Ubuntu20.04通过realmd+sssd实现AD账号登陆:
apt-get install realmd sssd sssd-tools
realm discover aa.ming.com (aa.ming.com为DC)
sssd模式(会自动安装sssd、sssd-tools,也可提前装好):
realm join -v aa.ming.com -U xxx.xxx
vi /etc/nsswitch.conf
passwd: files sss
group: files sss
shadow: files sss
netgroup: files sss
:wq
vi /etc/sssd/sssd.conf
[sssd]
domains = ming.com
config_file_version = 2
services = nss, pam
[domain/ming.com]
default_shell = /bin/bash
ad_server = aa.ming.com
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = MING.COM
realmd_tags = manages-system joined-with-samba
id_provider = ad
fallback_homedir = /home/%u
ad_domain = ming.com
use_fully_qualified_names = False (默认为True,改为False,不带域名)
ldap_id_mapping = True
access_provider = ad
access_provider = simple (手动添加)
simple_allow_users = xxx.xxx (手动添加,只允许特定用户登陆)
filter_users_in_groups = False (手动添加,不去查找group id)
use_fully_qualified_name = False (手动添加)
enumerate = True (这个参数会遍历AD的user和group,导致认证变慢,不过这个参数对quota很有用,不开quota识别不到用户名)
:wq
systemctl restart sssd
验证:
id xxx.xxx (uid为9位长串数字)
或