我嘗試按照本指南使用活動目錄設定realmd和sssd:http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/
當我運行命令時,一切似乎都已連接。我的 sssd.conf 如下圖所示:realm –verbose join domain.company.com –user-principal=c-u14-dev1/[email protected] –unattended
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[sssd]
domains = DOMAIN.COMPANY.COM
config_file_version = 2
services = nss, pam
[domain/DOMAIN.COMPANY.COM]
ad_domain = DOMAIN.COMPANY.COM
krb5_realm = DOMAIN.COMPANY.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
我的/etc/pam.d/common-auth看起來像這樣:
auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_sss.so use_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_cap.so
我可以使用 登錄nwalke/DOMAIN.COMPANY.COM,如何更改這些配置以便我可以僅使用 登入nwalke?
答案1
設定預設網域允許使用者僅使用使用者名稱登錄,而不指定網域名稱(主網域以外的使用者需要指定網域名稱)。
因此,在[sssd]設定檔的部分下,將該欄位設為default_domain_suffix空白。請記住,如果本機系統和網域伺服器上有用戶,則本機用戶將優先。