成的?
答案1
我遇到了这个问题,(经过几个小时的调查)通过使用 yum 升级我的软件包解决了它。即
yum upgrade
答案2
特工 154。
我相信您必须事先在 AD 容器中创建机器帐户(计算机帐户),用户对该容器具有完全访问权限(即向“realm join”命令提供的用户)。
希望能帮助到你。