web-dev-qa-db-ja.com

ドメインユーザーとしてUbuntuにログインできません "ユーザーのpasswdエントリーがありません"(SSSD、KRB5、Samba) `

私はこの ガイド に従って、Ubuntu 14.04サーバーを私のドメインに参加させました。私はすべてが機能しています-サーバーはADに正常に参加しました、私は問題なくkinitでき、動的DNSは非常にうまく機能しています。しかし、Linuxにログインしてドメインユーザーとしてsuを実行しようとすると、失敗します...

例:

su domainuser
No passwd entry for user 'domainuser'

su timdomain\\domainuser
No passwd entry for user 'timdomain\domainuser'

su timdomain.local\\domainuser
No passwd entry for user 'timdomain.local\domainuser'

su TIMDOMAIN.LOCAL\\domainuser
No passwd entry for user 'TIMDOMAIN.LOCAL\domainuser'

KRB5.conf

[libdefaults]
    default_realm = TIMDOMAIN.LOCAL


    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

    v4_instance_resolve = false
    v4_name_convert = {
            Host = {
                    rcmd = Host
                    ftp = ftp
            }
            plain = {
                    something = something-else
            }
    }
    fcc-mit-ticketflags = true

[realms]
    TIMDOMAIN.LOCAL = {
            kdc = dc01.timdomain.local
            admin_server = dc01.timdomain.local
            default_domain = timdomain.local
                    }

[domain_realm]
    .timdomain.local = DC01.TIMDOMAIN.LOCAL
    timdomain.local = DC01.TIMDOMAIN.LOCAL
[login]
    krb4_convert = true
    krb4_get_tickets = false

SSSD.conf

[sssd]
services = nss, pam
config_file_version = 2
domains = TIMDOMAIN.LOCAL

[domain\TIMDOMAIN.LOCAL]
id_provider = ad
overridehomedir = /home/%d/%u
access_provider = simple

smb.conf

[global]
   workgroup = TIMDOMAIN
   client signing = yes
   client use spnego = yes
   kerberos method = secrets and keytab
   realm = TIMDOMAIN.LOCAL
   security = ads

   server string = %h server (Samba, Ubuntu)
   dns proxy = no

   log file = /var/log/samba/log.%m

   max log size = 1000

   syslog = 0

   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   passdb backend = tdbsam

   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes

   map to guest = bad user
   usershare allow guests = yes


[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

nsswitch.conf

passwd:         compat sss
group:          compat sss
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis sss
sudoers:        files sss

linuxubuntuactive-directorysambasssd
1
user402916

これは非常に役立つ回答ではありませんが、sssdログを確認せずに支援することは事実上不可能です。フォロー https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html

1
jhrozek