Fatal编程技术网
  • dns/
  • Dns 在CentOS中使用/etc/resolv.conf解析AD域

Dns 在CentOS中使用/etc/resolv.conf解析AD域

dns centos

Dns 在CentOS中使用/etc/resolv.conf解析AD域,dns,centos,resolv,Dns,Centos,Resolv,我已使用Realm配置SSSD,以使用AD凭据登录centOS VM。请参考设置 我不得不修改/etc/resolv.conf文件,将namserver指向AD域 原始/etc/resolv.conf文件: # Generated by NetworkManager search ap-south-1.compute.internal nameserver 172.31.0.2 # Generated by NetworkManager search test.com nameserver 1

我已使用Realm配置SSSD,以使用AD凭据登录centOS VM。请参考设置

我不得不修改/etc/resolv.conf文件,将namserver指向AD域

原始/etc/resolv.conf文件:

# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2

# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
更新了/etc/resolv.conf文件:

# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2

# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
通过更新的/etc/resolv.conf文件,用户可以使用AD凭据登录,但原始域未解析

我想要一种方法来解析指向不同名称服务器的两个域

# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
我也尝试了多种方法来使用不推荐使用的标记解析域

# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2

domain test.com
nameserver 172.31.12.38
我甚至尝试过旋转选项

# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
有没有办法使用/etc/resolv.conf解析指向不同名称服务器的多个域要解析AD林域,我们可以在sssd.conf文件中配置AD_服务器参数

参考链接:[参考ad_服务器部分]

/etc/sssd/sssd.conf参考文件:

原始文件:

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
更新文件:

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
通过这种方式,我们可以避免在/etc/resolv.conf文件中创建任何条目

我认为您需要的是。另一个不太推荐的选项是使用转发区域配置您的本地DNS。此处给出了绑定DNS服务器的示例: