我正在尝试在企业业务环境中加入 Xubuntu 16.04 中的 Active Directory,因此我将使用 MY.EXAMPLE.CORP 更改我的 REALM 的名称。我的问题是:当我运行
net ads join -U Administrator
它要求我输入 AD 管理员帐户的密码,我输入了密码,但它仍然在那里,没有给出错误或成功消息。只是仍然在那里。终端只是挂在那里
我尝试了kinit和klist命令,结果是:
Tickect cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
11/11/16 09:58:40 11/11/16 19:58:40 krbgt/[email protected]
renew until 12/11/16 09:58:34
这些是我在每个文件中所做的更改。krb5.conf、smb.conf、nsswitch.conf
krb5配置文件
[libdefaults]
default_realm = MY.DOMAIN.CORP
....
[realms]
DOMAIN = {
kdc = SERVER01.MY.DOMAIN.CORP
kdc = SERVER02.MY.DOMAIN.CORP
admin_server = SERVER01.MY.DOMAIN.CORP SERVER.MY.DOMAIN.CORP
default_domain = MY.DOMAIN.CORP
}
....
[domain_realm]
SERVER01.MY.DOMAIN.CORP = MY.DOMAIN.CORP
SERVER02.MY.DOMAIN.CORP = MY.DOMAIN.CORP
.MY.DOMAIN.CORP = MY.DOMAIN.CORP
MY.DOMAIN.CORP = MY.DOMAIN.CORP
smb配置文件
[global]
workgroup = MYWORKGROUP
realm = MY.DOMAIN.CORP
security = ADS
encrypt passwords = yes
password server = SERVER01.MY.DOMAIN.CORP SERVER02.MYDOMAIN.CORP
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = true
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
restrict anonymous = 2
winbind offline logon = yes
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat