我有一些CentOS 7机器通过以下步骤join了一个Windows域:
#yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common #nmcli c modify eth0 ipv4.dns 192.168.3.18 #nmcli c down eth0; nmcli c up eth0 #realm discover DOMAIN.CORP #realm join DOMAIN.CORP -U domainadmin #vim /etc/sssd/sssd.conf [sssd] domains = domain.corp config_file_version = 2 services = nss, pam [domain/domain.corp] ad_domain = domain.corp krb5_realm = DOMAIN.CORP realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/DOMAIN/%u access_provider = ad #systemctl restart sssd #vim /etc/samba/smb.conf [homes] comment = Home Directories browseable = no writable = yes valid users = @"[email protected]" 问题是,当机器启动时,group.engineering中的所有用户都可以login,但是如果机器一天仍未使用,用户将无法再login,结果将logging在/ var / log /安全将是:
Feb 23 15:25:45 api60 sshd[54971]: pam_unix(sshd:session): session opened for user ojohn by (uid=0) Feb 23 15:25:54 api60 sudo: pam_sss(sudo:auth): authentication failure; logname=ojohn uid=1368235925 euid=0 tty=/dev/pts/1 ruser=ojohn rhost= user=ojohn Feb 23 15:25:54 api60 sudo: pam_sss(sudo:auth): received for user ojohn: 4 (System error) Feb 23 15:25:59 api60 sudo: pam_sss(sudo:auth): authentication failure; logname=ojohn uid=1368235925 euid=0 tty=/dev/pts/1 ruser=ojohn rhost= user=ojohn Feb 23 15:25:59 api60 sudo: pam_sss(sudo:auth): received for user ojohn: 4 (System error) Feb 23 15:25:59 api60 sudo: ojohn : 2 incorrect password attempts ; TTY=pts/1 ; PWD=/home/DOMAIN/ojohn ; USER=root ; COMMAND=/bin/su Feb 23 15:28:24 api60 sshd[44759]: pam_unix(sshd:session): session closed for user ojohn
所有的CentOS 7机器都有这个问题。 任何意见来自哪里?
非常感谢你。