dns - 在 CentOS 中使用 /etc/resolv.conf 解析 AD 域

Question

我已经使用 Realm 配置了 SSSD，以使用 AD 凭据登录到 centOS VM。请参考此处的设置

我必须修改/etc/resolv.conf文件以将 namserver 指向 AD 域

原始/etc/resolv.conf文件：

# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2

更新了 /etc/resolv.conf文件：

# Generated by NetworkManager
search test.com
nameserver 172.31.12.38

使用更新的/etc/resolv.conf文件，用户可以使用 AD 凭据登录，但原始域未解析

我想要一种方法来解析指向不同名称服务器的域

# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com

我也尝试了多种方法来使用已弃用的标签来解析域

# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2

domain test.com
nameserver 172.31.12.38

我什至尝试过旋转选项

# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com

有没有办法使用/etc/resolv.conf解析指向不同名称服务器的多个域

score 3 · Accepted Answer

要解析 AD 森林域，我们可以在sssd.conf文件中配置 ad_server 参数

参考链接：man_page_sssd [参考 ad_server 部分]

/etc/sssd/sssd.conf文件供参考：

原始文件：

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True

更新后的文件：

[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh

[nss]
debug_level = 10

[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True

这样我们就可以避免在/etc/resolv.conf文件中添加任何条目

dns - 在 CentOS 中使用 /etc/resolv.conf 解析 AD 域

1 回答 1

Related

Reference