在 CentOS 中使用 /etc/resolv.conf 解析 AD 域
Resolve AD Domain using /etc/resolv.conf in CentOS
我已经使用 Realm 配置了 SSSD,以使用 AD 凭据登录到 centOS VM。请参考设置
我必须修改 /etc/resolv.conf 文件以将 namserver 指向 AD 域
原始/etc/resolv.conf文件:
# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2
已更新 /etc/resolv.conf 文件:
# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
使用更新的 /etc/resolv.conf 文件,用户可以使用 AD 凭据登录,但原始域未解析
我想要一种方法来解析指向不同名称服务器的两个域
# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
我也尝试过多种方法来使用已弃用的标签来解析域
# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2
domain test.com
nameserver 172.31.12.38
我什至尝试过旋转选项
# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
有没有办法使用 /etc/resolv.conf
解析指向不同名称服务器的多个域
要解析 AD 林域,我们可以在 sssd.conf 文件中配置 ad_server 参数
ref link: man_page_sssd [参考 ad_server 部分]
/etc/sssd/sssd.conf参考文件:
原文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
更新文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
这样我们就可以避免在 /etc/resolv.conf 文件
中创建任何条目
我已经使用 Realm 配置了 SSSD,以使用 AD 凭据登录到 centOS VM。请参考设置
我必须修改 /etc/resolv.conf 文件以将 namserver 指向 AD 域
原始/etc/resolv.conf文件:
# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2
已更新 /etc/resolv.conf 文件:
# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
使用更新的 /etc/resolv.conf 文件,用户可以使用 AD 凭据登录,但原始域未解析
我想要一种方法来解析指向不同名称服务器的两个域
# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
我也尝试过多种方法来使用已弃用的标签来解析域
# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2
domain test.com
nameserver 172.31.12.38
我什至尝试过旋转选项
# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
有没有办法使用 /etc/resolv.conf
解析指向不同名称服务器的多个域要解析 AD 林域,我们可以在 sssd.conf 文件中配置 ad_server 参数
ref link: man_page_sssd [参考 ad_server 部分]
/etc/sssd/sssd.conf参考文件:
原文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
更新文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
这样我们就可以避免在 /etc/resolv.conf 文件
中创建任何条目