ubuntu加入Windows的AD域(使用SSSD和Realm的方式)
Step 1: Initial Configurations to Join Ubuntu to Samba4 AD 1.首先要修改好自己电脑的hostname,可以使用hostnamectl命令或者直接编辑/etc/hostname 文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # hostnamectl set-hostname your_machine_short_name $ cat /etc/hostname mamh-PC $ hostnamectl Static hostname: mamh-PC Icon name: computer-desktop Chassis: desktop Machine ID: 4165ee77f3a840b880478065c5624a98 Boot ID: 0b179497ee0a4ffdb5d5a1a288693fa9 Operating System: Ubuntu 16.04.6 LTS Kernel: Linux 4.18.0-15-generic Architecture: x86-64
2.然后一个重要的步骤是设置好ip。尤其是DNS 。
3.最后是重启网络,或者重启电脑。
1 2 3 systemctl restart networking.service ping -c2 your_domain_name
4.最后一个步骤是安装时间同步服务器ntpdate
1 2 3 $ sudo apt-get install ntpdate $ sudo ntpdate -q your_domain_name $ sudo ntpdate your_domain_name
Step 2: 安装需要的软件
5.这一步安装Realmd and SSSD 相关的软件
1 2 3 $ sudo apt-get install adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1 $ sudo apt-get install samba # 如果需要samba共享目录给Windows。需要安装这个
1 2 3 4 5 6 7 8 9 10 root@bf-pc04:~# echo 'apt-get install adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1 '>install.sh root@bf-pc04:~# chmod 755 install.sh root@bf-pc04:~# ls install.sh root@bf-pc04:~# cat install.sh apt-get install adcli realmd krb5-user \ samba-common-bin samba-libs samba-dsdb-modules \ sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 #开始安装需要的软件 root@bf-pc04:~# ./install.sh 正在读取软件包列表... 完成 正在分析软件包的依赖关系树 正在读取状态信息... 完成 将会安装下列额外的软件包: cracklib-runtime gdebi-core krb5-config ldap-utils libarchive13 libavahi-client3 libavahi-common-data libavahi-common3 libbasicobjects0 libc-ares2 libcollection2 libcrack2 libcups2 libdhash1 libelfg0 libglib2.0-0 libglib2.0-bin libgmp10 libgssapi-krb5-2 libgssrpc4 libgstreamer1.0-0 libini-config3 libipa-hbac0 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5support0 libldap-2.4-2 libldb1 liblzo2-2 libnettle4 libnl-3-200 libnl-genl-3-200 libnl-route-3-200 libnspr4 libnss3 libnss3-nssdb libpackagekit-glib2-16 libpam-pwquality libpath-utils1 libpwquality-common libpwquality1 libref-array1 libsasl2-modules-gssapi-mit libsss-idmap0 libsss-sudo libsystemd-journal0 libtalloc2 libtdb1 libtevent0 libwbclient0 packagekit-backend-aptcc packagekit-tools python-crypto python-ldb python-samba python-sss python-talloc python-tdb python3-chardet python3-debian python3-packagekit python3-pkg-resources python3-six samba-common sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy wamerican 建议安装的软件包: lrzip cups-common krb5-doc gstreamer1.0-tools gstreamer1.0-plugins-base packagekit-backend-smart python-crypto-dbg python-crypto-doc python3-setuptools heimdal-clients libsasl2-modules-ldap 下列【新】软件包将被安装: adcli cracklib-runtime gdebi-core krb5-config krb5-user ldap-utils libarchive13 libavahi-client3 libavahi-common-data libavahi-common3 libbasicobjects0 libc-ares2 libcollection2 libcrack2 libcups2 libdhash1 libelfg0 libglib2.0-bin libgmp10 libgssrpc4 libgstreamer1.0-0 libini-config3 libipa-hbac0 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libldb1 liblzo2-2 libnettle4 libnl-route-3-200 libnspr4 libnss-sss libnss3 libnss3-nssdb libpackagekit-glib2-16 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 libref-array1 libsasl2-modules-gssapi-mit libsss-idmap0 libsss-sudo libsystemd-journal0 libtalloc2 libtdb1 libtevent0 libwbclient0 packagekit packagekit-backend-aptcc packagekit-tools python-crypto python-ldb python-samba python-sss python-talloc python-tdb python3-chardet python3-debian python3-packagekit python3-pkg-resources python3-six realmd samba-common samba-common-bin samba-dsdb-modules samba-libs sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools wamerican 下列软件包将被升级: libglib2.0-0 libgssapi-krb5-2 libkrb5-3 libkrb5support0 libldap-2.4-2 libnl-3-200 libnl-genl-3-200 policykit-1 升级了 8 个软件包,新安装了 79 个软件包,要卸载 0 个软件包,有 174 个软件包未被升级。 需要下载 15.3 MB 的软件包。 解压缩后会消耗掉 63.2 MB 的额外空间。 您希望继续执行吗? [Y/n] y 获取:1 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libglib2.0-0 amd64 2.40.2-0ubuntu1.1 [1,059 kB] 获取:2 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libgssapi-krb5-2 amd64 1.12+dfsg-2ubuntu5.4 [114 kB] 获取:3 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkrb5-3 amd64 1.12+dfsg-2ubuntu5.4 [262 kB] 获取:4 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkrb5support0 amd64 1.12+dfsg-2ubuntu5.4 [31.1 kB] 获取:5 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libldap-2.4-2 amd64 2.4.31-1+nmu2ubuntu8.5 [153 kB] 获取:6 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main liblzo2-2 amd64 2.06-1.2ubuntu1.1 [46.1 kB] 获取:7 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnettle4 amd64 2.7.1-1ubuntu0.2 [102 kB] 获取:8 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libarchive13 amd64 3.1.2-7ubuntu2.8 [262 kB] 获取:9 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libavahi-common-data amd64 0.6.31-4ubuntu1.3 [21.1 kB] 获取:10 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libavahi-common3 amd64 0.6.31-4ubuntu1.3 [21.7 kB] 获取:11 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libavahi-client3 amd64 0.6.31-4ubuntu1.3 [25.2 kB] 获取:12 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libcrack2 amd64 2.9.1-1build1 [27.2 kB] 获取:13 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libcups2 amd64 1.7.2-0ubuntu1.11 [178 kB] 获取:14 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libelfg0 amd64 0.8.13-5 [37.6 kB] 获取:15 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libgmp10 amd64 2:5.1.3+dfsg-1ubuntu1 [218 kB] 获取:16 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libgssrpc4 amd64 1.12+dfsg-2ubuntu5.4 [53.1 kB] 获取:17 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libgstreamer1.0-0 amd64 1.2.4-0ubuntu1.1 [598 kB] 获取:18 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkadm5clnt-mit9 amd64 1.12+dfsg-2ubuntu5.4 [36.2 kB] 获取:19 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkdb5-7 amd64 1.12+dfsg-2ubuntu5.4 [36.2 kB] 获取:20 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libkadm5srv-mit9 amd64 1.12+dfsg-2ubuntu5.4 [50.3 kB] 获取:21 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libtalloc2 amd64 2.1.5-0ubuntu0.14.04.1 [28.6 kB] 获取:22 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libtdb1 amd64 1.3.8-0ubuntu0.14.04.1 [38.3 kB] 获取:23 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libtevent0 amd64 0.9.28-0ubuntu0.14.04.1 [26.2 kB] 获取:24 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libldb1 amd64 1:1.1.24-0ubuntu0.14.04.2 [107 kB] 获取:25 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnl-genl-3-200 amd64 3.2.21-1ubuntu4.1 [10.2 kB] 获取:26 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnl-3-200 amd64 3.2.21-1ubuntu4.1 [45.3 kB] 获取:27 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnl-route-3-200 amd64 3.2.21-1ubuntu4.1 [96.2 kB] 获取:28 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnspr4 amd64 2:4.13.1-0ubuntu0.14.04.1 [110 kB] 获取:29 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnss3-nssdb all 2:3.28.4-0ubuntu0.14.04.5 [10.6 kB] 获取:30 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnss3 amd64 2:3.28.4-0ubuntu0.14.04.5 [1,124 kB] 获取:31 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libpackagekit-glib2-16 amd64 0.8.12-1ubuntu5 [102 kB] 获取:32 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpwquality-common all 1.2.3-1ubuntu1.1 [5,400 B] 获取:33 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpwquality1 amd64 1.2.3-1ubuntu1.1 [11.7 kB] 获取:34 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpam-pwquality amd64 1.2.3-1ubuntu1.1 [9,952 B] 获取:35 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libwbclient0 amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [30.3 kB] 获取:36 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-ldb amd64 1:1.1.24-0ubuntu0.14.04.2 [29.0 kB] 获取:37 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-talloc amd64 2.1.5-0ubuntu0.14.04.1 [7,628 B] 获取:38 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-common all 2:4.3.11+dfsg-0ubuntu0.14.04.20 [84.1 kB] 获取:39 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-libs amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [5,129 kB] 获取:40 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libbasicobjects0 amd64 0.3.0.1-4 [5,628 B] 获取:41 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libc-ares2 amd64 1.10.0-2ubuntu0.2 [34.1 kB] 获取:42 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libcollection2 amd64 0.3.0.1-4 [20.2 kB] 获取:43 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libdhash1 amd64 0.3.0.1-4 [8,442 B] 获取:44 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libpath-utils1 amd64 0.3.0.1-4 [8,410 B] 获取:45 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libref-array1 amd64 0.3.0.1-4 [7,072 B] 获取:46 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libini-config3 amd64 0.3.0.1-4 [27.9 kB] 获取:47 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libnss-sss amd64 1.11.8-0ubuntu0.7 [18.3 kB] 获取:48 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libsystemd-journal0 amd64 204-5ubuntu20.31 [50.5 kB] 获取:49 http://cn.archive.ubuntu.com/ubuntu/ trusty/main libsasl2-modules-gssapi-mit amd64 2.1.25.dfsg1-17build1 [47.4 kB] 获取:50 http://cn.archive.ubuntu.com/ubuntu/ trusty/universe adcli amd64 0.7.5-1 [59.4 kB] 获取:51 http://cn.archive.ubuntu.com/ubuntu/ trusty/main cracklib-runtime amd64 2.9.1-1build1 [138 kB] 获取:52 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python3-pkg-resources all 3.3-1ubuntu2 [31.7 kB] 获取:53 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python3-chardet all 2.2.1-2~ubuntu1 [96.5 kB] 获取:54 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python3-six all 1.5.2-1ubuntu1.1 [8,438 B] 获取:55 http://cn.archive.ubuntu.com/ubuntu/ trusty/main python3-debian all 0.1.21+nmu2ubuntu2 [34.9 kB] 获取:56 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main gdebi-core all 0.9.5.3ubuntu3 [9,518 B] 获取:57 http://cn.archive.ubuntu.com/ubuntu/ trusty/main krb5-config all 2.3 [23.4 kB] 获取:58 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/universe krb5-user amd64 1.12+dfsg-2ubuntu5.4 [96.6 kB] 获取:59 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main ldap-utils amd64 2.4.31-1+nmu2ubuntu8.5 [122 kB] 获取:60 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libglib2.0-bin amd64 2.40.2-0ubuntu1.1 [34.9 kB] 获取:61 http://cn.archive.ubuntu.com/ubuntu/ trusty/main python3-packagekit all 0.8.12-1ubuntu5 [17.9 kB] 获取:62 http://cn.archive.ubuntu.com/ubuntu/ trusty/main packagekit-backend-aptcc amd64 0.8.12-1ubuntu5 [97.2 kB] 获取:63 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main policykit-1 amd64 0.105-4ubuntu3.14.04.6 [51.9 kB] 获取:64 http://cn.archive.ubuntu.com/ubuntu/ trusty/main packagekit amd64 0.8.12-1ubuntu5 [269 kB] 获取:65 http://cn.archive.ubuntu.com/ubuntu/ trusty/main packagekit-tools amd64 0.8.12-1ubuntu5 [46.2 kB] 获取:66 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-crypto amd64 2.6.1-4ubuntu0.3 [239 kB] 获取:67 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-tdb amd64 1.3.8-0ubuntu0.14.04.1 [10.8 kB] 获取:68 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-samba amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [1,070 kB] 获取:69 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/universe realmd amd64 0.15.0-1ubuntu0.1 [173 kB] 获取:70 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-common-bin amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [508 kB] 获取:71 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-dsdb-modules amd64 2:4.3.11+dfsg-0ubuntu0.14.04.20 [219 kB] 获取:72 http://cn.archive.ubuntu.com/ubuntu/ trusty/main wamerican all 7.1-1 [269 kB] 获取:73 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libipa-hbac0 amd64 1.11.8-0ubuntu0.7 [8,836 B] 获取:74 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libpam-sss amd64 1.11.8-0ubuntu0.7 [20.2 kB] 获取:75 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libsss-idmap0 amd64 1.11.8-0ubuntu0.7 [13.4 kB] 获取:76 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main