集成到 AD 中的 Linux 服务器无法对用户进行身份验证

集成到 AD 中的 Linux 服务器无法对用户进行身份验证

我有一些 Linux 服务器集成到 AD 中。其中一个服务器加入域时没有出现错误,但它无法对任何 AD 用户进行身份验证。

你能帮助我吗?日志和配置文件:

[root@oracleLinux72 ~]# cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
# default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}
default_realm = MYDOMAIN.CORP

[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
[root@oracleLinux72 ~]# cat /etc/sssd/sssd.conf

[sssd]
domains = mydomain.corp
config_file_version = 2
services = nss, pam

[domain/mydomain.corp]
ad_domain = mydomain.corp
krb5_realm = MYDOMAIN.CORP
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = simple
simple_allow_groups = [email protected]
[root@oracleLinux72 ~]# systemctl status sssd -l
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2024-04-18 12:48:04 EDT; 48min ago
 Main PID: 24148 (sssd)
   Memory: 31.8M
   CGroup: /system.slice/sssd.service
           ├─24148 /usr/sbin/sssd -i --logger=files
           ├─24149 /usr/libexec/sssd/sssd_be --domain mydomain.corp --uid 0 --gid 0 --logger=files
           ├─24151 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
           └─24152 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

Apr 18 13:35:07 oracleLinux72 sssd[ldap_child[31429]][31429]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection.

谢谢

相关内容