IPA RHEL7 AD - AD-Konto kann nicht mit dem IPA-Host verbunden werden

407
Ktulu

Egal wie sehr ich es auch versuche, ich kann keine Verbindung mit IPA über ein Windows-Konto in AD herstellen. Ich habe Folgendes getan: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/active- Directory-Trust empfiehlt: IPA in einer eigenen DNS-Domäne einrichten, eine Vertrauensstellung für AD einrichten - vergeblich, am Ende kann ich mich nicht anmelden - kann mir jemand dabei helfen?

Für Informationen hier meine /etc/sssd/sssd.conf: /etc/sssd/ssd.conf:

[domain/ipa.domain] debug_level = 4 cache_credentials = True ipa_domain = ipa.domain id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipa-master.ipa.domain chpass_provider = ipa ipa_server = ipa-master.ipa.domain ipa_server_mode = True ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = ad.domain subdomains_provider = none krb5_realm = ipa.domain krb5_server = ipa-master.ipa.domain:88 krb5_store_password_if_offline = True [sssd] debug_level = 4 config_file_version = 2 domains = ipa.domain services = nss, sudo, pam, ssh, ifp subdomain_enumerate = all [nss] memcache_timeout = 600 debug_level = 9 shell_fallback = /bin/bash homedir_substring = /home [pam] debug_level = 4 [sudo] [autofs] debug_level = 4 [ssh] debug_level = 6 [pac] [ifp] 

Und /etc/krb5.conf:

includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = IPA.DOMAIN dns_lookup_realm = false dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:% [realms] IPA.DOMAIN = { kdc = ipa-master.IPA.DOMAIN:88 master_kdc = ipa-master.IPA.DOMAIN:88 admin_server = ipa-master.IPA.DOMAIN:749 default_domain = IPA.DOMAIN pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem auth_to_local = RULE:[1:$1@$0](^.*@AD.DOMAIN$)s/@AD.DOMAIN/@ad.domain/ auth_to_local = DEFAULT } [domain_realm] .IPA.DOMAIN = IPA.DOMAIN IPA.DOMAIN = IPA.DOMAIN ipa-master.IPA.DOMAIN = IPA.DOMAIN  [dbmodules] IPA.DOMAIN = { db_library = ipadb.so } 
0

0 Antworten auf die Frage