1、AD用户linux属性添加:
需要增加的属性如下:
gidNumber(linux属组)、 loginShell(登录shell)、 uid(用户名)、 uidNumber、 unixHomeDirectory(home目录路径)
2、安装nss-pam-ldapd 组件:
yum install nss-pam-ldapd -y
3、修改客户端配置文件:
authconfig --enablemkhomedir \
--disableldaptls \
--enablemd5 \
--enableldap \
--enableldapauth \
--ldapserver=ldap://AD ip 地址 \
--ldapbasedn="dc=demo,dc=com" \
--enableshadow \
--update
cat >> /etc/nslcd.conf << EOF
binddn cn=administrator,cn=Users,dc=demo,dc=com
bindpw 密码
pagesize 1000
referrals off
filter passwd (&(objectClass=user)(!(objectClass=computer))(unixHomeDirectory=*))
map passwd homeDirectory unixHomeDirectory
filter shadow (&(objectClass=user)(!(objectClass=computer))(unixHomeDirectory=*))
map shadow shadowLastChange pwdLastSet
filter group (objectClass=group)
EOF
sed -i s/sss/ldap/g /etc/nsswitch.conf
sed -i s/pam_sss/pam_ldap/g /etc/pam.d/system-auth
sed -i s/pam_sss/pam_ldap/g /etc/pam.d/password-auth
sed -i s/pam_sss/pam_ldap/g /etc/pam.d/password-auth-ac
4、启动服务:
systemctl start nslcd
systemctl enable nslcd