ubuntu加入Windows的AD域(使用SSSD和Realm的方式)

Step 1: Initial Configurations to Join Ubuntu to Samba4 AD

1.首先要修改好自己电脑的hostname,可以使用hostnamectl命令或者直接编辑/etc/hostname 文件

# hostnamectl set-hostname your_machine_short_name$ cat /etc/hostname
mamh-PC$ hostnamectl                           Static hostname: mamh-PCIcon name: computer-desktopChassis: desktopMachine ID: 4165ee77f3a840b880478065c5624a98Boot ID: 0b179497ee0a4ffdb5d5a1a288693fa9Operating System: Ubuntu 16.04.6 LTSKernel: Linux 4.18.0-15-genericArchitecture: x86-64

2.然后一个重要的步骤是设置好ip。尤其是DNS 。

3.最后是重启网络,或者重启电脑。

systemctl restart networking.serviceping -c2 your_domain_name

4.最后一个步骤是安装时间同步服务器ntpdate

$ sudo apt-get install ntpdate
$ sudo ntpdate -q your_domain_name
$ sudo ntpdate your_domain_name

Step 2: 安装需要的软件

5.这一步安装Realmd and SSSD 相关的软件

$ sudo apt-get install adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1 $ sudo apt-get install samba # 如果需要samba共享目录给Windows。需要安装这个

root@bf-pc04:~# echo 'apt-get install adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1 '>install.sh
root@bf-pc04:~# chmod 755 install.sh
root@bf-pc04:~# ls
install.sh
root@bf-pc04:~# cat install.sh
apt-get install adcli realmd krb5-user \
samba-common-bin samba-libs samba-dsdb-modules \
sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1

#开始安装需要的软件
root@bf-pc04:~# ./install.sh
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
将会安装下列额外的软件包:cracklib-runtime gdebi-core krb5-config ldap-utils libarchive13libavahi-client3 libavahi-common-data libavahi-common3 libbasicobjects0libc-ares2 libcollection2 libcrack2 libcups2 libdhash1 libelfg0 libglib2.0-0libglib2.0-bin libgmp10 libgssapi-krb5-2 libgssrpc4 libgstreamer1.0-0libini-config3 libipa-hbac0 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7libkrb5-3 libkrb5support0 libldap-2.4-2 libldb1 liblzo2-2 libnettle4libnl-3-200 libnl-genl-3-200 libnl-route-3-200 libnspr4 libnss3libnss3-nssdb libpackagekit-glib2-16 libpam-pwquality libpath-utils1libpwquality-common libpwquality1 libref-array1 libsasl2-modules-gssapi-mitlibsss-idmap0 libsss-sudo libsystemd-journal0 libtalloc2 libtdb1 libtevent0libwbclient0 packagekit-backend-aptcc packagekit-tools python-cryptopython-ldb python-samba python-sss python-talloc python-tdb python3-chardetpython3-debian python3-packagekit python3-pkg-resources python3-sixsamba-common sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5sssd-krb5-common sssd-ldap sssd-proxy wamerican
建议安装的软件包:lrzip cups-common krb5-doc gstreamer1.0-tools gstreamer1.0-plugins-basepackagekit-backend-smart python-crypto-dbg python-crypto-docpython3-setuptools heimdal-clients libsasl2-modules-ldap
下列【新】软件包将被安装:adcli cracklib-runtime gdebi-core krb5-config krb5-user ldap-utilslibarchive13 libavahi-client3 libavahi-common-data libavahi-common3libbasicobjects0 libc-ares2 libcollection2 libcrack2 libcups2 libdhash1libelfg0 libglib2.0-bin libgmp10 libgssrpc4 libgstreamer1.0-0 libini-config3libipa-hbac0 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libldb1 liblzo2-2libnettle4 libnl-route-3-200 libnspr4 libnss-sss libnss3 libnss3-nssdblibpackagekit-glib2-16 libpam-pwquality libpam-sss libpath-utils1libpwquality-common libpwquality1 libref-array1 libsasl2-modules-gssapi-mitlibsss-idmap0 libsss-sudo libsystemd-journal0 libtalloc2 libtdb1 libtevent0libwbclient0 packagekit packagekit-backend-aptcc packagekit-toolspython-crypto python-ldb python-samba python-sss python-talloc python-tdbpython3-chardet python3-debian python3-packagekit python3-pkg-resourcespython3-six realmd samba-common samba-common-bin samba-dsdb-modulessamba-libs sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5sssd-krb5-common sssd-ldap sssd-proxy sssd-tools wamerican
下列软件包将被升级:libglib2.0-0 libgssapi-krb5-2 libkrb5-3 libkrb5support0 libldap-2.4-2libnl-3-200 libnl-genl-3-200 policykit-1
升级了 8 个软件包,新安装了 79 个软件包,要卸载 0 个软件包,有 174 个软件包未被升级。
需要下载 15.3 MB 的软件包。
解压缩后会消耗掉 63.2 MB 的额外空间。
您希望继续执行吗? [Y/n] y
获取:1 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libglib2.0-0 amd64 2.40.2-0ubuntu1.1 [1,059 kB]
获取:2 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libgssapi-krb5-2 amd64 1.12+dfsg-2ubuntu5.4 [114 kB]
获取:3 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkrb5-3 amd64 1.12+dfsg-2ubuntu5.4 [262 kB]
获取:4 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkrb5support0 amd64 1.12+dfsg-2ubuntu5.4 [31.1 kB]
获取:5 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libldap-2.4-2 amd64 2.4.31-1+nmu2ubuntu8.5 [153 kB]
获取:6 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main liblzo2-2 amd64 2.06-1.2ubuntu1.1 [46.1 kB]
获取:7 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnettle4 amd64 2.7.1-1ubuntu0.2 [102 kB]
获取:8 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libarchive13 amd64 3.1.2-7ubuntu2.8 [262 kB]
获取:9 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libavahi-common-data amd64 0.6.31-4ubuntu1.3 [21.1 kB]
获取:10 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libavahi-common3 amd64 0.6.31-4ubuntu1.3 [21.7 kB]
获取:11 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libavahi-client3 amd64 0.6.31-4ubuntu1.3 [25.2 kB]
获取:12 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libcrack2 amd64 2.9.1-1build1 [27.2 kB]
获取:13 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libcups2 amd64 1.7.2-0ubuntu1.11 [178 kB]
获取:14 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libelfg0 amd64 0.8.13-5 [37.6 kB]
获取:15 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libgmp10 amd64 2:5.1.3+dfsg-1ubuntu1 [218 kB]
获取:16 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libgssrpc4 amd64 1.12+dfsg-2ubuntu5.4 [53.1 kB]
获取:17 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libgstreamer1.0-0 amd64 1.2.4-0ubuntu1.1 [598 kB]
获取:18 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkadm5clnt-mit9 amd64 1.12+dfsg-2ubuntu5.4 [36.2 kB]
获取:19 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkdb5-7 amd64 1.12+dfsg-2ubuntu5.4 [36.2 kB]
获取:20 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkadm5srv-mit9 amd64 1.12+dfsg-2ubuntu5.4 [50.3 kB]
获取:21 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libtalloc2 amd64 2.1.5-0ubuntu0.14.04.1 [28.6 kB]
获取:22 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libtdb1 amd64 1.3.8-0ubuntu0.14.04.1 [38.3 kB]
获取:23 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libtevent0 amd64 0.9.28-0ubuntu0.14.04.1 [26.2 kB]
获取:24 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libldb1 amd64 1:1.1.24-0ubuntu0.14.04.2 [107 kB]
获取:25 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnl-genl-3-200 amd64 3.2.21-1ubuntu4.1 [10.2 kB]
获取:26 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnl-3-200 amd64 3.2.21-1ubuntu4.1 [45.3 kB]
获取:27 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnl-route-3-200 amd64 3.2.21-1ubuntu4.1 [96.2 kB]
获取:28 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnspr4 amd64 2:4.13.1-0ubuntu0.14.04.1 [110 kB]
获取:29 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnss3-nssdb all 2:3.28.4-0ubuntu0.14.04.5 [10.6 kB]
获取:30 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnss3 amd64 2:3.28.4-0ubuntu0.14.04.5 [1,124 kB]
获取:31 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libpackagekit-glib2-16 amd64 0.8.12-1ubuntu5 [102 kB]
获取:32 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpwquality-common all 1.2.3-1ubuntu1.1 [5,400 B]
获取:33 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpwquality1 amd64 1.2.3-1ubuntu1.1 [11.7 kB]
获取:34 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpam-pwquality amd64 1.2.3-1ubuntu1.1 [9,952 B]
获取:35 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libwbclient0 amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [30.3 kB]
获取:36 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-ldb amd64 1:1.1.24-0ubuntu0.14.04.2 [29.0 kB]
获取:37 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-talloc amd64 2.1.5-0ubuntu0.14.04.1 [7,628 B]
获取:38 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-common all 2:4.3.11+dfsg-0ubuntu0.14.04.20 [84.1 kB]
获取:39 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-libs amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [5,129 kB]
获取:40 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libbasicobjects0 amd64 0.3.0.1-4 [5,628 B]
获取:41 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libc-ares2 amd64 1.10.0-2ubuntu0.2 [34.1 kB]
获取:42 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libcollection2 amd64 0.3.0.1-4 [20.2 kB]
获取:43 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libdhash1 amd64 0.3.0.1-4 [8,442 B]
获取:44 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libpath-utils1 amd64 0.3.0.1-4 [8,410 B]
获取:45 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libref-array1 amd64 0.3.0.1-4 [7,072 B]
获取:46 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libini-config3 amd64 0.3.0.1-4 [27.9 kB]
获取:47 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnss-sss amd64 1.11.8-0ubuntu0.7 [18.3 kB]
获取:48 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libsystemd-journal0 amd64 204-5ubuntu20.31 [50.5 kB]
获取:49 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libsasl2-modules-gssapi-mit amd64 2.1.25.dfsg1-17build1 [47.4 kB]
获取:50 http://cn.archive.ubuntu.com/ubuntu/ trusty/universe adcli amd64 0.7.5-1 [59.4 kB]
获取:51 http://cn.archive.ubuntu.com/ubuntu/ trusty/main cracklib-runtime amd64 2.9.1-1build1 [138 kB]
获取:52 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python3-pkg-resources all 3.3-1ubuntu2 [31.7 kB]
获取:53 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python3-chardet all 2.2.1-2~ubuntu1 [96.5 kB]
获取:54 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python3-six all 1.5.2-1ubuntu1.1 [8,438 B]
获取:55 http://cn.archive.ubuntu.com/ubuntu/ trusty/main python3-debian all 0.1.21+nmu2ubuntu2 [34.9 kB]
获取:56 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main gdebi-core all 0.9.5.3ubuntu3 [9,518 B]
获取:57 http://cn.archive.ubuntu.com/ubuntu/ trusty/main krb5-config all 2.3 [23.4 kB]
获取:58 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/universe krb5-user amd64 1.12+dfsg-2ubuntu5.4 [96.6 kB]
获取:59 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main ldap-utils amd64 2.4.31-1+nmu2ubuntu8.5 [122 kB]
获取:60 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libglib2.0-bin amd64 2.40.2-0ubuntu1.1 [34.9 kB]
获取:61 http://cn.archive.ubuntu.com/ubuntu/ trusty/main python3-packagekit all 0.8.12-1ubuntu5 [17.9 kB]
获取:62 http://cn.archive.ubuntu.com/ubuntu/ trusty/main packagekit-backend-aptcc amd64 0.8.12-1ubuntu5 [97.2 kB]
获取:63 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main policykit-1 amd64 0.105-4ubuntu3.14.04.6 [51.9 kB]
获取:64 http://cn.archive.ubuntu.com/ubuntu/ trusty/main packagekit amd64 0.8.12-1ubuntu5 [269 kB]
获取:65 http://cn.archive.ubuntu.com/ubuntu/ trusty/main packagekit-tools amd64 0.8.12-1ubuntu5 [46.2 kB]
获取:66 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-crypto amd64 2.6.1-4ubuntu0.3 [239 kB]
获取:67 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-tdb amd64 1.3.8-0ubuntu0.14.04.1 [10.8 kB]
获取:68 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-samba amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [1,070 kB]
获取:69 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/universe realmd amd64 0.15.0-1ubuntu0.1 [173 kB]
获取:70 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-common-bin amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [508 kB]
获取:71 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-dsdb-modules amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [219 kB]
获取:72 http://cn.archive.ubuntu.com/ubuntu/ trusty/main wamerican all 7.1-1 [269 kB]
获取:73 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libipa-hbac0 amd64 1.11.8-0ubuntu0.7 [8,836 B]
获取:74 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpam-sss amd64 1.11.8-0ubuntu0.7 [20.2 kB]
获取:75 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libsss-idmap0 amd64 1.11.8-0ubuntu0.7 [13.4 kB]
获取:76 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libsss-sudo amd64 1.11.8-0ubuntu0.7 [13.1 kB]
获取:77 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-sss amd64 1.11.8-0ubuntu0.7 [47.2 kB]
获取:78 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-common amd64 1.11.8-0ubuntu0.7 [525 kB]
获取:79 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ad-common amd64 1.11.8-0ubuntu0.7 [34.2 kB]
获取:80 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-krb5-common amd64 1.11.8-0ubuntu0.7 [72.1 kB]
获取:81 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ad amd64 1.11.8-0ubuntu0.7 [56.2 kB]
获取:82 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ipa amd64 1.11.8-0ubuntu0.7 [101 kB]
获取:83 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-krb5 amd64 1.11.8-0ubuntu0.7 [19.3 kB]
获取:84 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ldap amd64 1.11.8-0ubuntu0.7 [48.9 kB]
获取:85 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-proxy amd64 1.11.8-0ubuntu0.7 [30.0 kB]
获取:86 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd amd64 1.11.8-0ubuntu0.7 [4,138 B]
获取:87 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-tools amd64 1.11.8-0ubuntu0.7 [101 kB]
下载 15.3 MB,耗时 38秒 (397 kB/s)
正在从软件包中解出模板:100%
正在预设定软件包 ...
(正在读取数据库 ... 系统当前共安装有 58989 个文件和目录。)
正准备解包 .../libglib2.0-0_2.40.2-0ubuntu1.1_amd64.deb  ...
正在将 libglib2.0-0:amd64 (2.40.2-0ubuntu1.1) 解包到 (2.40.2-0ubuntu1) 上 ...
正准备解包 .../libgssapi-krb5-2_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在将 libgssapi-krb5-2:amd64 (1.12+dfsg-2ubuntu5.4) 解包到 (1.12+dfsg-2ubuntu5.2) 上 ...
正准备解包 .../libkrb5-3_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在将 libkrb5-3:amd64 (1.12+dfsg-2ubuntu5.4) 解包到 (1.12+dfsg-2ubuntu5.2) 上 ...
正准备解包 .../libkrb5support0_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在将 libkrb5support0:amd64 (1.12+dfsg-2ubuntu5.4) 解包到 (1.12+dfsg-2ubuntu5.2) 上 ...
正准备解包 .../libldap-2.4-2_2.4.31-1+nmu2ubuntu8.5_amd64.deb  ...
正在将 libldap-2.4-2:amd64 (2.4.31-1+nmu2ubuntu8.5) 解包到 (2.4.31-1+nmu2ubuntu8.3) 上 ...
正在选中未选择的软件包 liblzo2-2:amd64。
正准备解包 .../liblzo2-2_2.06-1.2ubuntu1.1_amd64.deb  ...
正在解包 liblzo2-2:amd64 (2.06-1.2ubuntu1.1) ...
正在选中未选择的软件包 libnettle4:amd64。
正准备解包 .../libnettle4_2.7.1-1ubuntu0.2_amd64.deb  ...
正在解包 libnettle4:amd64 (2.7.1-1ubuntu0.2) ...
正在选中未选择的软件包 libarchive13:amd64。
正准备解包 .../libarchive13_3.1.2-7ubuntu2.8_amd64.deb  ...
正在解包 libarchive13:amd64 (3.1.2-7ubuntu2.8) ...
正在选中未选择的软件包 libavahi-common-data:amd64。
正准备解包 .../libavahi-common-data_0.6.31-4ubuntu1.3_amd64.deb  ...
正在解包 libavahi-common-data:amd64 (0.6.31-4ubuntu1.3) ...
正在选中未选择的软件包 libavahi-common3:amd64。
正准备解包 .../libavahi-common3_0.6.31-4ubuntu1.3_amd64.deb  ...
正在解包 libavahi-common3:amd64 (0.6.31-4ubuntu1.3) ...
正在选中未选择的软件包 libavahi-client3:amd64。
正准备解包 .../libavahi-client3_0.6.31-4ubuntu1.3_amd64.deb  ...
正在解包 libavahi-client3:amd64 (0.6.31-4ubuntu1.3) ...
正在选中未选择的软件包 libcrack2:amd64。
正准备解包 .../libcrack2_2.9.1-1build1_amd64.deb  ...
正在解包 libcrack2:amd64 (2.9.1-1build1) ...
正在选中未选择的软件包 libcups2:amd64。
正准备解包 .../libcups2_1.7.2-0ubuntu1.11_amd64.deb  ...
正在解包 libcups2:amd64 (1.7.2-0ubuntu1.11) ...
正在选中未选择的软件包 libelfg0:amd64。
正准备解包 .../libelfg0_0.8.13-5_amd64.deb  ...
正在解包 libelfg0:amd64 (0.8.13-5) ...
正在选中未选择的软件包 libgmp10:amd64。
正准备解包 .../libgmp10_2%3a5.1.3+dfsg-1ubuntu1_amd64.deb  ...
正在解包 libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ...
正在选中未选择的软件包 libgssrpc4:amd64。
正准备解包 .../libgssrpc4_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在解包 libgssrpc4:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在选中未选择的软件包 libgstreamer1.0-0:amd64。
正准备解包 .../libgstreamer1.0-0_1.2.4-0ubuntu1.1_amd64.deb  ...
正在解包 libgstreamer1.0-0:amd64 (1.2.4-0ubuntu1.1) ...
正在选中未选择的软件包 libkadm5clnt-mit9:amd64。
正准备解包 .../libkadm5clnt-mit9_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在解包 libkadm5clnt-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在选中未选择的软件包 libkdb5-7:amd64。
正准备解包 .../libkdb5-7_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在解包 libkdb5-7:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在选中未选择的软件包 libkadm5srv-mit9:amd64。
正准备解包 .../libkadm5srv-mit9_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在解包 libkadm5srv-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在选中未选择的软件包 libtalloc2:amd64。
正准备解包 .../libtalloc2_2.1.5-0ubuntu0.14.04.1_amd64.deb  ...
正在解包 libtalloc2:amd64 (2.1.5-0ubuntu0.14.04.1) ...
正在选中未选择的软件包 libtdb1:amd64。
正准备解包 .../libtdb1_1.3.8-0ubuntu0.14.04.1_amd64.deb  ...
正在解包 libtdb1:amd64 (1.3.8-0ubuntu0.14.04.1) ...
正在选中未选择的软件包 libtevent0:amd64。
正准备解包 .../libtevent0_0.9.28-0ubuntu0.14.04.1_amd64.deb  ...
正在解包 libtevent0:amd64 (0.9.28-0ubuntu0.14.04.1) ...
正在选中未选择的软件包 libldb1:amd64。
正准备解包 .../libldb1_1%3a1.1.24-0ubuntu0.14.04.2_amd64.deb  ...
正在解包 libldb1:amd64 (1:1.1.24-0ubuntu0.14.04.2) ...
正准备解包 .../libnl-genl-3-200_3.2.21-1ubuntu4.1_amd64.deb  ...
正在将 libnl-genl-3-200:amd64 (3.2.21-1ubuntu4.1) 解包到 (3.2.21-1ubuntu3) 上 ...
正准备解包 .../libnl-3-200_3.2.21-1ubuntu4.1_amd64.deb  ...
正在将 libnl-3-200:amd64 (3.2.21-1ubuntu4.1) 解包到 (3.2.21-1ubuntu3) 上 ...
正在选中未选择的软件包 libnl-route-3-200:amd64。
正准备解包 .../libnl-route-3-200_3.2.21-1ubuntu4.1_amd64.deb  ...
正在解包 libnl-route-3-200:amd64 (3.2.21-1ubuntu4.1) ...
正在选中未选择的软件包 libnspr4:amd64。
正准备解包 .../libnspr4_2%3a4.13.1-0ubuntu0.14.04.1_amd64.deb  ...
正在解包 libnspr4:amd64 (2:4.13.1-0ubuntu0.14.04.1) ...
正在选中未选择的软件包 libnss3-nssdb。
正准备解包 .../libnss3-nssdb_2%3a3.28.4-0ubuntu0.14.04.5_all.deb  ...
正在解包 libnss3-nssdb (2:3.28.4-0ubuntu0.14.04.5) ...
正在选中未选择的软件包 libnss3:amd64。
正准备解包 .../libnss3_2%3a3.28.4-0ubuntu0.14.04.5_amd64.deb  ...
正在解包 libnss3:amd64 (2:3.28.4-0ubuntu0.14.04.5) ...
正在选中未选择的软件包 libpackagekit-glib2-16:amd64。
正准备解包 .../libpackagekit-glib2-16_0.8.12-1ubuntu5_amd64.deb  ...
正在解包 libpackagekit-glib2-16:amd64 (0.8.12-1ubuntu5) ...
正在选中未选择的软件包 libpwquality-common。
正准备解包 .../libpwquality-common_1.2.3-1ubuntu1.1_all.deb  ...
正在解包 libpwquality-common (1.2.3-1ubuntu1.1) ...
正在选中未选择的软件包 libpwquality1:amd64。
正准备解包 .../libpwquality1_1.2.3-1ubuntu1.1_amd64.deb  ...
正在解包 libpwquality1:amd64 (1.2.3-1ubuntu1.1) ...
正在选中未选择的软件包 libpam-pwquality:amd64。
正准备解包 .../libpam-pwquality_1.2.3-1ubuntu1.1_amd64.deb  ...
正在解包 libpam-pwquality:amd64 (1.2.3-1ubuntu1.1) ...
正在选中未选择的软件包 libwbclient0:amd64。
正准备解包 .../libwbclient0_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb  ...
正在解包 libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在选中未选择的软件包 python-ldb。
正准备解包 .../python-ldb_1%3a1.1.24-0ubuntu0.14.04.2_amd64.deb  ...
正在解包 python-ldb (1:1.1.24-0ubuntu0.14.04.2) ...
正在选中未选择的软件包 python-talloc。
正准备解包 .../python-talloc_2.1.5-0ubuntu0.14.04.1_amd64.deb  ...
正在解包 python-talloc (2.1.5-0ubuntu0.14.04.1) ...
正在选中未选择的软件包 samba-common。
正准备解包 .../samba-common_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_all.deb  ...
正在解包 samba-common (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在选中未选择的软件包 samba-libs:amd64。
正准备解包 .../samba-libs_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb  ...
正在解包 samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在选中未选择的软件包 libbasicobjects0:amd64。
正准备解包 .../libbasicobjects0_0.3.0.1-4_amd64.deb  ...
正在解包 libbasicobjects0:amd64 (0.3.0.1-4) ...
正在选中未选择的软件包 libc-ares2:amd64。
正准备解包 .../libc-ares2_1.10.0-2ubuntu0.2_amd64.deb  ...
正在解包 libc-ares2:amd64 (1.10.0-2ubuntu0.2) ...
正在选中未选择的软件包 libcollection2:amd64。
正准备解包 .../libcollection2_0.3.0.1-4_amd64.deb  ...
正在解包 libcollection2:amd64 (0.3.0.1-4) ...
正在选中未选择的软件包 libdhash1:amd64。
正准备解包 .../libdhash1_0.3.0.1-4_amd64.deb  ...
正在解包 libdhash1:amd64 (0.3.0.1-4) ...
正在选中未选择的软件包 libpath-utils1:amd64。
正准备解包 .../libpath-utils1_0.3.0.1-4_amd64.deb  ...
正在解包 libpath-utils1:amd64 (0.3.0.1-4) ...
正在选中未选择的软件包 libref-array1:amd64。
正准备解包 .../libref-array1_0.3.0.1-4_amd64.deb  ...
正在解包 libref-array1:amd64 (0.3.0.1-4) ...
正在选中未选择的软件包 libini-config3:amd64。
正准备解包 .../libini-config3_0.3.0.1-4_amd64.deb  ...
正在解包 libini-config3:amd64 (0.3.0.1-4) ...
正在选中未选择的软件包 libnss-sss:amd64。
正准备解包 .../libnss-sss_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 libnss-sss:amd64 (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 libsystemd-journal0:amd64。
正准备解包 .../libsystemd-journal0_204-5ubuntu20.31_amd64.deb  ...
正在解包 libsystemd-journal0:amd64 (204-5ubuntu20.31) ...
正在选中未选择的软件包 libsasl2-modules-gssapi-mit:amd64。
正准备解包 .../libsasl2-modules-gssapi-mit_2.1.25.dfsg1-17build1_amd64.deb  ...
正在解包 libsasl2-modules-gssapi-mit:amd64 (2.1.25.dfsg1-17build1) ...
正在选中未选择的软件包 adcli。
正准备解包 .../adcli_0.7.5-1_amd64.deb  ...
正在解包 adcli (0.7.5-1) ...
正在选中未选择的软件包 cracklib-runtime。
正准备解包 .../cracklib-runtime_2.9.1-1build1_amd64.deb  ...
正在解包 cracklib-runtime (2.9.1-1build1) ...
正在选中未选择的软件包 python3-pkg-resources。
正准备解包 .../python3-pkg-resources_3.3-1ubuntu2_all.deb  ...
正在解包 python3-pkg-resources (3.3-1ubuntu2) ...
正在选中未选择的软件包 python3-chardet。
正准备解包 .../python3-chardet_2.2.1-2~ubuntu1_all.deb  ...
正在解包 python3-chardet (2.2.1-2~ubuntu1) ...
正在选中未选择的软件包 python3-six。
正准备解包 .../python3-six_1.5.2-1ubuntu1.1_all.deb  ...
正在解包 python3-six (1.5.2-1ubuntu1.1) ...
正在选中未选择的软件包 python3-debian。
正准备解包 .../python3-debian_0.1.21+nmu2ubuntu2_all.deb  ...
正在解包 python3-debian (0.1.21+nmu2ubuntu2) ...
正在选中未选择的软件包 gdebi-core。
正准备解包 .../gdebi-core_0.9.5.3ubuntu3_all.deb  ...
正在解包 gdebi-core (0.9.5.3ubuntu3) ...
正在选中未选择的软件包 krb5-config。
正准备解包 .../krb5-config_2.3_all.deb  ...
正在解包 krb5-config (2.3) ...
正在选中未选择的软件包 krb5-user。
正准备解包 .../krb5-user_1.12+dfsg-2ubuntu5.4_amd64.deb  ...
正在解包 krb5-user (1.12+dfsg-2ubuntu5.4) ...
正在选中未选择的软件包 ldap-utils。
正准备解包 .../ldap-utils_2.4.31-1+nmu2ubuntu8.5_amd64.deb  ...
正在解包 ldap-utils (2.4.31-1+nmu2ubuntu8.5) ...
正在选中未选择的软件包 libglib2.0-bin。
正准备解包 .../libglib2.0-bin_2.40.2-0ubuntu1.1_amd64.deb  ...
正在解包 libglib2.0-bin (2.40.2-0ubuntu1.1) ...
正在选中未选择的软件包 python3-packagekit。
正准备解包 .../python3-packagekit_0.8.12-1ubuntu5_all.deb  ...
正在解包 python3-packagekit (0.8.12-1ubuntu5) ...
正在选中未选择的软件包 packagekit-backend-aptcc。
正准备解包 .../packagekit-backend-aptcc_0.8.12-1ubuntu5_amd64.deb  ...
正在解包 packagekit-backend-aptcc (0.8.12-1ubuntu5) ...
正准备解包 .../policykit-1_0.105-4ubuntu3.14.04.6_amd64.deb  ...
正在将 policykit-1 (0.105-4ubuntu3.14.04.6) 解包到 (0.105-4ubuntu3.14.04.1) 上 ...
正在选中未选择的软件包 packagekit。
正准备解包 .../packagekit_0.8.12-1ubuntu5_amd64.deb  ...
正在解包 packagekit (0.8.12-1ubuntu5) ...
正在选中未选择的软件包 packagekit-tools。
正准备解包 .../packagekit-tools_0.8.12-1ubuntu5_amd64.deb  ...
正在解包 packagekit-tools (0.8.12-1ubuntu5) ...
正在选中未选择的软件包 python-crypto。
正准备解包 .../python-crypto_2.6.1-4ubuntu0.3_amd64.deb  ...
正在解包 python-crypto (2.6.1-4ubuntu0.3) ...
正在选中未选择的软件包 python-tdb。
正准备解包 .../python-tdb_1.3.8-0ubuntu0.14.04.1_amd64.deb  ...
正在解包 python-tdb (1.3.8-0ubuntu0.14.04.1) ...
正在选中未选择的软件包 python-samba。
正准备解包 .../python-samba_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb  ...
正在解包 python-samba (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在选中未选择的软件包 realmd。
正准备解包 .../realmd_0.15.0-1ubuntu0.1_amd64.deb  ...
正在解包 realmd (0.15.0-1ubuntu0.1) ...
正在选中未选择的软件包 samba-common-bin。
正准备解包 .../samba-common-bin_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb  ...
正在解包 samba-common-bin (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在选中未选择的软件包 samba-dsdb-modules。
正准备解包 .../samba-dsdb-modules_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb  ...
正在解包 samba-dsdb-modules (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在选中未选择的软件包 wamerican。
正准备解包 .../wamerican_7.1-1_all.deb  ...
正在解包 wamerican (7.1-1) ...
正在选中未选择的软件包 libipa-hbac0。
正准备解包 .../libipa-hbac0_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 libipa-hbac0 (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 libpam-sss:amd64。
正准备解包 .../libpam-sss_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 libpam-sss:amd64 (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 libsss-idmap0。
正准备解包 .../libsss-idmap0_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 libsss-idmap0 (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 libsss-sudo。
正准备解包 .../libsss-sudo_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 libsss-sudo (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 python-sss。
正准备解包 .../python-sss_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 python-sss (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-common。
正准备解包 .../sssd-common_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-common (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-ad-common。
正准备解包 .../sssd-ad-common_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-ad-common (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-krb5-common。
正准备解包 .../sssd-krb5-common_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-krb5-common (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-ad。
正准备解包 .../sssd-ad_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-ad (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-ipa。
正准备解包 .../sssd-ipa_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-ipa (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-krb5。
正准备解包 .../sssd-krb5_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-krb5 (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-ldap。
正准备解包 .../sssd-ldap_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-ldap (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-proxy。
正准备解包 .../sssd-proxy_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-proxy (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd。
正准备解包 .../sssd_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd (1.11.8-0ubuntu0.7) ...
正在选中未选择的软件包 sssd-tools。
正准备解包 .../sssd-tools_1.11.8-0ubuntu0.7_amd64.deb  ...
正在解包 sssd-tools (1.11.8-0ubuntu0.7) ...
正在处理用于 man-db (2.6.7.1-1ubuntu1) 的触发器 ...
正在处理用于 shared-mime-info (1.2-0ubuntu3) 的触发器 ...
正在处理用于 ureadahead (0.100.0-16) 的触发器 ...
ureadahead will be reprofiled on next reboot
正在设置 libglib2.0-0:amd64 (2.40.2-0ubuntu1.1) ...
No schema files found: doing nothing.
正在设置 libkrb5support0:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libkrb5-3:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libgssapi-krb5-2:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libldap-2.4-2:amd64 (2.4.31-1+nmu2ubuntu8.5) ...
正在设置 liblzo2-2:amd64 (2.06-1.2ubuntu1.1) ...
正在设置 libnettle4:amd64 (2.7.1-1ubuntu0.2) ...
正在设置 libarchive13:amd64 (3.1.2-7ubuntu2.8) ...
正在设置 libavahi-common-data:amd64 (0.6.31-4ubuntu1.3) ...
正在设置 libavahi-common3:amd64 (0.6.31-4ubuntu1.3) ...
正在设置 libavahi-client3:amd64 (0.6.31-4ubuntu1.3) ...
正在设置 libcrack2:amd64 (2.9.1-1build1) ...
正在设置 libcups2:amd64 (1.7.2-0ubuntu1.11) ...
正在设置 libelfg0:amd64 (0.8.13-5) ...
正在设置 libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ...
正在设置 libgssrpc4:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libgstreamer1.0-0:amd64 (1.2.4-0ubuntu1.1) ...
正在设置 libkadm5clnt-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libkdb5-7:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libkadm5srv-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ...
正在设置 libtalloc2:amd64 (2.1.5-0ubuntu0.14.04.1) ...
正在设置 libtdb1:amd64 (1.3.8-0ubuntu0.14.04.1) ...
正在设置 libtevent0:amd64 (0.9.28-0ubuntu0.14.04.1) ...
正在设置 libldb1:amd64 (1:1.1.24-0ubuntu0.14.04.2) ...
正在设置 libnl-3-200:amd64 (3.2.21-1ubuntu4.1) ...
正在设置 libnl-genl-3-200:amd64 (3.2.21-1ubuntu4.1) ...
正在设置 libnl-route-3-200:amd64 (3.2.21-1ubuntu4.1) ...
正在设置 libnspr4:amd64 (2:4.13.1-0ubuntu0.14.04.1) ...
正在设置 libpackagekit-glib2-16:amd64 (0.8.12-1ubuntu5) ...
正在设置 libpwquality-common (1.2.3-1ubuntu1.1) ...
正在设置 libpwquality1:amd64 (1.2.3-1ubuntu1.1) ...
正在设置 libpam-pwquality:amd64 (1.2.3-1ubuntu1.1) ...
正在设置 libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在设置 python-ldb (1:1.1.24-0ubuntu0.14.04.2) ...
正在设置 python-talloc (2.1.5-0ubuntu0.14.04.1) ...
正在设置 samba-common (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...Creating config file /etc/samba/smb.conf with new version
正在设置 samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在设置 libbasicobjects0:amd64 (0.3.0.1-4) ...
正在设置 libc-ares2:amd64 (1.10.0-2ubuntu0.2) ...
正在设置 libcollection2:amd64 (0.3.0.1-4) ...
正在设置 libdhash1:amd64 (0.3.0.1-4) ...
正在设置 libpath-utils1:amd64 (0.3.0.1-4) ...
正在设置 libref-array1:amd64 (0.3.0.1-4) ...
正在设置 libini-config3:amd64 (0.3.0.1-4) ...
正在设置 libnss-sss:amd64 (1.11.8-0ubuntu0.7) ...
First installation detected...
Checking NSS setup...
正在设置 libsystemd-journal0:amd64 (204-5ubuntu20.31) ...
正在设置 libsasl2-modules-gssapi-mit:amd64 (2.1.25.dfsg1-17build1) ...
正在设置 adcli (0.7.5-1) ...
正在设置 cracklib-runtime (2.9.1-1build1) ...
正在设置 python3-pkg-resources (3.3-1ubuntu2) ...
正在设置 python3-chardet (2.2.1-2~ubuntu1) ...
正在设置 python3-six (1.5.2-1ubuntu1.1) ...
正在设置 python3-debian (0.1.21+nmu2ubuntu2) ...
正在设置 gdebi-core (0.9.5.3ubuntu3) ...
正在设置 krb5-config (2.3) ...
正在设置 krb5-user (1.12+dfsg-2ubuntu5.4) ...
正在设置 ldap-utils (2.4.31-1+nmu2ubuntu8.5) ...
正在设置 libglib2.0-bin (2.40.2-0ubuntu1.1) ...
正在设置 python3-packagekit (0.8.12-1ubuntu5) ...
正在设置 packagekit-backend-aptcc (0.8.12-1ubuntu5) ...
正在设置 policykit-1 (0.105-4ubuntu3.14.04.6) ...
正在设置 packagekit (0.8.12-1ubuntu5) ...
正在设置 packagekit-tools (0.8.12-1ubuntu5) ...
正在设置 python-crypto (2.6.1-4ubuntu0.3) ...
正在设置 python-tdb (1.3.8-0ubuntu0.14.04.1) ...
正在设置 python-samba (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在设置 realmd (0.15.0-1ubuntu0.1) ...
正在设置 samba-common-bin (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在设置 samba-dsdb-modules (2:4.3.11+dfsg-0ubuntu0.14.04.20) ...
正在设置 wamerican (7.1-1) ...
正在设置 libipa-hbac0 (1.11.8-0ubuntu0.7) ...
正在设置 libpam-sss:amd64 (1.11.8-0ubuntu0.7) ...
正在设置 libsss-idmap0 (1.11.8-0ubuntu0.7) ...
正在设置 libsss-sudo (1.11.8-0ubuntu0.7) ...
First installation detected...
Checking NSS setup...
正在设置 python-sss (1.11.8-0ubuntu0.7) ...
正在设置 libnss3-nssdb (2:3.28.4-0ubuntu0.14.04.5) ...
正在设置 libnss3:amd64 (2:3.28.4-0ubuntu0.14.04.5) ...
正在设置 sssd-common (1.11.8-0ubuntu0.7) ...
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
sssd stop/pre-start, process 3956
sssd-autofs start/running, process 3990
正在处理用于 ureadahead (0.100.0-16) 的触发器 ...
正在设置 sssd-proxy (1.11.8-0ubuntu0.7) ...
正在设置 sssd-tools (1.11.8-0ubuntu0.7) ...
正在设置 sssd-ad-common (1.11.8-0ubuntu0.7) ...
正在设置 sssd-krb5-common (1.11.8-0ubuntu0.7) ...
正在设置 sssd-ad (1.11.8-0ubuntu0.7) ...
正在设置 sssd-ipa (1.11.8-0ubuntu0.7) ...
正在设置 sssd-krb5 (1.11.8-0ubuntu0.7) ...
正在设置 sssd-ldap (1.11.8-0ubuntu0.7) ...
正在设置 sssd (1.11.8-0ubuntu0.7) ...
正在处理用于 libc-bin (2.19-0ubuntu6.9) 的触发器 ...

6.Enter the name of the default realm with uppercases and press Enter key to continue the installation.
在安装过程中会提示,然后输入域地址

┌────────────────────────────────────────────────────────────────────────┤ Configuring Kerberos Authentication ├────────────────────────────────────────────────────────────────────────│
│ When users attempt to use Kerberos and specify a principal or user name without specifying what administrative Kerberos realm that principal belongs to, the system appends the       │
│ default realm.  The default realm may also be used as the realm of a Kerberos service running on the local machine.  Often, the default realm is the uppercase version of the local   │
│ DNS domain.                                                                                                                                                                           │
│                                                                                                                                                                                       │
│ Default Kerberos version 5 realm:                                                                                                                                                     │
│                                                                                                                                                                                       │
│ _____________________________________________________________________________________________________________________________________________________________________________________ │
│                                                                                                                                                                                       │
│                                                                                        <Ok>                                                                                           │
│                                                                                                                                                                                       │
└────────────────────────────────────────────────────────────────────────────────────────────

7.创建 SSSD 配置文件.

$ sudo vi  /etc/sssd/sssd.conf

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3[pam]
reconnection_retries = 3[sssd]
domains = tecmint.lan
config_file_version = 2
services = nss, pam
default_domain_suffix = TECMINT.LAN[domain/tecmint.lan]
ad_domain = tecmint.lan
krb5_realm = TECMINT.LAN
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = adauth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600

以下是我们自己的

root@bf-pc04:~# cat  /etc/sssd/sssd.conf
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3[pam]
reconnection_retries = 3[sssd]
domains = company.com
config_file_version = 2
services = nss, pam
default_domain_suffix = company.COM[domain/company.com]
ad_domain = company.com
krb5_realm = company.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
#use_fully_qualified_names = True 这个后来注释掉了 ???
full_name_format = %1$s
fallback_homedir = /home/%u
access_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600

尤其是下面几个地方要修改为自己公司的域控地址、名称

domains = tecmint.lan
default_domain_suffix = TECMINT.LAN
[domain/tecmint.lan]
ad_domain = tecmint.lan
krb5_realm = TECMINT.LAN

8.下一步,修改 /etc/sssd/sssd.conf文件的权限为600.不然会启动报错的。

启动报错日志可以在/var/log/sssd/sssd.log中查看

$ sudo chmod 600 /etc/sssd/sssd.conf

9.接下来,配置/etc/realmd.conf文件.

$ sudo vi  /etc/realmd.conf

输入以下内容

[active-directory]
os-name = Linux Ubuntu
os-version = 17.04[service]
automatic-install = yes[users]
default-home = /home/%d/%u
default-shell = /bin/bash[tecmint.lan]
user-principal = yes
fully-qualified-names = no

这里是我们自己的配置

root@bf-pc04:~# cat /etc/realmd.conf
[active-directory]
os-name = Linux Ubuntu bf-pc04
os-version = 14.04[service]
automatic-install = no[users]
default-home = /home/%u
default-shell = /bin/bash[company.com]
user-principal = yes
fully-qualified-names = no

10.最后一部修改/etc/samba/smb.conf 配置文件

workgroup = TECMINT
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = TECMINT.LAN
security = ads

测试samba配置文件参数是否正确

$ sudo testparm

root@bf-pc04:~# cat /etc/samba/smb.conf
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors. #======================= Global Settings =======================[global]#can access symbol link file in windows with sambaunix extensions = nofollow symlinks = yeswide links = yes## Browsing/Identification #### Change this to the workgroup/NT-domain name your Samba server will part ofworkgroup = companyclient signing = yesclient use spnego = yeskerberos method = secrets and keytabrealm = company.COMsecurity = ads# server string is the equivalent of the NT Description fieldserver string = %h server (Samba, Ubuntu)# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
#   wins support = no# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z# This will prevent nmbd to search for NetBIOS names through DNS.dns proxy = no#### Networking ##### The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes#### Debugging/Accounting ##### This tells Samba to use a separate log file for each machine
# that connectslog file = /var/log/samba/log.%m# Cap the size of the individual log files (in KiB).max log size = 1000# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
#   syslog only = no# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.syslog = 0# Do something sensible when Samba crashes: mail the admin a backtracepanic action = /usr/share/samba/panic-action %d####### Authentication ######## Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.server role = standalone server# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.  passdb backend = tdbsamobey pam restrictions = yes# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.unix password sync = yes# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).passwd program = /usr/bin/passwd %upasswd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.pam password change = yes# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connectionsmap to guest = bad user########## Domains ############
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set
## It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g############ Misc ############# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash# Setup usershare options to enable non-root users to share folders
# with the net usershare command.# Maximum number of usershare. 0 (default) means that usershare is disabled.
;   usershare max shares = 100# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated onesusershare allow guests = yes#======================= Share Definitions =======================# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
[homes]comment = %h server Home Directoriesbrowseable = yes# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.read only = no# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.create mask = 0700# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.directory mask = 0700# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# Un-comment the following parameter to make sure that only "username"
# can connect to \\server\username
# This might need tweaking when using external authentication schemesvalid users = %S# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   read only = yes# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700[printers]comment = All Printersbrowseable = nopath = /var/spool/sambaprintable = yesguest ok = noread only = yescreate mask = 0700# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]comment = Printer Driverspath = /var/lib/samba/printersbrowseable = yesread only = yesguest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
;   write list = root, @lpadmin

使用testparm命令测试samba配置文件是否正确

root@bf-pc04:/etc/samba# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBERPress enter to see a dump of your service definitions# Global parameters
[global]workgroup = companyrealm = company.COMserver string = %h server (Samba, Ubuntu)server role = standalone serversecurity = ADSmap to guest = Bad Userobey pam restrictions = Yespam password change = Yespasswd program = /usr/bin/passwd %upasswd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .unix password sync = Yeskerberos method = secrets and keytabsyslog = 0log file = /var/log/samba/log.%mmax log size = 1000client signing = if_requireddns proxy = Nousershare allow guests = Yespanic action = /usr/share/samba/panic-action %didmap config * : backend = tdb[printers]comment = All Printerspath = /var/spool/sambacreate mask = 0700printable = Yesbrowseable = No[print$]comment = Printer Driverspath = /var/lib/samba/printers

11.、当所有的配置都修改好了之后,我们就可以测试kerberos权限。这里需要使用域控管理员账号

$ sudo kinit ad_admin_user@DOMAIN.TLD
$ sudo klist


root@bf-pc04:/etc/samba# kinit admin@company.COM
Password for admin-@company.COM: root@bf-pc04:/etc/samba# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin-@company.COMValid starting       Expires              Service principal
2019-05-17T17:12:28  2019-05-18T03:12:28  krbtgt/company.COM@company.COMrenew until 2019-05-18T17:12:21

Step 3: Join Ubuntu to Samba4 Realm

12、使用realm加入域控

$ sudo realm discover -v DOMAIN.TLD
$ sudo realm list
$ sudo realm join TECMINT.LAN -U ad_admin_user -v
$ sudo net ads join -k  # 这一步要执行
root@bf-pc04:/etc/samba# realm discover -v company.COM* Resolving: _ldap._tcp.company.com* Performing LDAP DSE lookup on: 10.0.13.253* Performing LDAP DSE lookup on: 10.0.17.228* Performing LDAP DSE lookup on: 10.0.13.252* Successfully discovered: company.com
company.comtype: kerberosrealm-name: company.COMdomain-name: company.comconfigured: kerberos-memberserver-software: active-directoryclient-software: sssdrequired-package: sssd-toolsrequired-package: sssdrequired-package: libnss-sssrequired-package: libpam-sssrequired-package: adclirequired-package: samba-common-binlogin-formats: %Ulogin-policy: allow-realm-logins

root@bf-pc04:/etc/samba# realm list
company.comtype: kerberosrealm-name: company.COMdomain-name: company.comconfigured: kerberos-memberserver-software: active-directoryclient-software: winbindrequired-package: winbindrequired-package: libpam-winbindrequired-package: samba-common-binlogin-formats: company\%Ulogin-policy: allow-any-login
company.comtype: kerberosrealm-name: company.COMdomain-name: company.comconfigured: kerberos-memberserver-software: active-directoryclient-software: sssdrequired-package: sssd-toolsrequired-package: sssdrequired-package: libnss-sssrequired-package: libpam-sssrequired-package: adclirequired-package: samba-common-binlogin-formats: %Ulogin-policy: allow-realm-logins

root@bf-pc04:/etc/samba# realm join company.COM -U admin- -v* Resolving: _ldap._tcp.company.com* Performing LDAP DSE lookup on: 10.0.13.253* Performing LDAP DSE lookup on: 10.0.13.252* Successfully discovered: company.com
realm: 已加入该域
root@bf-pc04:/etc/samba#

13、After the domain binding took place, run the below command to assure that all domain accounts are permitted to authenticate on the machine.

$ sudo realm permit --all

$ sudo realm deny -a
$ realm permit --groups ‘domain.tld\Linux Admins’
$ realm permit user@domain.lan
$ realm permit DOMAIN\\User2

这一步会报错.目前还没查明怎么弄???

root@bf-pc04:/var/log# realm deny -a
See: journalctl REALMD_OPERATION=r151224.2915
realm: Couldn't change permitted logins: The Samba provider cannot restrict permitted logins.

14、从Windows域控上就可以看到这台linux计算机了

Step 4: Configure AD Accounts Authentication

15、In order to authenticate on Ubuntu machine with domain accounts you need to run pam-auth-update command with root privileges and enable all PAM profiles including the option to automatically create home directories for each domain account at the first login.

$ sudo pam-auth-update

16、On systems manually edit /etc/pam.d/common-account file and the following line in order to automatically create homes for authenticated domain users.

session    required    pam_mkhomedir.so    skel=/etc/skel/    umask=0022

17、If Active Directory users can’t change their password from command line in Linux, open /etc/pam.d/common-password file and remove the use_authtok statement from password line to finally look as on the below excerpt.

password       [success=1 default=ignore]      pam_winbind.so try_first_pass

23、To use a domain account with root privileges on your Ubuntu machine, you need to add the AD username to the sudo system group by issuing the below command:

$ sudo usermod -aG sudo your_domain_user@domain.tld

24、To add root privileges for a domain group, open end edit /etc/sudoers file using visudo command and add the following line as illustrated.

%domain\ admins@tecmint.lan              ALL=(ALL:ALL) ALL

25、To use domain account authentication for Ubuntu Desktop modify LightDM display manager by editing /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf file, append the following two lines and restart lightdm service or reboot the machine apply changes.

greeter-show-manual-login=true
greeter-hide-users=true

26、To use short name format for Samba AD accounts, edit /etc/sssd/sssd.conf file, add the following line in [sssd] block as illustrated below.

full_name_format = %1$s

27、In case you cannot login due to enumerate=true argument set in sssd.conf you must clear sssd cached database by issuing the below command:

$ rm /var/lib/sss/db/cache_tecmint.lan.ldb

补充

The Pluggable Authentication Modules library, or PAM

To enable this module we need to add the following line to /etc/pam.d/common-account:session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022

The common-account file is included by several other authentication files, so it will take effect for remote SSH logins, local GDM logins, and console logins too.

This is very handy but if your users are also able to access through Samba no home directory will be created, since it does not authenticate through PAM. The only way around this I found was through using the ‘root preexec’ directive in smb.conf for the home share. Like this:

root preexec = /usr/sbin/smb-mkhomedir.sh %U
root preexec = mkhomedir_helper "%u"#!/bin/bash
#smb-mkhomedir.shDHOME="/home"
USERS_GID="1000"
SKEL="/etc/skel"# Reads config file (will override defaults above)
[ -r /etc/adduser.conf ] && . /etc/adduser.confif [ -z $1 ]; thenecho "Usage: $0 username" 1>&2exit 1
fiif [ ! -e $DHOME/$1 ]; thenmkdir -m $DIR_MODE -p $DHOME/$1cp -R $SKEL/* $DHOME/$1chown -R $1:$USERS_GID $DHOME/$1
fiexit 0

pam exec 模块

#!/bin/sh
[ "$PAM_TYPE" = "open_session" ] || exit 0
{echo "User: $PAM_USER"echo "Ruser: $PAM_RUSER"echo "Rhost: $PAM_RHOST"echo "Service: $PAM_SERVICE"echo "TTY: $PAM_TTY"echo "Date: `date`"echo "Server: `uname -a`"
}

root@fs-share:/var/log# cat pam_exec.log
# 登陆账户
*** Tue Jun  4 13:32:39 2019
MAIL=/var/mail/bright.ma
PAM_USER=bright.ma
PAM_TYPE=open_session
PAM_RUSER=root
PAM_SERVICE=su
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
PAM_TTY=/dev/pts/0
LANG=en_US.UTF-8
PWD=/tmp# 下面是 退出登陆
*** Tue Jun  4 13:32:50 2019
PAM_USER=bright.ma
PAM_TYPE=close_session
PAM_RUSER=root
PAM_SERVICE=su
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
PAM_TTY=/dev/pts/0
LANG=en_US.UTF-8
PWD=/tmp

默认配置
ldap_id_mapping = true
ldap_idmap_range_min = 100000
ldap_idmap_range_max = 2000100000
ldap_idmap_range_size = 2000000000

问题 ldap_idmap 范围太小

新员工帐号不能登陆,之后的所有新员工的帐号都不行.通过查找日志发现.是 id map保存了.
之前配置的ldap_idmap_range 范围太小了.

$ sudo grep 'S-1-5-21-3446465026-1615476135-1591400168-21703' /var/log/sssd/sssd_test.com.log
(Mon Jun  7 14:59:45 2021) [sssd[be[test.com]]] [sdap_save_user] (0x1000): Mapping user [test] objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to unix ID
(Mon Jun  7 14:59:45 2021) [sssd[be[test.com]]] [sdap_idmap_sid_to_unix] (0x0080): Could not convert objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to a UNIX ID
(Mon Jun  7 15:00:00 2021) [sssd[be[test.com]]] [sdap_save_user] (0x1000): Mapping user [test] objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to unix ID
(Mon Jun  7 15:00:00 2021) [sssd[be[test.com]]] [sdap_idmap_sid_to_unix] (0x0080): Could not convert objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to a UNIX ID
(Mon Jun  7 15:00:20 2021) [sssd[be[test.com]]] [sdap_save_user] (0x1000): Mapping user [test] objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to unix ID
(Mon Jun  7 15:00:20 2021) [sssd[be[test.com]]] [sdap_idmap_sid_to_unix] (0x0080): Could not convert objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to a UNIX ID
(Mon Jun  7 15:14:03 2021) [sssd[be[test.com]]] [sdap_save_user] (0x1000): Mapping user [test] objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to unix ID
(Mon Jun  7 15:14:03 2021) [sssd[be[test.com]]] [sdap_idmap_sid_to_unix] (0x0080): Could not convert objectSID [S-1-5-21-3446465026-1615476135-1591400168-21703] to a UNIX ID这个 windows 对应的 sid S-1-5-21-3446465026-1615476135-1591400168-21703 最后一段 21703 要和 我们的 linux的中的uid做个映射的.
策略就是你配置的.
ldap_id_mapping = true
ldap_idmap_range_min =   1001
ldap_idmap_range_max =  21001
ldap_idmap_range_size = 20000
这一段. 也就是 21703 + 1001 = 22704, 这个 22704 大于 ldap_idmap_range_max =  21001啦.

参考了这个 得出灵感的.https://freeipa-users.redhat.narkive.com/vEP6Pqiy/ad-integration-could-not-convert-objectsid-to-a-unix-id

安全标识符 (Security Identifier,SID)是Windows操作系统使用的独一无二的,不变的标识符用于标识用户、用户群、或其他安全主体.

安全标识符一经产生,不会与全世界任何的安全标识符重复;也不随用户更名而变化。如果删除了用户帐户,然后再创建同名帐户,则产生的安全标识符是不同的。

外部链接

http://portal.sivarajan.com/2011/09/objectsid-and-active-directory.html
https://technet.microsoft.com/en-us/library/cc782090.aspx
http://support.microsoft.com/kb/154599
http://support.microsoft.com/kb/243330
http://www.microsoft.com/downloads/details.aspx?familyid=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en
http://servermigrator.blogspot.com/2006/02/why-understanding-sids-is-important.html
http://www.selfadsi.org/deep-inside/microsoft-sid-attributes.htm

ubuntu加入Windows的AD域(使用SSSD和Realm的方式)相关推荐

  1. CentOS7加入windows 2008 AD域

    采用域控对用户权限进行限制的时候,经常会出现需要将linux加入windows域,毕竟windows的AD域超级强大.用户名可以由windows进行统一管理,方便办公使用.下面简单介绍如何进行配置. ...

  2. windows server2012 AD域安装说明

    windows server2012 AD域安装说明 今天看热搜看到药水哥上中国新说唱了.别的也不会说.卖萌就完事了. 一.AD域简介 微软的AD域是一种集中管理模式的实现,其特点是在AD域中所有成员 ...

  3. Windows Server AD域控服务器升级/迁移(AD域控的五大角色转移)

    Windows Server AD域控服务器升级/迁移(AD域控的五大角色转移) 新域控服务器安装 配置域控服务器,加入现有域 域控角色迁移到新域控服务器 原域控服务器降级退域 本文主要介绍在现有域环 ...

  4. Windows系统--AD域控--DHCP服务器

    Windows系统--AD域控--DHCP服务器 虚拟机网络准备 1.将VMware网络编辑器的NAT模式--取消勾选 使用本地DHCP服务器: 从机(win10)将内置网卡的IPv4网络改为  自动 ...

  5. php ad 域控,域配置之Windows 搭建AD 域控副

    一. 环境描述: AD systemos:windows server 2012 AD domain:example.com(修改为实际domain) master host: AD master i ...

  6. windows 2012 AD域报错ladp非法绑定

    在过去的 24 小时内,某些客户端尝试了执行以下几种类型的 LDAP 绑定: (1) 未请求签名(完整性验证)的 SASL (协商式.Kerberos.NTLM 或摘要式) LDAP 绑定,或 (2) ...

  7. Windows Server AD域控 WUSU补丁服务器

    目录 AD域控-WUSU补丁服务器 Windows server 2016 WUSU服务器部署 配置WUSU服务器 添加测试机更新

  8. windows server2008 AD域的部署、退出及软件分配安装。即在用户初次登录时安装。

    ** 小知识点: ** 发布:把某个软件分发给用户以后,用户下次在任意计算机登录时,所部属的软件都会出现在用户计算机的"添加和删除程序"对话框中,供用户下载安装. 分配:分配是强制 ...

  9. windows server2019 AD域控制器组策略 打开组策略提示域控制器不存在

    环景: windows sever 2019AD域(ad域+DNS管理器) 客户端win 10 专业版 AD域名:xxxxtech.com 问题描述: 之前更改了AD域名,现在域控制器组策略 打开组策 ...

  10. 第四章:搭建Windows server AD域和树域

    由于Windows简单一点,我就先搞Windows了. AD域: 视频教程:https://www.bilibili.com/video/BV1f84y1G72x/ 在创建AD域时要把网卡配置好 这是 ...

最新文章

  1. JAVA写出来的塔防能有多好玩?......真香!
  2. elasticsearch 2.2+ index.codec: best_compression启用压缩
  3. 分库分表的几种常见形式以及可能遇到的难题--转
  4. 第11篇:Flowable-BPMN部署常见问题没有对ACT_RE_PROCDEF表进行插入操作
  5. 纯净微擎框架 V 2.5.7 稳定运营版 免验证/去授权/防拉黑/支持本地模块安装源码
  6. Yii2 日期和时间组件
  7. c语言jam的随机数,c – 如何重置随机数引擎?
  8. 华为OS操作系统,最早今秋面世!
  9. 我模仿了一个自助装机的页面,可是有一个功能一直实现不了。请求高手帮我看看。
  10. postman接口自动化(三)变量设置与使用
  11. 微信小程序使用canvas绘图
  12. windows 8 Surface 会成功吗?
  13. 把AS代码链接到fla文件
  14. 用matlab实现用Bp神经网络对iris数据集进行分类(以及影响分类性能的参数条件)
  15. 高晓松《晓说》为何这么红?
  16. 基于SCA(tuscany)的SOA实践之一(发布服务是如此的简单)
  17. rails 查询 where条件用法
  18. 计算机组成原理实验课设:复杂指令模型计算机设计与实现
  19. 2008年度技术奥斯卡大奖:The Crunchies 2008 现场报导
  20. BT配对/取消配对示例

热门文章

  1. java根据word模板导出_Java通过word模板导出word
  2. 功能测试怎么做?常用功能测试方法总结
  3. 笨鸟先飞学编程系列之二 基础代码的编写
  4. 年轻时代,噢,年轻时代
  5. 边框盒子 box-sizing 的 content-box 和 border-box属性
  6. Elasticsearch 使用同义词 二
  7. allegro异形孔导出gerber
  8. Redis分布式锁故障,我忍不住想爆粗...
  9. 轨道交通检测中心-轨道交通产品可靠性检测机构
  10. 除了UL认证,开拓美国市场必备认证有哪些?