当前位置：首页 > article >正文

Ubuntu22.04 加入AD域

article 2024/10/24 12:43:23

Ubuntu22.04 加入AD域
要在Ubuntu 22.04上加入Active Directory (AD) 域，你可以使用realmd和sssd服务。以下是加入AD域的步骤和示例配置：

更新系统软件包列表：

sudo apt update

下载安装必要的软件包：

sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli krb5-user packagekit

root@mail:/var/cache/apt/archives# apt-get install --download-only realmd libnss-sss libpam-sss sssd sssd-tools adcli krb5-user packagekit
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
packagekit is already the newest version (1.2.5-2ubuntu2).
The following additional packages will be installed:
  cracklib-runtime krb5-config ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 libbasicobjects0
  libc-ares2 libcollection4 libcrack2 libcups2 libdhash1 libgssrpc4 libini-config5 libipa-hbac0 libkadm5clnt-mit12
  libkadm5srv-mit12 libkdb5-10 libldb2 libnfsidmap1 libnl-route-3-200 libpam-pwquality libpath-utils1
  libpwquality-common libpwquality1 libref-array1 libsasl2-modules-gssapi-mit libsmbclient libsss-certmap0
  libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 libtevent0 libwbclient0 python3-ldb python3-sss python3-talloc
  samba-libs sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy
  wamerican
Suggested packages:
  krb5-k5tls cups-common krb5-doc libsss-sudo libsasl2-modules-ldap
The following NEW packages will be installed:
  adcli cracklib-runtime krb5-config krb5-user ldap-utils libavahi-client3 libavahi-common-data libavahi-common3
  libbasicobjects0 libc-ares2 libcollection4 libcrack2 libcups2 libdhash1 libgssrpc4 libini-config5 libipa-hbac0
  libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libldb2 libnfsidmap1 libnl-route-3-200 libnss-sss libpam-pwquality
  libpam-sss libpath-utils1 libpwquality-common libpwquality1 libref-array1 libsasl2-modules-gssapi-mit libsmbclient
  libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 libtevent0 libwbclient0 python3-ldb python3-sss
  python3-talloc realmd samba-libs sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-ipa sssd-krb5
  sssd-krb5-common sssd-ldap sssd-proxy sssd-tools wamerican
0 upgraded, 56 newly installed, 0 to remove and 12 not upgraded.
Need to get 11.0 MB of archives.
After this operation, 44.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libtalloc2 amd64 2.3.3-2build1 [25.6 kB]
Get:2 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libtevent0 amd64 0.11.0-1build1 [39.2 kB]
Get:3 http://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwbclient0 amd64 2:4.15.13+dfsg-0ubuntu1.6 [266 kB]
Get:4 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libavahi-common-data amd64 0.8-5ubuntu5.2 [23.8 kB]
Get:5 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libavahi-common3 amd64 0.8-5ubuntu5.2 [23.9 kB]
Get:6 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libavahi-client3 amd64 0.8-5ubuntu5.2 [28.0 kB]
Get:7 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libcups2 amd64 2.4.1op1-1ubuntu4.11 [263 kB]
Get:8 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libtdb1 amd64 1.4.5-2build1 [46.4 kB]
Get:9 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libldb2 amd64 2:2.4.4-0ubuntu0.22.04.2 [154 kB]
Get:10 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 python3-ldb amd64 2:2.4.4-0ubuntu0.22.04.2 [41.7 kB]
Get:11 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 python3-talloc amd64 2.3.3-2build1 [13.0 kB]
Get:12 http://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 samba-libs amd64 2:4.15.13+dfsg-0ubuntu1.6 [6,276 kB]
Get:13 http://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsmbclient amd64 2:4.15.13+dfsg-0ubuntu1.6 [65.9 kB]
Get:14 http://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-modules-gssapi-mit amd64 2.1.27+dfsg2-3ubuntu1.2 [31.5 kB]
Get:15 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 adcli amd64 0.9.1-1ubuntu2 [98.1 kB]
Get:16 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libcrack2 amd64 2.9.6-3.4build4 [29.6 kB]
Get:17 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 cracklib-runtime amd64 2.9.6-3.4build4 [149 kB]
Get:18 http://cn.archive.ubuntu.com/ubuntu jammy/main amd64 krb5-config all 2.6+nmu1ubuntu1 [21.7 kB]
Get:19 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libgssrpc4 amd64 1.19.2-2ubuntu0.4 [58.7 kB]
Get:20 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libkadm5clnt-mit12 amd64 1.19.2-2ubuntu0.4 [41.9 kB]
Get:21 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libkdb5-10 amd64 1.19.2-2ubuntu0.4 [40.4 kB]
Get:22 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libkadm5srv-mit12 amd64 1.19.2-2ubuntu0.4 [54.7 kB]
Get:23 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/universe amd64 krb5-user amd64 1.19.2-2ubuntu0.4 [110 kB]
Get:24 http://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ldap-utils amd64 2.5.18+dfsg-0ubuntu0.22.04.2 [147 kB]
Get:25 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libnfsidmap1 amd64 1:2.6.1-1ubuntu1.2 [42.9 kB]
Get:26 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libnl-route-3-200 amd64 3.5.0-0.1 [180 kB]
Get:27 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libpwquality-common all 1.4.4-1build2 [7,642 B]
Get:28 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libpwquality1 amd64 1.4.4-1build2 [13.4 kB]
Get:29 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libpam-pwquality amd64 1.4.4-1build2 [11.8 kB]
Get:30 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 realmd amd64 0.17.0-1ubuntu2 [170 kB]
Get:31 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 wamerican all 2020.12.07-2 [236 kB]
Get:32 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libbasicobjects0 amd64 0.6.2-1 [6,160 B]
Get:33 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libc-ares2 amd64 1.18.1-1ubuntu0.22.04.3 [45.1 kB]
Get:34 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libcollection4 amd64 0.6.2-1 [23.9 kB]
Get:35 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libdhash1 amd64 0.6.2-1 [9,150 B]
Get:36 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libpath-utils1 amd64 0.6.2-1 [9,254 B]
Get:37 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libref-array1 amd64 0.6.2-1 [7,720 B]
Get:38 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy/main amd64 libini-config5 amd64 0.6.2-1 [44.5 kB]
Get:39 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libipa-hbac0 amd64 2.6.3-1ubuntu3.3 [11.2 kB]
Get:40 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libnss-sss amd64 2.6.3-1ubuntu3.3 [23.7 kB]
Get:41 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libpam-sss amd64 2.6.3-1ubuntu3.3 [40.6 kB]
Get:42 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libsss-certmap0 amd64 2.6.3-1ubuntu3.3 [34.8 kB]
Get:43 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libsss-idmap0 amd64 2.6.3-1ubuntu3.3 [15.9 kB]
Get:44 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 libsss-nss-idmap0 amd64 2.6.3-1ubuntu3.3 [21.8 kB]
Get:45 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 python3-sss amd64 2.6.3-1ubuntu3.3 [41.2 kB]
Get:46 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-common amd64 2.6.3-1ubuntu3.3 [1,131 kB]
Get:47 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-ad-common amd64 2.6.3-1ubuntu3.3 [76.0 kB]
Get:48 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-krb5-common amd64 2.6.3-1ubuntu3.3 [80.5 kB]
Get:49 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-ad amd64 2.6.3-1ubuntu3.3 [137 kB]
Get:50 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-ipa amd64 2.6.3-1ubuntu3.3 [221 kB]
Get:51 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-krb5 amd64 2.6.3-1ubuntu3.3 [14.0 kB]
Get:52 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-ldap amd64 2.6.3-1ubuntu3.3 [32.5 kB]
Get:53 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-proxy amd64 2.6.3-1ubuntu3.3 [43.2 kB]
Get:54 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd amd64 2.6.3-1ubuntu3.3 [4,112 B]
Get:55 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-dbus amd64 2.6.3-1ubuntu3.3 [106 kB]
Get:56 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates/main amd64 sssd-tools amd64 2.6.3-1ubuntu3.3 [92.4 kB]
Fetched 11.0 MB in 4s (2,817 kB/s)
Download complete and in download only mode
root@mail:/var/cache/apt/archives#