libsss-sudo amd64 1.11.8-0ubuntu0.7 [13.1 kB] 获取:77 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main python-sss amd64 1.11.8-0ubuntu0.7 [47.2 kB] 获取:78 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-common amd64 1.11.8-0ubuntu0.7 [525 kB] 获取:79 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ad-common amd64 1.11.8-0ubuntu0.7 [34.2 kB] 获取:80 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-krb5-common amd64 1.11.8-0ubuntu0.7 [72.1 kB] 获取:81 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ad amd64 1.11.8-0ubuntu0.7 [56.2 kB] 获取:82 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ipa amd64 1.11.8-0ubuntu0.7 [101 kB] 获取:83 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-krb5 amd64 1.11.8-0ubuntu0.7 [19.3 kB] 获取:84 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-ldap amd64 1.11.8-0ubuntu0.7 [48.9 kB] 获取:85 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-proxy amd64 1.11.8-0ubuntu0.7 [30.0 kB] 获取:86 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd amd64 1.11.8-0ubuntu0.7 [4,138 B] 获取:87 http://cn.archive.ubuntu.com/ubuntu/ trusty-updates/main sssd-tools amd64 1.11.8-0ubuntu0.7 [101 kB] 下载 15.3 MB,耗时 38秒 (397 kB/s) 正在从软件包中解出模板:100% 正在预设定软件包 ... (正在读取数据库 ... 系统当前共安装有 58989 个文件和目录。) 正准备解包 .../libglib2.0-0_2.40.2-0ubuntu1.1_amd64.deb ... 正在将 libglib2.0-0:amd64 (2.40.2-0ubuntu1.1) 解包到 (2.40.2-0ubuntu1) 上 ... 正准备解包 .../libgssapi-krb5-2_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在将 libgssapi-krb5-2:amd64 (1.12+dfsg-2ubuntu5.4) 解包到 (1.12+dfsg-2ubuntu5.2) 上 ... 正准备解包 .../libkrb5-3_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在将 libkrb5-3:amd64 (1.12+dfsg-2ubuntu5.4) 解包到 (1.12+dfsg-2ubuntu5.2) 上 ... 正准备解包 .../libkrb5support0_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在将 libkrb5support0:amd64 (1.12+dfsg-2ubuntu5.4) 解包到 (1.12+dfsg-2ubuntu5.2) 上 ... 正准备解包 .../libldap-2.4-2_2.4.31-1+nmu2ubuntu8.5_amd64.deb ... 正在将 libldap-2.4-2:amd64 (2.4.31-1+nmu2ubuntu8.5) 解包到 (2.4.31-1+nmu2ubuntu8.3) 上 ... 正在选中未选择的软件包 liblzo2-2:amd64。 正准备解包 .../liblzo2-2_2.06-1.2ubuntu1.1_amd64.deb ... 正在解包 liblzo2-2:amd64 (2.06-1.2ubuntu1.1) ... 正在选中未选择的软件包 libnettle4:amd64。 正准备解包 .../libnettle4_2.7.1-1ubuntu0.2_amd64.deb ... 正在解包 libnettle4:amd64 (2.7.1-1ubuntu0.2) ... 正在选中未选择的软件包 libarchive13:amd64。 正准备解包 .../libarchive13_3.1.2-7ubuntu2.8_amd64.deb ... 正在解包 libarchive13:amd64 (3.1.2-7ubuntu2.8) ... 正在选中未选择的软件包 libavahi-common-data:amd64。 正准备解包 .../libavahi-common-data_0.6.31-4ubuntu1.3_amd64.deb ... 正在解包 libavahi-common-data:amd64 (0.6.31-4ubuntu1.3) ... 正在选中未选择的软件包 libavahi-common3:amd64。 正准备解包 .../libavahi-common3_0.6.31-4ubuntu1.3_amd64.deb ... 正在解包 libavahi-common3:amd64 (0.6.31-4ubuntu1.3) ... 正在选中未选择的软件包 libavahi-client3:amd64。 正准备解包 .../libavahi-client3_0.6.31-4ubuntu1.3_amd64.deb ... 正在解包 libavahi-client3:amd64 (0.6.31-4ubuntu1.3) ... 正在选中未选择的软件包 libcrack2:amd64。 正准备解包 .../libcrack2_2.9.1-1build1_amd64.deb ... 正在解包 libcrack2:amd64 (2.9.1-1build1) ... 正在选中未选择的软件包 libcups2:amd64。 正准备解包 .../libcups2_1.7.2-0ubuntu1.11_amd64.deb ... 正在解包 libcups2:amd64 (1.7.2-0ubuntu1.11) ... 正在选中未选择的软件包 libelfg0:amd64。 正准备解包 .../libelfg0_0.8.13-5_amd64.deb ... 正在解包 libelfg0:amd64 (0.8.13-5) ... 正在选中未选择的软件包 libgmp10:amd64。 正准备解包 .../libgmp10_2%3a5.1.3+dfsg-1ubuntu1_amd64.deb ... 正在解包 libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ... 正在选中未选择的软件包 libgssrpc4:amd64。 正准备解包 .../libgssrpc4_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在解包 libgssrpc4:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在选中未选择的软件包 libgstreamer1.0-0:amd64。 正准备解包 .../libgstreamer1.0-0_1.2.4-0ubuntu1.1_amd64.deb ... 正在解包 libgstreamer1.0-0:amd64 (1.2.4-0ubuntu1.1) ... 正在选中未选择的软件包 libkadm5clnt-mit9:amd64。 正准备解包 .../libkadm5clnt-mit9_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在解包 libkadm5clnt-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在选中未选择的软件包 libkdb5-7:amd64。 正准备解包 .../libkdb5-7_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在解包 libkdb5-7:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在选中未选择的软件包 libkadm5srv-mit9:amd64。 正准备解包 .../libkadm5srv-mit9_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在解包 libkadm5srv-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在选中未选择的软件包 libtalloc2:amd64。 正准备解包 .../libtalloc2_2.1.5-0ubuntu0.14.04.1_amd64.deb ... 正在解包 libtalloc2:amd64 (2.1.5-0ubuntu0.14.04.1) ... 正在选中未选择的软件包 libtdb1:amd64。 正准备解包 .../libtdb1_1.3.8-0ubuntu0.14.04.1_amd64.deb ... 正在解包 libtdb1:amd64 (1.3.8-0ubuntu0.14.04.1) ... 正在选中未选择的软件包 libtevent0:amd64。 正准备解包 .../libtevent0_0.9.28-0ubuntu0.14.04.1_amd64.deb ... 正在解包 libtevent0:amd64 (0.9.28-0ubuntu0.14.04.1) ... 正在选中未选择的软件包 libldb1:amd64。 正准备解包 .../libldb1_1%3a1.1.24-0ubuntu0.14.04.2_amd64.deb ... 正在解包 libldb1:amd64 (1:1.1.24-0ubuntu0.14.04.2) ... 正准备解包 .../libnl-genl-3-200_3.2.21-1ubuntu4.1_amd64.deb ... 正在将 libnl-genl-3-200:amd64 (3.2.21-1ubuntu4.1) 解包到 (3.2.21-1ubuntu3) 上 ... 正准备解包 .../libnl-3-200_3.2.21-1ubuntu4.1_amd64.deb ... 正在将 libnl-3-200:amd64 (3.2.21-1ubuntu4.1) 解包到 (3.2.21-1ubuntu3) 上 ... 正在选中未选择的软件包 libnl-route-3-200:amd64。 正准备解包 .../libnl-route-3-200_3.2.21-1ubuntu4.1_amd64.deb ... 正在解包 libnl-route-3-200:amd64 (3.2.21-1ubuntu4.1) ... 正在选中未选择的软件包 libnspr4:amd64。 正准备解包 .../libnspr4_2%3a4.13.1-0ubuntu0.14.04.1_amd64.deb ... 正在解包 libnspr4:amd64 (2:4.13.1-0ubuntu0.14.04.1) ... 正在选中未选择的软件包 libnss3-nssdb。 正准备解包 .../libnss3-nssdb_2%3a3.28.4-0ubuntu0.14.04.5_all.deb ... 正在解包 libnss3-nssdb (2:3.28.4-0ubuntu0.14.04.5) ... 正在选中未选择的软件包 libnss3:amd64。 正准备解包 .../libnss3_2%3a3.28.4-0ubuntu0.14.04.5_amd64.deb ... 正在解包 libnss3:amd64 (2:3.28.4-0ubuntu0.14.04.5) ... 正在选中未选择的软件包 libpackagekit-glib2-16:amd64。 正准备解包 .../libpackagekit-glib2-16_0.8.12-1ubuntu5_amd64.deb ... 正在解包 libpackagekit-glib2-16:amd64 (0.8.12-1ubuntu5) ... 正在选中未选择的软件包 libpwquality-common。 正准备解包 .../libpwquality-common_1.2.3-1ubuntu1.1_all.deb ... 正在解包 libpwquality-common (1.2.3-1ubuntu1.1) ... 正在选中未选择的软件包 libpwquality1:amd64。 正准备解包 .../libpwquality1_1.2.3-1ubuntu1.1_amd64.deb ... 正在解包 libpwquality1:amd64 (1.2.3-1ubuntu1.1) ... 正在选中未选择的软件包 libpam-pwquality:amd64。 正准备解包 .../libpam-pwquality_1.2.3-1ubuntu1.1_amd64.deb ... 正在解包 libpam-pwquality:amd64 (1.2.3-1ubuntu1.1) ... 正在选中未选择的软件包 libwbclient0:amd64。 正准备解包 .../libwbclient0_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb ... 正在解包 libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在选中未选择的软件包 python-ldb。 正准备解包 .../python-ldb_1%3a1.1.24-0ubuntu0.14.04.2_amd64.deb ... 正在解包 python-ldb (1:1.1.24-0ubuntu0.14.04.2) ... 正在选中未选择的软件包 python-talloc。 正准备解包 .../python-talloc_2.1.5-0ubuntu0.14.04.1_amd64.deb ... 正在解包 python-talloc (2.1.5-0ubuntu0.14.04.1) ... 正在选中未选择的软件包 samba-common。 正准备解包 .../samba-common_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_all.deb ... 正在解包 samba-common (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在选中未选择的软件包 samba-libs:amd64。 正准备解包 .../samba-libs_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb ... 正在解包 samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在选中未选择的软件包 libbasicobjects0:amd64。 正准备解包 .../libbasicobjects0_0.3.0.1-4_amd64.deb ... 正在解包 libbasicobjects0:amd64 (0.3.0.1-4) ... 正在选中未选择的软件包 libc-ares2:amd64。 正准备解包 .../libc-ares2_1.10.0-2ubuntu0.2_amd64.deb ... 正在解包 libc-ares2:amd64 (1.10.0-2ubuntu0.2) ... 正在选中未选择的软件包 libcollection2:amd64。 正准备解包 .../libcollection2_0.3.0.1-4_amd64.deb ... 正在解包 libcollection2:amd64 (0.3.0.1-4) ... 正在选中未选择的软件包 libdhash1:amd64。 正准备解包 .../libdhash1_0.3.0.1-4_amd64.deb ... 正在解包 libdhash1:amd64 (0.3.0.1-4) ... 正在选中未选择的软件包 libpath-utils1:amd64。 正准备解包 .../libpath-utils1_0.3.0.1-4_amd64.deb ... 正在解包 libpath-utils1:amd64 (0.3.0.1-4) ... 正在选中未选择的软件包 libref-array1:amd64。 正准备解包 .../libref-array1_0.3.0.1-4_amd64.deb ... 正在解包 libref-array1:amd64 (0.3.0.1-4) ... 正在选中未选择的软件包 libini-config3:amd64。 正准备解包 .../libini-config3_0.3.0.1-4_amd64.deb ... 正在解包 libini-config3:amd64 (0.3.0.1-4) ... 正在选中未选择的软件包 libnss-sss:amd64。 正准备解包 .../libnss-sss_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 libnss-sss:amd64 (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 libsystemd-journal0:amd64。 正准备解包 .../libsystemd-journal0_204-5ubuntu20.31_amd64.deb ... 正在解包 libsystemd-journal0:amd64 (204-5ubuntu20.31) ... 正在选中未选择的软件包 libsasl2-modules-gssapi-mit:amd64。 正准备解包 .../libsasl2-modules-gssapi-mit_2.1.25.dfsg1-17build1_amd64.deb ... 正在解包 libsasl2-modules-gssapi-mit:amd64 (2.1.25.dfsg1-17build1) ... 正在选中未选择的软件包 adcli。 正准备解包 .../adcli_0.7.5-1_amd64.deb ... 正在解包 adcli (0.7.5-1) ... 正在选中未选择的软件包 cracklib-runtime。 正准备解包 .../cracklib-runtime_2.9.1-1build1_amd64.deb ... 正在解包 cracklib-runtime (2.9.1-1build1) ... 正在选中未选择的软件包 python3-pkg-resources。 正准备解包 .../python3-pkg-resources_3.3-1ubuntu2_all.deb ... 正在解包 python3-pkg-resources (3.3-1ubuntu2) ... 正在选中未选择的软件包 python3-chardet。 正准备解包 .../python3-chardet_2.2.1-2~ubuntu1_all.deb ... 正在解包 python3-chardet (2.2.1-2~ubuntu1) ... 正在选中未选择的软件包 python3-six。 正准备解包 .../python3-six_1.5.2-1ubuntu1.1_all.deb ... 正在解包 python3-six (1.5.2-1ubuntu1.1) ... 正在选中未选择的软件包 python3-debian。 正准备解包 .../python3-debian_0.1.21+nmu2ubuntu2_all.deb ... 正在解包 python3-debian (0.1.21+nmu2ubuntu2) ... 正在选中未选择的软件包 gdebi-core。 正准备解包 .../gdebi-core_0.9.5.3ubuntu3_all.deb ... 正在解包 gdebi-core (0.9.5.3ubuntu3) ... 正在选中未选择的软件包 krb5-config。 正准备解包 .../krb5-config_2.3_all.deb ... 正在解包 krb5-config (2.3) ... 正在选中未选择的软件包 krb5-user。 正准备解包 .../krb5-user_1.12+dfsg-2ubuntu5.4_amd64.deb ... 正在解包 krb5-user (1.12+dfsg-2ubuntu5.4) ... 正在选中未选择的软件包 ldap-utils。 正准备解包 .../ldap-utils_2.4.31-1+nmu2ubuntu8.5_amd64.deb ... 正在解包 ldap-utils (2.4.31-1+nmu2ubuntu8.5) ... 正在选中未选择的软件包 libglib2.0-bin。 正准备解包 .../libglib2.0-bin_2.40.2-0ubuntu1.1_amd64.deb ... 正在解包 libglib2.0-bin (2.40.2-0ubuntu1.1) ... 正在选中未选择的软件包 python3-packagekit。 正准备解包 .../python3-packagekit_0.8.12-1ubuntu5_all.deb ... 正在解包 python3-packagekit (0.8.12-1ubuntu5) ... 正在选中未选择的软件包 packagekit-backend-aptcc。 正准备解包 .../packagekit-backend-aptcc_0.8.12-1ubuntu5_amd64.deb ... 正在解包 packagekit-backend-aptcc (0.8.12-1ubuntu5) ... 正准备解包 .../policykit-1_0.105-4ubuntu3.14.04.6_amd64.deb ... 正在将 policykit-1 (0.105-4ubuntu3.14.04.6) 解包到 (0.105-4ubuntu3.14.04.1) 上 ... 正在选中未选择的软件包 packagekit。 正准备解包 .../packagekit_0.8.12-1ubuntu5_amd64.deb ... 正在解包 packagekit (0.8.12-1ubuntu5) ... 正在选中未选择的软件包 packagekit-tools。 正准备解包 .../packagekit-tools_0.8.12-1ubuntu5_amd64.deb ... 正在解包 packagekit-tools (0.8.12-1ubuntu5) ... 正在选中未选择的软件包 python-crypto。 正准备解包 .../python-crypto_2.6.1-4ubuntu0.3_amd64.deb ... 正在解包 python-crypto (2.6.1-4ubuntu0.3) ... 正在选中未选择的软件包 python-tdb。 正准备解包 .../python-tdb_1.3.8-0ubuntu0.14.04.1_amd64.deb ... 正在解包 python-tdb (1.3.8-0ubuntu0.14.04.1) ... 正在选中未选择的软件包 python-samba。 正准备解包 .../python-samba_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb ... 正在解包 python-samba (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在选中未选择的软件包 realmd。 正准备解包 .../realmd_0.15.0-1ubuntu0.1_amd64.deb ... 正在解包 realmd (0.15.0-1ubuntu0.1) ... 正在选中未选择的软件包 samba-common-bin。 正准备解包 .../samba-common-bin_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb ... 正在解包 samba-common-bin (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在选中未选择的软件包 samba-dsdb-modules。 正准备解包 .../samba-dsdb-modules_2%3a4.3.11+dfsg-0ubuntu0.14.04.20_amd64.deb ... 正在解包 samba-dsdb-modules (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在选中未选择的软件包 wamerican。 正准备解包 .../wamerican_7.1-1_all.deb ... 正在解包 wamerican (7.1-1) ... 正在选中未选择的软件包 libipa-hbac0。 正准备解包 .../libipa-hbac0_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 libipa-hbac0 (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 libpam-sss:amd64。 正准备解包 .../libpam-sss_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 libpam-sss:amd64 (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 libsss-idmap0。 正准备解包 .../libsss-idmap0_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 libsss-idmap0 (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 libsss-sudo。 正准备解包 .../libsss-sudo_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 libsss-sudo (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 python-sss。 正准备解包 .../python-sss_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 python-sss (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-common。 正准备解包 .../sssd-common_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-common (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-ad-common。 正准备解包 .../sssd-ad-common_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-ad-common (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-krb5-common。 正准备解包 .../sssd-krb5-common_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-krb5-common (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-ad。 正准备解包 .../sssd-ad_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-ad (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-ipa。 正准备解包 .../sssd-ipa_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-ipa (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-krb5。 正准备解包 .../sssd-krb5_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-krb5 (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-ldap。 正准备解包 .../sssd-ldap_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-ldap (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-proxy。 正准备解包 .../sssd-proxy_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-proxy (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd。 正准备解包 .../sssd_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd (1.11.8-0ubuntu0.7) ... 正在选中未选择的软件包 sssd-tools。 正准备解包 .../sssd-tools_1.11.8-0ubuntu0.7_amd64.deb ... 正在解包 sssd-tools (1.11.8-0ubuntu0.7) ... 正在处理用于 man-db (2.6.7.1-1ubuntu1) 的触发器 ... 正在处理用于 shared-mime-info (1.2-0ubuntu3) 的触发器 ... 正在处理用于 ureadahead (0.100.0-16) 的触发器 ... ureadahead will be reprofiled on next reboot 正在设置 libglib2.0-0:amd64 (2.40.2-0ubuntu1.1) ... No schema files found: doing nothing. 正在设置 libkrb5support0:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libkrb5-3:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libgssapi-krb5-2:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libldap-2.4-2:amd64 (2.4.31-1+nmu2ubuntu8.5) ... 正在设置 liblzo2-2:amd64 (2.06-1.2ubuntu1.1) ... 正在设置 libnettle4:amd64 (2.7.1-1ubuntu0.2) ... 正在设置 libarchive13:amd64 (3.1.2-7ubuntu2.8) ... 正在设置 libavahi-common-data:amd64 (0.6.31-4ubuntu1.3) ... 正在设置 libavahi-common3:amd64 (0.6.31-4ubuntu1.3) ... 正在设置 libavahi-client3:amd64 (0.6.31-4ubuntu1.3) ... 正在设置 libcrack2:amd64 (2.9.1-1build1) ... 正在设置 libcups2:amd64 (1.7.2-0ubuntu1.11) ... 正在设置 libelfg0:amd64 (0.8.13-5) ... 正在设置 libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ... 正在设置 libgssrpc4:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libgstreamer1.0-0:amd64 (1.2.4-0ubuntu1.1) ... 正在设置 libkadm5clnt-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libkdb5-7:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libkadm5srv-mit9:amd64 (1.12+dfsg-2ubuntu5.4) ... 正在设置 libtalloc2:amd64 (2.1.5-0ubuntu0.14.04.1) ... 正在设置 libtdb1:amd64 (1.3.8-0ubuntu0.14.04.1) ... 正在设置 libtevent0:amd64 (0.9.28-0ubuntu0.14.04.1) ... 正在设置 libldb1:amd64 (1:1.1.24-0ubuntu0.14.04.2) ... 正在设置 libnl-3-200:amd64 (3.2.21-1ubuntu4.1) ... 正在设置 libnl-genl-3-200:amd64 (3.2.21-1ubuntu4.1) ... 正在设置 libnl-route-3-200:amd64 (3.2.21-1ubuntu4.1) ... 正在设置 libnspr4:amd64 (2:4.13.1-0ubuntu0.14.04.1) ... 正在设置 libpackagekit-glib2-16:amd64 (0.8.12-1ubuntu5) ... 正在设置 libpwquality-common (1.2.3-1ubuntu1.1) ... 正在设置 libpwquality1:amd64 (1.2.3-1ubuntu1.1) ... 正在设置 libpam-pwquality:amd64 (1.2.3-1ubuntu1.1) ... 正在设置 libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在设置 python-ldb (1:1.1.24-0ubuntu0.14.04.2) ... 正在设置 python-talloc (2.1.5-0ubuntu0.14.04.1) ... 正在设置 samba-common (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... Creating config file /etc/samba/smb.conf with new version 正在设置 samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在设置 libbasicobjects0:amd64 (0.3.0.1-4) ... 正在设置 libc-ares2:amd64 (1.10.0-2ubuntu0.2) ... 正在设置 libcollection2:amd64 (0.3.0.1-4) ... 正在设置 libdhash1:amd64 (0.3.0.1-4) ... 正在设置 libpath-utils1:amd64 (0.3.0.1-4) ... 