目录或认证服务
1 前言
一个问题,一篇文章,一出故事。
我们之前的文章实现把Oracle Linux 9.x客户端加入到“cmdschool.org”域。
然而,本章节笔者需要把该客户端加入到非同林的“cmdschool.com”域中,本章基于此目的便整理。
2 最佳实践
2.1 配置前的准备
2.1.1 配置客户端的主域
配置客户端的第一个域,即加入“cmdschool.org”域,详细配置如下,
2.1.2 安装需要使用的软件包
dnf install -y krb5-workstation
2.2 配置非主信任域
2.2.1 添加“krb5.conf”的非同林域配置
vim /etc/krb5.conf
配置修改如下,
#...
[domain_realm]
.cmdschool.org= CMDSCHOOL.ORG
cmdschool.org= CMDSCHOOL.ORG
.cmdschool.com = CMDSCHOOL.COM
cmdschool.com = CMDSCHOOL.COM
2.2.2 将服务器加入到非同林域并指定krb5.keytab路径
adcli join -U admin --host-keytab=/etc/krb5.keytab.cmdschool.com cmdschool.com
然后,你可以使用如下命令验证,
klist -k /etc/krb5.keytab.cmdschool.com
2.2.3 添加非同林域的sssd配置
vim /etc/sssd/sssd.conf
配置修改如下,
[sssd] domains = cmdschool.org,cmdschool.com config_file_version = 2 services = nss, pam [domain/cmdschool.org] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = cmdschool.org realmd_tags = manages-system joined-with-adcli id_provider = ad #fallback_homedir = /home/%u@%d ad_domain = cmdschool.org use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad ad_gpo_access_control = disabled [domain/cmdschool.com] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = cmdschool.com realmd_tags = manages-system joined-with-adcli id_provider = ad #fallback_homedir = /home/%u@%d ad_domain = cmdschool.com use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad ad_gpo_access_control = disabled krb5_keytab = /etc/krb5.keytab.cmdschool.com ldap_krb5_keytab = /etc/krb5.keytab.cmdschool.com
然后,你需要重启服务使用配置生效,
systemctl restart sssd.service
2.2.4 测试域的配置
id will@cmdschool.org id will@cmdschool.com
2.3 优化非主信任域
2.3.1 指定非信任域的AD服务器
vim /etc/sssd/sssd.conf
配置修改如下,
#... [domain/cmdschool.com] #... ad_server = adser.cmdschool.com
然后,你需要重启服务使用配置生效,
systemctl restart sssd.service
2.3.3 禁用非信任域的动态DNS解析
vim /etc/sssd/sssd.conf
配置修改如下,
#... [domain/cmdschool.com] #... dyndns_update = false
然后,你需要重启服务使用配置生效,
systemctl restart sssd.service
没有评论