我们已经设置了一个有效的 SSSD+Samba+Krb5 捆绑包,用于在 Linux 计算机上授权域用户。授权工作正常,但getent 组示例不会返回组中用户的完整列表。而id命令显示用户所属的特定组
\nid mshepelev命令示例(pam_nas_admins组存在):
\n ~$ id mshepelev\n uid=578290105(mshepelev) gid=1145492938(linuxadm) \xd0\xb3\xd1\x80\xd1\x83\xd0\xbf\xd0\xbf\xd1\x8b=128(vboxusers),132(libvirtd),\n6990039486(exchange_terminal),45633573(domain admins),6753567(domain users),4563345(it dept base),1019817232(printer_it),\n5673883(linuxadm),4356383822(buh),25472572456(pam_nas_admins)....\ngetent 组 pam_nas_admins示例(该组中没有 mshepelev):
\n ~$ getent group pam_nas_admins\npam_nas_admins:*:6969932058:nhramchihin,apyataev,\nvshuykov,isaidashev,admin,nrosnovskiy,itugunov,\nmalfereva,mdimitraki,izinoviev,gkulakov,mcherenkov,kfomchenko,mkotov,aromanovskiy\n\n\n更新\n
\n
同样的情况出现在另一台电脑上,但对于用户 isaidashev 来说反之亦然。Id命令返回完整列表,getent 组 pam_nas_admins返回除用户本身之外的所有人(输出有mshepelev用户但没有isaidashev用户)
以下是配置文件:\n /etc/krb5.conf
\ncat /etc/krb5.conf\n[logging] \n default = FILE:/var/log/krb5libs.log \n kdc = FILE:/var/log/krb5kdc.log \n admin_server = FILE:/var/log/kadmind.log \n[libdefaults]\n default_realm = example.com\n kdc_timesync = …