CentOS7使用sssd集成AD账号认证:
确保DNS解析正常(略)
yum install realmd sssd sssd-ldap
vi /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = ming.com
services = nss, pam
[domain/ming.com]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = simple
#simple_allow_users = xxx.xxx,xxxx.xxxx
#simple_allow_groups =
#simple_deny_users =
#simple_deny_groups = entry_cache_timeout = 300
#entry_cache_user_timeout = 120
#entry_cache_group_timeout = 120
ad_domian = ming.com
ad_enabled_domains = ming.com
ad_server = dc01.ming.com,dc02.ming.com
ad_hostname = dc01.ming.com,dc02.ming.com
ad_site = dc01.ming.com,dc02.ming.com
ldap_id_mapping = False
use_fully_qualified_name = False
cache_credentials = True
dyndns_update = False
:wq
chmod 0600 /etc/sssd/sssd.conf
vi /etc/nsswith.conf (有可能会自动添加)
passwd: files sss
shadow: files sss
group: files sss
#hosts: db files nisplus nis dns
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss :wq
加域命令:
echo -n "xxxxxxx" | adcli join -D ming.com -S dc02 -U xxx.xxx --stdin-password
退域命令:
realm leave -v ming.com -U xxx.xxx
systemctl restart sssd
systemctl enable sssd
id xxx.xxx
getent passwd | grep xxx.xxx
ssh登陆: