dns - CentOS中使用/etc/resolv.conf解析AD域

标签 dns centos resolv

我已使用 Realm 配置 SSSD,以使用 AD 凭据登录到 centOS VM。请引用设置 here

我必须修改 /etc/resolv.conf 文件以将 namserver 指向 AD 域

原始/etc/resolv.conf文件:

# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2

更新的 /etc/resolv.conf 文件:

# Generated by NetworkManager
search test.com
nameserver 172.31.12.38

使用更新后的 /etc/resolv.conf 文件,用户可以使用 AD 凭据登录,但原始域未解析

我想要一种方法来解析指向不同名称服务器的两个域

# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com

我也尝试过多种方法来使用已弃用的标签来解析域

# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2

domain test.com
nameserver 172.31.12.38

我什至尝试过旋转选项

# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com

有没有办法使用 /etc/resolv.conf

解析指向不同名称服务器的多个域

最佳答案

要解析 AD 森林域,我们可以在 sssd.conf 文件中配置 ad_server 参数

引用链接:man_page_sssd [引用 ad_server 部分]

/etc/sssd/sssd.conf引用文件:

原始文件:

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True

更新文件:

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True

这样我们就可以避免在/etc/resolv.conf 文件中做任何输入

关于dns - CentOS中使用/etc/resolv.conf解析AD域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64026565/

上一篇:reactjs - 如何使用 React gatsby-background-image 重复背景图像?

下一篇:julia - 如何获取依赖于数据框列子集的新列

相关文章:

java - grails 域而不保存它

security - 我的 DNS 提供商可以看到哪些信息?

linux - Linux 启动/关闭时的日志脚本

mysql - Maria DB : MySQL Server has gone away, 错误日志中没有任何内容

c - resolv.h 中头文件缺失值

google-app-engine - 了解 Google App Engine 应用的 DNS 要求

regex - 需要用一个已知的主机名grep/etc/hosts,然后从/etc/hosts中抓取该主机名的ip地址

shell - 如何从 Docker 容器内禁用和启用互联网连接?

java - 关闭 SSH session 时,进程在服务器上被杀死

c - DNS:使用 resolv.h 检索主机 IP 地址

©2024 IT工具网  联系我们