在干净安装的centos-7主机上:
realm join -U foo --client-software sssd AD.EXAMPLE.COM 运行realm list输出看起来像这样:
AD.EXAMPLE.COM type: kerberos realm-name: AD.EXAMPLE.COM domain-name: ad.example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %[email protected] login-policy: allow-realm-logins
告诉我,我已经按照我的意愿join了一个活动目录。
后来(不知道是什么触发或它…系统重新启动保证,但其他的事情似乎也可以 – 也许一个桑巴重启?),领域列表输出更改为此
ad.example.com type: kerberos realm-name: AD.EXAMPLE.COM domain-name: ad.example.com configured: kerberos-member server-software: active-directory client-software: winbind required-package: oddjob-mkhomedir required-package: oddjob required-package: samba-winbind-clients required-package: samba-winbind required-package: samba-common login-formats: AD\%U login-policy: allow-any-login AD.EXAMPLE.COM type: kerberos realm-name: AD.EXAMPLE.COM domain-name: ad.example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %[email protected] login-policy: allow-realm-logins
我是如何通过这两种机制join同一个域的? 有没有办法我不能有这种情况发生? 或者这是某种需要的行为?
我知道我没有回答你自己的问题,但也许这也会有帮助 – 只要在nsswitch.conf中只configuration了sss,并且在PAMconfiguration中只configuration了pam_sss.so,那么只有SSSD的入口点会被使用..