在CentOS中使用/etc/resolv.conf解析AD域

本文介绍了在CentOS中使用/etc/resolv.conf解析AD域的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已经使用Realm配置了SSSD，并使用AD凭据登录了centOS VM.请在此处

I have configured SSSD using Realm to login into the centOS VM using the AD Credentials. Please refer the setup here

我必须修改/etc/resolv.conf 文件以将namserver指向AD域

I had to modify the /etc/resolv.conf file to point the namserver to the AD Domain

原始的/etc/resolv.conf 文件:

# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2

更新的/etc/resolv.conf 文件:

# Generated by NetworkManager
search test.com
nameserver 172.31.12.38

使用更新的/etc/resolv.conf 文件，用户可以使用AD凭据登录，但无法解析原始域

With the updated /etc/resolv.conf file the User is able to login using AD Credentials but the original domain is not resolved

我想要一种方法来解析两个指向不同名称服务器的域

I want a way to resolve both the domains that point to different nameservers

# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com

我也尝试了多种使用不推荐使用的标签来解析域的方法

I have tried multiple ways to resolve the domains using the deprecated tags as well

# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2

domain test.com
nameserver 172.31.12.38

我什至尝试过旋转选项

# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com

是否有一种方法可以使用/etc/resolv.conf

Is there a way to resolve multiple domains that point to different nameservers using the /etc/resolv.conf

推荐答案

要解析AD林域，我们可以在 sssd.conf 文件中配置ad_server参数

To resolve the AD Forest Domain we can configure the ad_server parameter in the sssd.conf file

参考链接: man_page_sssd [请参阅ad_server部分]

ref link: man_page_sssd [Refer the ad_server part]

/etc/sssd/sssd.conf 文件供参考:

原始文件:

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True

更新的文件:

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True

这样，我们可以避免在/etc/resolv.conf 文件中进行任何输入

This way we can avoid making any entries in the /etc/resolv.conf file

这篇关于在CentOS中使用/etc/resolv.conf解析AD域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！

We