问题描述
我已经使用Realm配置了SSSD,并使用AD凭据登录了centOS VM.请在此处
I have configured SSSD using Realm to login into the centOS VM using the AD Credentials. Please refer the setup here
我必须修改/etc/resolv.conf 文件以将namserver指向AD域
I had to modify the /etc/resolv.conf file to point the namserver to the AD Domain
原始的/etc/resolv.conf 文件:
# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2
更新的/etc/resolv.conf 文件:
# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
使用更新的/etc/resolv.conf 文件,用户可以使用AD凭据登录,但无法解析原始域
With the updated /etc/resolv.conf file the User is able to login using AD Credentials but the original domain is not resolved
我想要一种方法来解析两个指向不同名称服务器的域
I want a way to resolve both the domains that point to different nameservers
# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
我也尝试了多种使用不推荐使用的标签来解析域的方法
I have tried multiple ways to resolve the domains using the deprecated tags as well
# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2
domain test.com
nameserver 172.31.12.38
我什至尝试过旋转选项
# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
是否有一种方法可以使用/etc/resolv.conf
Is there a way to resolve multiple domains that point to different nameservers using the /etc/resolv.conf
推荐答案
要解析AD林域,我们可以在 sssd.conf 文件中配置ad_server参数
To resolve the AD Forest Domain we can configure the ad_server parameter in the sssd.conf file
参考链接: man_page_sssd [请参阅ad_server部分]
ref link: man_page_sssd [Refer the ad_server part]
/etc/sssd/sssd.conf 文件供参考:
原始文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
更新的文件:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
这样,我们可以避免在/etc/resolv.conf 文件中进行任何输入
This way we can avoid making any entries in the /etc/resolv.conf file
这篇关于在CentOS中使用/etc/resolv.conf解析AD域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!