CentOS加入AD域

首先安裝各個依賴包；

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python ntp –y

確保至AD的解析正常，編輯 /etc/resolv.conf 文件；

[root@@testLinux-WH ~]# cat /etc/resolv.conf

search example.com

nameserver 192.168.10.51

確保該賬戶具有相應(yīng)權(quán)限，加入AD域；

[root@@testLInux-WH ~]# realm join --user=administrator example.com

Password for administrator:

如有報錯可以使用命令 journalctl -xe REALMD_OPERATION=r549.7056 加錯誤代碼查看信息報錯。確認DNS解析正常，確認時間是否一致;

ntpdate ntpserver

使用 realm list 確認 realm 信息；

[root@@testLinux-WH ~]# realm list

example.com

type: kerberos

realm-name: EXAMPLE.COM

domain-name: example.com

configured: kerberos-member

server-software: active-directory

client-software: sssd

required-package: oddjob

required-package: oddjob-mkhomedir

required-package: sssd

required-package: adcli

required-package: samba-common-tools

login-formats: %U@example.com

login-policy: allow-realm-logins

加域成功后，AD中自動創(chuàng)建了相關(guān)記錄；

由于CentOS中默認使用完整用戶名“administrator@example.com”，需要修改 /etc/sssd/sssd.conf 配置文件來達到使用短用戶名的目的；

use_fully_qualified_names = False

fallback_homedir = /home/%u

重啟服務(wù)使其生效；

systemctl restart sssd

嘗試使用測試賬戶連接；

ssh fei-u031@192.168.0.101

fei-u031@192.168.0.101's password:

Creating home directory for fei-u031.

Last failed login: Wed Aug 7 15:52:22 CST 2019 from adsvr01.example.com on ssh:notty

There were 4 failed login attempts since the last successful login.

/usr/bin/xauth: file /home/fei-u031/.Xauthority does not exist

[fei-u031@testLinux-WH ~]$ pwd

/home/fei-u031

退出AD域；

realm leave example.com