首先安裝各個依賴包;
<code>yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python ntp –y</code>
<code></code>
確定至AD的解析正常,編輯 /etc/resolv.conf 檔案;
<code>[root@@testLinux-WH ~]# cat /etc/resolv.conf</code>
<code>search example.com</code>
<code>nameserver 192.168.10.51</code>
確定該賬戶具有相應權限,加入AD域;
<code>[root@@testLInux-WH ~]# realm join --user=administrator example.com</code>
<code>Password for administrator:</code>
如有報錯可以使用指令 journalctl -xe REALMD_OPERATION=r549.7056 加錯誤代碼檢視資訊報錯。确認DNS解析正常,确認時間是否一緻;
<code>ntpdate ntpserver</code>
使用 realm list 确認 realm 資訊;
<code>[root@@testLinux-WH ~]# realm list</code>
<code>example.com</code>
<code>type: kerberos</code>
<code>realm-name: EXAMPLE.COM</code>
<code>domain-name: example.com</code>
<code>configured: kerberos-member</code>
<code>server-software: active-directory</code>
<code>client-software: sssd</code>
<code>required-package: oddjob</code>
<code>required-package: oddjob-mkhomedir</code>
<code>required-package: sssd</code>
<code>required-package: adcli</code>
<code>required-package: samba-common-tools</code>
<code>login-formats: %[email protected]</code>
<code>login-policy: allow-realm-logins</code>
<code>加域成功後,AD中自動建立了相關記錄;</code>
<code>由于CentOS中預設使用完整使用者名“[email protected]”,需要修改 /etc/sssd/sssd.conf 配置檔案來達到使用短使用者名的目的;</code>
<code>use_fully_qualified_names = False</code>
<code>fallback_homedir = /home/%u</code>
<code>重新開機服務使其生效;</code>
<code>systemctl restart sssd</code>
<code>嘗試使用測試賬戶連接配接;</code>
<code>ssh [email protected]</code>
<code>[email protected]'s password:</code>
<code>Creating home directory for fei-u031.</code>
<code>Last failed login: Wed Aug 7 15:52:22 CST 2019 from adsvr01.example.com on ssh:notty</code>
<code>There were 4 failed login attempts since the last successful login.</code>
<code>/usr/bin/xauth: file /home/fei-u031/.Xauthority does not exist</code>
<code>[fei-u031@testLinux-WH ~]$ pwd</code>
<code>/home/fei-u031</code>
<code>退出AD域;</code>
<code>realm leave example.com</code>
![Windows系統下通過CMD指令行或運作視窗打開常用附件和功能[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)