Active directory Kerberos加入Active Directory域失败(uBuntu)
我尝试在Ubuntu 12.04.05中加入Active Directory和Samba 4。Active directory Kerberos加入Active Directory域失败(uBuntu),active-directory,ldap,kerberos,samba,Active Directory,Ldap,Kerberos,Samba,我尝试在Ubuntu 12.04.05中加入Active Directory和Samba 4。 当我运行host-tsrv\u kerberos.\u udp.test.sg时,我得到一个错误: Host _kerberos._udp.test.sg not found: 3(NXDOMAIN) 同时 $# host -t SRV _ldap._tcp.test.sg _ldap._tcp.test.sg has SRV record 0 0 389 4ecapsvsg6.test.sg.
当我运行
host-tsrv\u kerberos.\u udp.test.sgHost _kerberos._udp.test.sg not found: 3(NXDOMAIN)
$# host -t SRV _ldap._tcp.test.sg
_ldap._tcp.test.sg has SRV record 0 0 389 4ecapsvsg6.test.sg.
$# host -t A 4ECAPSVSG6.test.sg
4ECAPSVSG6.test.sg has address 10.153.64.5
/etc/samba/smb.conf# Global parameters
[global]
workgroup = TEST
realm = TEST.SG
netbios name = 4ECAPSVSG6
server role = active directory domain controller
dns forwarder = 10.153.64.5
security = ads
use kerberos keytab = true
password server = 4ecapsvsg6.test.sg
allow dns updates = nonsecure and secure
bind interfaces only = no
server services = +smb -s3fs
dcerpc endpoint servers = +winreg +srvsvc
passdb backend = samba4
server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns
[libdefaults]
default_realm = TEST.SG
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
4ECAP.SG = {
kdc = 4ecapsvsg6.test.sg:88
admin_server = 4ecapsvsg6.test.sg:749
default_domain = test.sg
}
[domain_realm]
.test.sg = TEST.SG
test.sg = TEST.SG
[login]
krb4_convert = true
krb4_get_tickets = false
/etc/krb5.conf# Global parameters
[global]
workgroup = TEST
realm = TEST.SG
netbios name = 4ECAPSVSG6
server role = active directory domain controller
dns forwarder = 10.153.64.5
security = ads
use kerberos keytab = true
password server = 4ecapsvsg6.test.sg
allow dns updates = nonsecure and secure
bind interfaces only = no
server services = +smb -s3fs
dcerpc endpoint servers = +winreg +srvsvc
passdb backend = samba4
server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns
[libdefaults]
default_realm = TEST.SG
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
4ECAP.SG = {
kdc = 4ecapsvsg6.test.sg:88
admin_server = 4ecapsvsg6.test.sg:749
default_domain = test.sg
}
[domain_realm]
.test.sg = TEST.SG
test.sg = TEST.SG
[login]
krb4_convert = true
krb4_get_tickets = false
/etc/hosts 127.0.0.1 localhost
127.0.1.1 4ecapsvsg6
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.153.64.5 4ecapsvsg6.test.sg 4ecapsvsg6
sudo net ads join
Failed to join domain: failed to lookup DC info for domain 'TEST' over rpc: Logon failure
kinit管理员klist Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@TEST.SG
Valid starting Expires Service principal
26/03/2015 14:29:04 27/03/2015 00:29:04 krbtgt/TEST.SG@TEST.SG
renew until 27/03/2015 14:29:00
/etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.153.64.5
search test.sg
domain test.sg
上周我用谷歌搜索了一下,幸运的是我找到了这个网站 碰巧我需要编辑我的dnsmasq(/etc/dnsmasq.conf) 添加此行: srv主机=_kerberos._tcp.test.sg,4ecapsvsg6.test.sg,88 srv主机=_kerberos._tcp.dc._msdcs.test.sg,4ecapsvsg6.test.sg,88 srv主机=_kerberos._udp.test.sg,4ecapsvsg6.test.sg,88 srv主机=_kpasswd._tcp.test.sg,4ecapsvsg6.test.sg,464 srv主机=_kpasswd._udp.test.sg,4ecapsvsg6.test.sg,464 并禁用Bind9(默认情况下与Samba4一起安装) 现在问题消失了:) 只剩下一个问题,如何连接到AD(我将为此打开另一个线程)