Ani*_*ese 4 active-directory amazon-ec2 amazon-web-services
在尝试使用教程https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_linux_instance.html在 AWS 托管 Active Directory 中手动加入 Ubuntu 16.04 的 Linux 实例时,对领域的身份验证成功,但在那之后,我在尝试将 UBuntu 16.04 实例加入 AD 时遇到此错误:
Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success)
adcli: couldn't connect to ad.nettracer.aero domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success)
! Insufficient permissions to join the domain
realm: Couldn't join realm: Insufficient permissions to join the domain
然而,这同样适用于 CentOS。
我的结局有什么问题吗?
cap*_*ack 10
我在加入 Ubuntu 16.04 机器时遇到了同样的问题,我需要做的就是在 krb5.conf 中将 rdns 标志设置为 false,如下所示:
/etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
添加该行后,您可以使用以下命令将机器加入域:
sudo realm join -U join_account@EXAMPLE.COM example.com --verbose
| 归档时间: |
|
| 查看次数: |
11381 次 |
| 最近记录: |