Не может войти в систему Ubuntu как пользователь домена “никакая passwd запись для пользователя” (SSSD, KRB5, Samba)'
Я следовал этому руководству для соединения моего сервера Ubuntu 14.04 с моим доменом. У меня есть все работа - сервер присоединился к AD штрафу, я могу kinit очень хорошо, и динамический DNS работает отлично. Однако, когда я вхожу в систему Linux и пробую к su как пользователь домена, он перестал работать...
Пример:
su domainuser
No passwd entry for user 'domainuser'
su timdomain\\domainuser
No passwd entry for user 'timdomain\domainuser'
su timdomain.local\\domainuser
No passwd entry for user 'timdomain.local\domainuser'
su TIMDOMAIN.LOCAL\\domainuser
No passwd entry for user 'TIMDOMAIN.LOCAL\domainuser'
KRB5.conf
[libdefaults]
default_realm = TIMDOMAIN.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
TIMDOMAIN.LOCAL = {
kdc = dc01.timdomain.local
admin_server = dc01.timdomain.local
default_domain = timdomain.local
}
[domain_realm]
.timdomain.local = DC01.TIMDOMAIN.LOCAL
timdomain.local = DC01.TIMDOMAIN.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = false
SSSD.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = TIMDOMAIN.LOCAL
[domain\TIMDOMAIN.LOCAL]
id_provider = ad
overridehomedir = /home/%d/%u
access_provider = simple
smb.conf
[global]
workgroup = TIMDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = TIMDOMAIN.LOCAL
security = ads
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
nsswitch.conf
passwd: compat sss
group: compat sss
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss
~
1
задан gibsonfirebird12
22 December 2017 в 04:48
поделиться