我已使用 Realm 配置 SSSD,以使用 AD 凭据登录到 centOS VM。请引用设置 here
我必须修改 /etc/resolv.conf 文件以将 namserver 指向 AD 域
原始/etc/resolv.conf文件:
# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2
更新的 /etc/resolv.conf 文件:
# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
使用更新后的 /etc/resolv.conf 文件,用户可以使用 AD 凭据登录,但原始域未解析
我想要一种方法来解析指向不同名称服务器的两个域
# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
我也尝试过多种方法来使用已弃用的标签来解析域
# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2
domain test.com
nameserver 172.31.12.38
我什至尝试过旋转选项
# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
有没有办法使用 /etc/resolv.conf
解析指向不同名称服务器的多个域最佳答案
要解析 AD 森林域,我们可以在 sssd.conf 文件中配置 ad_server 参数
引用链接:man_page_sssd [引用 ad_server 部分]
/etc/sssd/sssd.conf引用文件:
原始文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
更新文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
这样我们就可以避免在/etc/resolv.conf 文件中做任何输入
关于dns - CentOS中使用/etc/resolv.conf解析AD域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64026565/