ע ¼  
 ӹע
   ʾһ  |  ر
ܰʾ΢֤Ƶ΢ʺŰѹڣ°󶨣°΢  |  ر

God is U Լϵ

ԭuֻʼ

 
 
 
 
 

־

 
 

Redhat 7 ֤Windows Active Directory  

2016-02-23 14:41:56|  ࣺ ĬϷ |  ǩ |ٱ |ֺС 

  LOFTER ҵƬ  |

 

Ϊrh7was2ȼ뵽aact.com˳뵽aac.comȥҵʾ

 

[root@rh7was2 ~]# cat /etc/yum.repos.d/redhat.repo

#

# Certificate-Based Repositories

# Managed by (rhsm) subscription-manager

#

# *** This file is auto-generated. Changes made here will be over-written. ***

# *** Use "subscription-manager repo-override --help" if you wish to make changes. ***

#

# If this file is empty and this system is subscribed consider

# a "yum repolist" to refresh available repos

[root@rh7was2 ~]# vi /etc/yum/pluginconf.d/subscription-manager.conf

[root@rh7was2 ~]# cat /etc/yum/pluginconf.d/subscription-manager.conf

[main]

#enabled=1

enabled=0

[root@rh7was2 ~]#

[root@rh7was2 ~]# rpm -qa |grep yum

yum-3.4.3-132.el7.noarch

yum-rhn-plugin-2.0.1-5.el7.noarch

yum-utils-1.1.31-34.el7.noarch

yum-metadata-parser-1.1.4-10.el7.x86_64

yum-langpacks-0.4.2-4.el7.noarch

PackageKit-yum-1.0.7-5.el7.x86_64

[root@rh7was2 ~]#

[root@rh7was2 ~]# rpm -qa |grep yum|xargs rpm -e --nodeps

warning: /etc/yum/pluginconf.d/langpacks.conf saved as /etc/yum/pluginconf.d/langpacks.conf.rpmsave

[root@rh7was2 ~]#

[root@rh7was2 ~]# rpm -qa |grep yum

[root@rh7was2 ~]#

[root@rh7was2 ~]# ll /etc/yum.repos.d/

total 4

-rw-r--r--. 1 root root 358 Jan 21 12:18 redhat.repo

[root@rh7was2 ~]#

[root@rh7was2 ~]# mv /etc/yum.repos.d/redhat.repo /etc/yum.repos.d/redhat.repo.bak

[root@rh7was2 ~]#

[root@rh7was2 ~]# ll /etc/yum.repos.d/

total 4

-rw-r--r--. 1 root root 358 Jan 21 12:18 redhat.repo.bak

[root@rh7was2 ~]#

[root@rh7was2 ~]# scp root@10.0.20.222:/etc/yum.repos.d/redhat.repo /etc/yum.repos.d/

root@10.0.20.222's password:

redhat.repo 100% 2348 2.3KB/s 00:00

[root@rh7was2 ~]# ll /etc/yum.repos.d/

total 8

-rw-r--r-- 1 root root 2348 Feb 23 11:04 redhat.repo

-rw-r--r--. 1 root root 358 Jan 21 12:18 redhat.repo.bak

[root@rh7was2 ~]#

[root@rh7was2 ~]# scp root@10.0.20.222:/home/godhat/Downloads/yum-* /home/godhat/Downloads/

root@10.0.20.222's password:

yum-3.4.3-132.el7.centos.0.1.noarch.rpm 100% 1243KB 1.2MB/s 00:00

yum-metadata-parser-1.1.4-10.el7.x86_64.rpm 100% 28KB 27.7KB/s 00:00

yum-plugin-fastestmirror-1.1.31-34.el7.noarch.rpm 100% 30KB 29.9KB/s 00:00

yum-updateonboot-1.1.31-34.el7.noarch.rpm 100% 23KB 22.9KB/s 00:00

yum-utils-1.1.31-34.el7.noarch.rpm 100% 113KB 113.2KB/s 00:00

[root@rh7was2 ~]#

[root@rh7was2 ~]# rpm -ivh /home/godhat/Downloads/yum-*

warning: /home/godhat/Downloads/yum-3.4.3-132.el7.centos.0.1.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing... ################################# [100%]

Updating / installing...

1:yum-metadata-parser-1.1.4-10.el7 ################################# [ 20%]

2:yum-plugin-fastestmirror-1.1.31-3################################# [ 40%]

3:yum-3.4.3-132.el7.centos.0.1 ################################# [ 60%]

4:yum-updateonboot-1.1.31-34.el7 ################################# [ 80%]

5:yum-utils-1.1.31-34.el7 ################################# [100%]

[root@rh7was2 ~]#

[root@rh7was2 ~]# rpm -qa realmd

realmd-0.16.1-5.el7.x86_64

[root@rh7was2 ~]# yum -y install oddjob oddjob-mkhomedir sssd adcli samba-common

.

Dependencies Resolved

=========================================================================================

Package Arch Version Repository Size

=========================================================================================

Installing:

adcli x86_64 0.7.5-4.el7 base 96 k

sssd x86_64 1.13.0-40.el7_2.1 updates 91 k

Updating:

samba-common noarch 4.2.3-11.el7_2 updates 269 k

Installing for dependencies:

c-ares x86_64 1.10.0-3.el7 base 78 k

cyrus-sasl-gssapi x86_64 2.1.26-20.el7_2 updates 40 k

libdhash x86_64 0.4.3-25.el7 base 27 k

libipa_hbac x86_64 1.13.0-40.el7_2.1 updates 97 k

python-sssdconfig noarch 1.13.0-40.el7_2.1 updates 124 k

sssd-ad x86_64 1.13.0-40.el7_2.1 updates 215 k

sssd-common x86_64 1.13.0-40.el7_2.1 updates 1.1 M

sssd-common-pac x86_64 1.13.0-40.el7_2.1 updates 134 k

sssd-ipa x86_64 1.13.0-40.el7_2.1 updates 252 k

sssd-krb5 x86_64 1.13.0-40.el7_2.1 updates 129 k

sssd-krb5-common x86_64 1.13.0-40.el7_2.1 updates 154 k

sssd-ldap x86_64 1.13.0-40.el7_2.1 updates 194 k

sssd-proxy x86_64 1.13.0-40.el7_2.1 updates 123 k

Updating for dependencies:

cyrus-sasl x86_64 2.1.26-20.el7_2 updates 88 k

cyrus-sasl-lib x86_64 2.1.26-20.el7_2 updates 155 k

cyrus-sasl-md5 x86_64 2.1.26-20.el7_2 updates 56 k

cyrus-sasl-plain x86_64 2.1.26-20.el7_2 updates 38 k

cyrus-sasl-scram x86_64 2.1.26-20.el7_2 updates 42 k

libsmbclient x86_64 4.2.3-11.el7_2 updates 118 k

libsss_idmap x86_64 1.13.0-40.el7_2.1 updates 102 k

libwbclient x86_64 4.2.3-11.el7_2 updates 95 k

samba-client-libs x86_64 4.2.3-11.el7_2 updates 4.3 M

samba-common-libs x86_64 4.2.3-11.el7_2 updates 156 k

samba-common-tools x86_64 4.2.3-11.el7_2 updates 443 k

samba-libs x86_64 4.2.3-11.el7_2 updates 259 k

sssd-client x86_64 1.13.0-40.el7_2.1 updates 157 k

 

Transaction Summary

=========================================================================================

Install 2 Packages (+13 Dependent packages)

Upgrade 1 Package (+13 Dependent packages)

 

Total download size: 9.0 M

.

Installed:

adcli.x86_64 0:0.7.5-4.el7 sssd.x86_64 0:1.13.0-40.el7_2.1

 

Dependency Installed:

c-ares.x86_64 0:1.10.0-3.el7

cyrus-sasl-gssapi.x86_64 0:2.1.26-20.el7_2

libdhash.x86_64 0:0.4.3-25.el7

libipa_hbac.x86_64 0:1.13.0-40.el7_2.1

python-sssdconfig.noarch 0:1.13.0-40.el7_2.1

sssd-ad.x86_64 0:1.13.0-40.el7_2.1

sssd-common.x86_64 0:1.13.0-40.el7_2.1

sssd-common-pac.x86_64 0:1.13.0-40.el7_2.1

sssd-ipa.x86_64 0:1.13.0-40.el7_2.1

sssd-krb5.x86_64 0:1.13.0-40.el7_2.1

sssd-krb5-common.x86_64 0:1.13.0-40.el7_2.1

sssd-ldap.x86_64 0:1.13.0-40.el7_2.1

sssd-proxy.x86_64 0:1.13.0-40.el7_2.1

 

Updated:

samba-common.noarch 0:4.2.3-11.el7_2

 

Dependency Updated:

cyrus-sasl.x86_64 0:2.1.26-20.el7_2 cyrus-sasl-lib.x86_64 0:2.1.26-20.el7_2

cyrus-sasl-md5.x86_64 0:2.1.26-20.el7_2 cyrus-sasl-plain.x86_64 0:2.1.26-20.el7_2

cyrus-sasl-scram.x86_64 0:2.1.26-20.el7_2 libsmbclient.x86_64 0:4.2.3-11.el7_2

libsss_idmap.x86_64 0:1.13.0-40.el7_2.1 libwbclient.x86_64 0:4.2.3-11.el7_2

samba-client-libs.x86_64 0:4.2.3-11.el7_2 samba-common-libs.x86_64 0:4.2.3-11.el7_2

samba-common-tools.x86_64 0:4.2.3-11.el7_2 samba-libs.x86_64 0:4.2.3-11.el7_2

sssd-client.x86_64 0:1.13.0-40.el7_2.1

 

Complete!

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm join v08cndsz01dct01.aact.com -U aact.com\\a-daisg

Password for aact.com\a-daisg:

See: journalctl REALMD_OPERATION=r592354.21431

realm: Couldn't join realm: Insufficient permissions to join the domain

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm join v08cndsz01dct01.aact.com -U aact\\a-daisg

Password for aact\a-daisg:

See: journalctl REALMD_OPERATION=r592492.21460

realm: Couldn't join realm: Insufficient permissions to join the domain

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm join v08cndsz01dct01.aact.com -U 'aact\a-daisg'

Password for aact\a-daisg:

See: journalctl REALMD_OPERATION=r592509.21470

realm: Couldn't join realm: Insufficient permissions to join the domain

[root@rh7was2 ~]#

[root@rh7was2 ~]# journalctl REALMD_OPERATION=r592509.21470

-- Logs begin at Tue 2016-02-16 14:47:55 CST, end at Tue 2016-02-23 11:24:05 CST. --

Feb 23 11:22:59 rh7was2.aac.com realmd[21463]: * Resolving: _ldap._tcp.v08cndsz01dct01.aact.com

Feb 23 11:22:59 rh7was2.aac.com realmd[21463]: * Resolving: v08cndsz01dct01.aact.com

Feb 23 11:22:59 rh7was2.aac.com realmd[21463]: * Performing LDAP DSE lookup on: 10.128.35.21

Feb 23 11:22:59 rh7was2.aac.com realmd[21463]: * Successfully discovered: AACT.com

Feb 23 11:23:03 rh7was2.aac.com realmd[21463]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/

Feb 23 11:23:03 rh7was2.aac.com realmd[21463]: * LANG=C /usr/sbin/adcli join --verbose --domain AACT.com --domain-realm

Feb 23 11:23:03 rh7was2.aac.com realmd[21463]: * Using domain name: AACT.com

Feb 23 11:23:03 rh7was2.aac.com realmd[21463]: * Calculated computer account name from fqdn: RH7WAS2

Feb 23 11:23:03 rh7was2.aac.com realmd[21463]: * Using domain realm: AACT.com

Feb 23 11:23:03 rh7was2.aac.com realmd[21463]: * Sending netlogon pings to domain controller: cldap://10.128.35.21

Feb 23 11:23:04 rh7was2.aac.com realmd[21463]: * Received NetLogon info from: V08CNDSZ01DCT01.AACT.com

Feb 23 11:23:05 rh7was2.aac.com realmd[21463]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-RgL9vx/krb5

Feb 23 11:23:05 rh7was2.aac.com realmd[21463]: ! Couldn't authenticate as: aact\a-daisg@AACT.COM: Client 'aacta-daisg@AA

Feb 23 11:23:05 rh7was2.aac.com realmd[21463]: adcli: couldn't connect to AACT.com domain: Couldn't authenticate as: aact

Feb 23 11:23:05 rh7was2.aac.com realmd[21463]: ! Insufficient permissions to join the domain

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm join v08cndsz01dct01.aact.com -U a-daisg

Password for a-daisg:

[root@rh7was2 ~]# id aact\\a-daisg

uid=1155401106(a-daisg@AACT.com) gid=1155400513(domain users@AACT.com) groups=1155400513(domain users@AACT.com),1155400512(domain admins@AACT.com),1155400518(schema admins@AACT.com),1155400572(denied rodc password replication group@AACT.com),1155400519(enterprise admins@AACT.com),1155405385(organization management@AACT.com)

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm leave aact.com -U a-daisg

Password for a-daisg:

[root@rh7was2 ~]#

[root@rh7was2 ~]# id aact\\a-daisg

id: aact\a-daisg: no such user

[root@rh7was2 ~]#

#Ϊ˳IJΪʽIJ

 

[root@rh7was2 ~]# ping aac.com

PING aac.com (10.128.33.21) 56(84) bytes of data.

64 bytes from v08cndsz01dcsz1.aac.com (10.128.33.21): icmp_seq=1 ttl=126 time=1.35 ms

64 bytes from v08cndsz01dcsz1.aac.com (10.128.33.21): icmp_seq=2 ttl=126 time=0.897 ms

64 bytes from v08cndsz01dcsz1.aac.com (10.128.33.21): icmp_seq=3 ttl=126 time=1.04 ms

^C

--- aac.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2003ms

rtt min/avg/max/mdev = 0.897/1.099/1.351/0.188 ms

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm discover aac.com

aac.com

type: kerberos

realm-name: AAC.COM

domain-name: aac.com

configured: no

server-software: active-directory

client-software: sssd

required-package: oddjob

required-package: oddjob-mkhomedir

required-package: sssd

required-package: adcli

required-package: samba-common

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm join aac.com -U a-dsg

Password for a-dsg:

[root@rh7was2 ~]#

[root@rh7was2 ~]# id aac\\sz101032

uid=1518804344(sz101032@aac.com) gid=1518800513(domain users@aac.com) groups=1518800513(domain users@aac.com),1518843713(usg-aac-xx-xxxxx-ctx-dfs_visit@aac.com),1518803897(certsvc_dcom_access@aac.com),1518804755(-it@aac.com),1518837700(usg-aac-xx-xxxx-sp-group_salary02_visit@aac.com),1518819089(user_tointernet_tmg@aac.com),1518815630(usg-aac-cn-ssz03-map_share_8f1_read@aac.com),1518843698(usg-aac-xx-xxxxx-ctx-user_vdi_std@aac.com),1518835654(usg-aac-ap-avn01-fs001_sh14005ohsas18001_read@aac.com),1518819281(usg-aac-ap-avn01-share_iso_team_read@aac.com),1518837701(usg-aac-xx-xxxx-sp-group_visit@aac.com),1518818907(usg-aac-cn-ssz01-dfs-it_share@aac.com),1518818778(usg-aac-cn-xxxxx-it_groupinfra_sharepoint@aac.com),1518818623(usg-aac-cn-sszxx-it_infrastructure@aac.com),1518812270(usg-aac-cn-ssz03fs001_personal_visit@aac.com),1518819224(usg-aac-ap-avn01-citrixappuser_en@aac.com),1518836005(usg-aac-xx-xxxxx-it-pj-2015051101_teams@aac.com),1518835605(usg-aac-cn-xxxxx-spsite-it_groupinfra_visitors@aac.com),1518805463(usg-aac-cn-ssz03-zhiliang_read@aac.com),1518819093(user_toeln_tmg@aac.com),1518814702(usg-aac-xx-xxxxx-dml_upload@aac.com),1518843748(usg-aac-xx-xxxxx-ucsd-user@aac.com),1518832810(udg-aac-cn-sszxx-it_infteam@aac.com),1518815629(usg-aac-cn-ssz03-map_share_8f1_modify@aac.com),1518837699(usg-aac-localadmins@aac.com),1518812464(user_outlook2010@aac.com),1518816739(usg-aac-cn-sszxx-citrixuser@aac.com),1518837659(usg-aac-sg-dept-rd-memsfab_all@aac.com),1518805684(usg-aac-cn-ssz03-dfs-fs001_visit@aac.com),1518835942(testinfrateam@aac.com),1518832791(usg-aac-xx-xxxxx-wifi-vip_a@aac.com),1518815628(usg-aac-cn-ssz03-map_share_visit@aac.com),1518832793(usg-aac-xx-xxxxx-wifi-emp_a@aac.com),1518835846(usg-aac-xx-xxxxx-fs001-fs_aac_visit@aac.com),1518819102(usg-aac-cn-xxxxx-spsite-it_visitors@aac.com),1518809152(remote vpn users@aac.com),1518832990(usg-aac-xx-xxxxx-sccm-remotecontrol@aac.com),1518812273(usg-aac-cn-ssz03b8p01_bmail@aac.com),1518837709(usg-aac-xx-xxxxx-distribution_visio@aac.com),1518837708(usg-aac-xx-xxxxx-distribution_project@aac.com),1518814701(usg-aac-xx-xxxxx-dml_client_read@aac.com),1518812272(usg-aac-cn-print-ssz03b8p01_use@aac.com),1518815632(usg-aac-ap-avn01-fs001_visit@aac.com),1518812450(usg-aac-ap-avn01-citrixappuser_sap@aac.com),1518819283(usg-aac-xx-xxxxx-distribution_acrobat@aac.com)

[root@rh7was2 ~]#

[root@rh7was2 ~]# realm discover aac.com

aac.com

type: kerberos

realm-name: AAC.COM

domain-name: aac.com

configured: kerberos-member

server-software: active-directory

client-software: sssd

required-package: oddjob

required-package: oddjob-mkhomedir

required-package: sssd

required-package: adcli

required-package: samba-common

login-formats: %U@aac.com

login-policy: allow-realm-logins

[root@rh7was2 ~]#

[root@rh7was2 ~]# su - aac\\sz101032

File size limit exceeded (core dumped)

[root@rh7was2 ~]# su - aac\\a-dsg

Creating home directory for a-dsg@aac.com.

File size limit exceeded (core dumped)

[root@rh7was2 ~]# ll /home/

total 4

drwx------ 3 a-dsg@aac.com domain users@aac.com 74 Feb 23 11:36 a-dsg@aac.com

drwx------. 14 godhat godhat 4096 Jan 23 17:29 godhat

drwx------ 3 sz101032@aac.com domain users@aac.com 74 Feb 23 11:35 sz101032@aac.com