发现并加入域：

sudo realm discover YOUR.DOMAIN.COM
sudo realm join --user=AdminUser YOUR.DOMAIN.COM

替换YOUR.DOMAIN.COM为你的AD域名，并用一个有权加入新计算机到域的用户代替AdminUser。

配置SSSD：

编辑/etc/sssd/sssd.conf文件，确保有以下配置：

[sssd]
services = nss, pam
config_file_version = 2
domains = YOUR.DOMAIN.COM

[domain/YOUR.DOMAIN.COM]
ad_domain = YOUR.DOMAIN.COM
krb5_realm = YOUR.DOMAIN.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad

再次替换YOUR.DOMAIN.COM为你的AD域名。

重启SSSD服务：

sudo systemctl restart sssd

配置Kerberos：

编辑/etc/krb5.conf，添加以下配置：

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = YOUR.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
YOUR.DOMAIN.COM = {
kdc = YOUR.KDC.SERVER
admin_server = YOUR.KDC.SERVER
}

[domain_realm]
.YOUR.DOMAIN.COM = YOUR.DOMAIN.COM
YOUR.DOMAIN.COM = YOUR.DOMAIN.COM

[appdefaults]

替换YOUR.DOMAIN.COM和YOUR.KDC.SERVER为你的AD域名和KDC服务器地址。

更新你的DNS服务器设置，确保你的系统可以解析AD域控制器。

测试登录：

sudo authconfig-gtk

在图形界面中选择你的域，输入你的域账号和密码进行测试。

以上步骤可能需要根据你的网络环境和特定配置进行适当调整。如果遇到问题，检查日志文件以获取更多信息，如/var/log/auth.log。

查看全文

http://www.kler.cn/news/362998.html