Have make this :
# Install Deps
apt-get update
apt-get upgrade -y
apt-get install adcli sssd sssd-tools realmd krb5-user libpam-sss libnss-sss libsasl2-modules-gssapi-mit packagekit libwbclient-sssd -y
need to edit krb5 :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ADONE.COM
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
[realms]
ADONE.COM = {
kdc = adone.com
admin_server = adone.com
default_domain = ADONE.COM
}
ADTWO.LOCAL = {
kdc = adtwo.local.local
admin_server = adtwo.local.local
default_domain = ADTWO.local
}
[domain_realm]
.adone.com = ADONE.COM
adone.com = ADONE.COM
.adtwo.local = ADTWO.LOCAL
adtwo.local = ADTWO.LOCAL
Alles anzeigen
# Join LDAP 1
realm join -U admin adone.com --verbose
# Join LDAP 2
adcli join -U admin --host-keytab=/etc/krb5.keytab.adtwo.local adtwo.local
need to edit sssd.conf :
[sssd]
domains = adone.com
config_file_version = 2
services = nss, pam
[domain/adone.com]
ad_domain = adone.com
krb5_realm = ADONE.com
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
#enumerate = True
timeout = 3600
dyndns_update = false
ad_gpo_access_control = permissive
[domain/adtwo.local]
ad_domain = adtwo.local
krb5_realm = ADTWO.local
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
timeout = 3600
krb5_keytab = /etc/krb5.keytab.adtwo.local
ldap_krb5_keytab = /etc/krb5.keytab.adtwo.local
ad_gpo_access_control = permissive
Alles anzeigen
That work for add two ldap