[root@rh7was2 ~]#

[root@rh7was2 ~]# ulimit -a

core file size (blocks, -c) 0

data seg size (kbytes, -d) unlimited

scheduling priority (-e) 0

file size (blocks, -f) 6291453

pending signals (-i) 14983

max locked memory (kbytes, -l) 64

max memory size (kbytes, -m) unlimited

open files (-n) 8192

pipe size (512 bytes, -p) 8

POSIX message queues (bytes, -q) 819200

real-time priority (-r) 0

stack size (kbytes, -s) 32768

cpu time (seconds, -t) unlimited

max user processes (-u) 16384

virtual memory (kbytes, -v) unlimited

file locks (-x) unlimited

[root@rh7was2 ~]#

[root@rh7was2 ~]# ulimit -f unlimited #ʱñҪ/etc/security/limits.confļ޸ģע͵ԭȵ޸ֵĬϼΪunlimited

[root@rh7was2 ~]#

[root@rh7was2 ~]# ulimit -a

core file size (blocks, -c) 0

data seg size (kbytes, -d) unlimited

scheduling priority (-e) 0

file size (blocks, -f) unlimited

pending signals (-i) 14983

max locked memory (kbytes, -l) 64

max memory size (kbytes, -m) unlimited

open files (-n) 8192

pipe size (512 bytes, -p) 8

POSIX message queues (bytes, -q) 819200

real-time priority (-r) 0

stack size (kbytes, -s) 32768

cpu time (seconds, -t) unlimited

max user processes (-u) 16384

virtual memory (kbytes, -v) unlimited

file locks (-x) unlimited

[root@rh7was2 ~]#rm CRf #ɾԭȵĿ¼

[root@rh7was2 ~]# ll /home/

total 4

drwx------. 14 godhat godhat 4096 Jan 23 17:29 godhat

[root@rh7was2 ~]#

[root@rh7was2 ~]# su - aac\\sz101032

Creating home directory for sz101032@aac.com.

Last login: Tue Feb 23 11:52:35 CST 2016 on pts/2

[sz101032@aac.com@rh7was2 ~]$ ll /home/sz101032@aac.com/ #ʱĿ¼Ϊ

total 0

ӿͻ˵¼HOMEĿ¼

ADϲѯ˼

DFSļ

 

 

ʹ˻ԶSSHҵ

 

[root@rh7osd ~]# ssh aac\\sz101032@10.0.20.202

aac\sz101032@10.0.20.202's password:

Last failed login: Tue Feb 23 13:52:06 CST 2016 from 10.0.20.222 on ssh:notty

There were 3 failed login attempts since the last successful login.

Last login: Tue Feb 23 13:42:02 2016

[sz101032@aac.com@rh7was2 ~]$ ll

total 0

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Desktop

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Documents

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Downloads

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Music

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Pictures

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Public

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Templates

drwxr-xr-x 2 sz101032@aac.com domain users@aac.com 6 Feb 23 13:42 Videos

[sz101032@aac.com@rh7was2 ~]$exit

[root@rh7osd ~]# ssh aac\\a-dsg@10.0.20.202

aac\a-dsg@10.0.20.202's password:

Creating home directory for aac\a-dsg.

[a-dsg@aac.com@rh7was2 ~]$ mkdir 'From rh7osd ssh'

[a-dsg@aac.com@rh7was2 ~]$ ll

total 0

drwxr-xr-x 2 a-dsg@aac.com domain users@aac.com 6 Feb 23 13:53 From rh7osd ssh

[a-dsg@aac.com@rh7was2 ~]$

 

 

ˣRHEL 7.2뵽΢ADȫ

 
 
Ķ(362)| (0)
Ƽ ת

ʷϵĽ

LOFTERĸ

<#--־Ⱥ־--> <#--Ƽ־--> <#--ü¼--> <#--Ƽ--> <#--Ķ--> <#--ҳƼ--> <#--ʷϵĽ--> <#--Ƽ־--> <#--һƪһƪ--> <#-- ȶ --> <#-- Ź --> <#--ұģṹ--> <#--ģṹ--> <#--ģṹ--> <#--ͶƱ-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

ҳ

ҵƬ - ͷ - ֻ - LOFTER APP - Ĵ˲

׹˾Ȩ ©1997-2017