Windows AD 認證
登入 RedHat 系統時,使用 Windows AD 帳號。
RedHat 7/8 (不加入網域)
安裝需要的套件
yum install sssd krb5-workstation krb5-libs
新增本地帳號與 AD 帳號同名
useradd AD_user
編輯 /etc/nsswitch.conf
# Add 'sss' for AD authentication
passwd: files sss systemd
shadow: files sss
group: files sss systemd
編輯 /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
# Change this as required
default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# Change this as required
EXAMPLE.COM = {
kdc = ad.example.com
dmin_server = ad.example.com
}
[domain_realm]
# Change this as required
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM