我已经在 AWS 上成功构建了一个 Active Director。我可以从位于同一 VPC 中的 Centos7 EC2 实例 ping 目录。现在,我尝试加入该领域,但收到以下错误:
[ec2-user@ip-172-22-2-182 ~]$ sudo realm join -U admin@corp.xxx.com corp.xxx.com --verbose
* Resolving: _ldap._tcp.corp.xxx.com
* Resolving: corp.xxx.com
* Performing LDAP DSE lookup on: 172.22.2.34
* Successfully discovered: corp.xxx.com
Password for admin@corp.xxx.com:
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
* LANG=C /usr/sbin/adcli join --verbose --domain xxx.com --domain-realm CORP.xxx.COM --domain-controller 172.22.2.34 --login-type user --login-user admin@xxx.com --stdin-password
* Using domain name: corp.xxx.com
* Calculated computer account name from fqdn: IP-172-22-2-182
* Using domain …kerberos active-directory amazon-ec2 amazon-web-services kdc