以rhel7操作系统+WINDOWS 2016 AD LDAP配置举例:
步骤0、配置WINDOWS2016 AD LDAP(略)确保正常使用
步骤1、修改主机名和DNS服务器地址(配置DNS为AD服务器)
vi /etc/hostname
vi /etc/sysconfig/network-scripts/ifcfg-ens192
步骤2、安装软件,如果无法连接外网,则需要配置本地yum源。
yum install -y krb5-workstation realmd sssd samba-common adcli oddjob oddjob-mkhomedir samba samba-common-tools
步骤3、加入域控服务器
realm join –user=域账号名 域名
例如:
realm join –user=14770 nanocorechip.com
然后输入域账号密码
步骤4、验证输入
realm list
显示信息则证明入域成功
su – 14770@nanocorechip.com
root@rd11 ~]# su – 14770@nanocorechip.com
Creating home directory for 14770@nanocorechip.com
[14770@nanocorechip.com@rd11 ~]$
配置扩展知识:SSSD和ActiveDirectory
SSSD代表SystemSecurityServicesDaemon,它实际上是一组守护进程,用于处理来自各种网络源的身份验证、授权以及用户和组信息。它的核心是支持:
通过systemctl start sssd 启动
[root@rd11 ~]# more /etc/sssd/sssd.conf
[sssd]
domains = nanocorechip.com
config_file_version = 2
services = nss, pam
[domain/nanocorechip.com]
ad_domain = nanocorechip.com
krb5_realm = NANOCORECHIP.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/tcsh
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad