人们,
在 CentOS v8 sssd 中:如何允许名称中带有空格的特定 AD 安全组登录,同时拒绝其他所有内容?
AD 安全组是域管理员
我已经测试了 id,但没有任何效果:
[root@PRDLINUX01-VM ~]# id -g Domain [email protected]
id: extra operand ‘[email protected]’
Try 'id --help' for more information.
[root@PRDLINUX01-VM ~]# id -g 'Domain [email protected]'
id: ‘Domain [email protected]’: no such user
[root@PRDLINUX01-VM ~]# id -g "Domain [email protected]"
id: ‘Domain [email protected]’: no such user
[root@PRDLINUX01-VM ~]# id -g 'Domain Admins'@domain.com
id: ‘Domain [email protected]’: no such user
[root@PRDLINUX01-VM ~]# id -g "Domain Admins"@domain.com
id: ‘Domain [email protected]’: no such user
这是/etc/sssd/sssd.conf内容:
[sssd]
domains = DOMAIN.com
config_file_version = 2
services = nss, pam
[domain/DOMAIN.com]
ad_domain = DOMAIN.com
krb5_realm = DOMAIN.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ldap
ldap_access_filter = (memberOf=CN=Domain Admins,CN=Groups,DC=DOMAIN,dc=com)
我只能在 Putty 中输入用户名[电子邮件保护],但是如果密码正确,我会得到:
---------------------------
PuTTY Fatal Error
---------------------------
Remote side unexpectedly closed network connection
---------------------------
OK
---------------------------
奇怪的是,系统可以根据 AD 验证密码,如果密码错误,它会重新提示我输入正确的密码。如果密码正确,则关闭连接。
先感谢您。