正在设置 libref-array1:amd64 (0.3.0.1-4) ... 正在设置 libini-config3:amd64 (0.3.0.1-4) ... 正在设置 libnss-sss:amd64 (1.11.8-0ubuntu0.7) ... First installation detected... Checking NSS setup... 正在设置 libsystemd-journal0:amd64 (204-5ubuntu20.31) ... 正在设置 libsasl2-modules-gssapi-mit:amd64 (2.1.25.dfsg1-17build1) ... 正在设置 adcli (0.7.5-1) ... 正在设置 cracklib-runtime (2.9.1-1build1) ... 正在设置 python3-pkg-resources (3.3-1ubuntu2) ... 正在设置 python3-chardet (2.2.1-2~ubuntu1) ... 正在设置 python3-six (1.5.2-1ubuntu1.1) ... 正在设置 python3-debian (0.1.21+nmu2ubuntu2) ... 正在设置 gdebi-core (0.9.5.3ubuntu3) ... 正在设置 krb5-config (2.3) ... 正在设置 krb5-user (1.12+dfsg-2ubuntu5.4) ... 正在设置 ldap-utils (2.4.31-1+nmu2ubuntu8.5) ... 正在设置 libglib2.0-bin (2.40.2-0ubuntu1.1) ... 正在设置 python3-packagekit (0.8.12-1ubuntu5) ... 正在设置 packagekit-backend-aptcc (0.8.12-1ubuntu5) ... 正在设置 policykit-1 (0.105-4ubuntu3.14.04.6) ... 正在设置 packagekit (0.8.12-1ubuntu5) ... 正在设置 packagekit-tools (0.8.12-1ubuntu5) ... 正在设置 python-crypto (2.6.1-4ubuntu0.3) ... 正在设置 python-tdb (1.3.8-0ubuntu0.14.04.1) ... 正在设置 python-samba (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在设置 realmd (0.15.0-1ubuntu0.1) ... 正在设置 samba-common-bin (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在设置 samba-dsdb-modules (2:4.3.11+dfsg-0ubuntu0.14.04.20) ... 正在设置 wamerican (7.1-1) ... 正在设置 libipa-hbac0 (1.11.8-0ubuntu0.7) ... 正在设置 libpam-sss:amd64 (1.11.8-0ubuntu0.7) ... 正在设置 libsss-idmap0 (1.11.8-0ubuntu0.7) ... 正在设置 libsss-sudo (1.11.8-0ubuntu0.7) ... First installation detected... Checking NSS setup... 正在设置 python-sss (1.11.8-0ubuntu0.7) ... 正在设置 libnss3-nssdb (2:3.28.4-0ubuntu0.14.04.5) ... 正在设置 libnss3:amd64 (2:3.28.4-0ubuntu0.14.04.5) ... 正在设置 sssd-common (1.11.8-0ubuntu0.7) ... Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode sssd stop/pre-start, process 3956 sssd-autofs start/running, process 3990 正在处理用于 ureadahead (0.100.0-16) 的触发器 ... 正在设置 sssd-proxy (1.11.8-0ubuntu0.7) ... 正在设置 sssd-tools (1.11.8-0ubuntu0.7) ... 正在设置 sssd-ad-common (1.11.8-0ubuntu0.7) ... 正在设置 sssd-krb5-common (1.11.8-0ubuntu0.7) ... 正在设置 sssd-ad (1.11.8-0ubuntu0.7) ... 正在设置 sssd-ipa (1.11.8-0ubuntu0.7) ... 正在设置 sssd-krb5 (1.11.8-0ubuntu0.7) ... 正在设置 sssd-ldap (1.11.8-0ubuntu0.7) ... 正在设置 sssd (1.11.8-0ubuntu0.7) ... 正在处理用于 libc-bin (2.19-0ubuntu6.9) 的触发器 ...
6.Enter the name of the default realm with uppercases and press Enter key to continue the installation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 ┌────────────────────────────────────────────────────────────────────────┤ Configuring Kerberos Authentication ├────────────────────────────────────────────────────────────────────────│ │ When users attempt to use Kerberos and specify a principal or user name without specifying what administrative Kerberos realm that principal belongs to, the system appends the │ │ default realm. The default realm may also be used as the realm of a Kerberos service running on the local machine. Often, the default realm is the uppercase version of the local │ │ DNS domain. │ │ │ │ Default Kerberos version 5 realm: │ │ │ │ _____________________________________________________________________________________________________________________________________________________________________________________ │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────
7.创建 SSSD 配置文件.
1 $ sudo vi /etc/sssd/sssd.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [sssd] domains = tecmint.lan config_file_version = 2 services = nss, pam default_domain_suffix = TECMINT.LAN [domain/tecmint.lan] ad_domain = tecmint.lan krb5_realm = TECMINT.LAN realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u access_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad ldap_schema = ad dyndns_update = true dyndns_refresh_interval = 43200 dyndns_update_ptr = true dyndns_ttl = 3600
以下是我们自己的
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 root@bf-pc04:~# cat /etc/sssd/sssd.conf [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [sssd] domains = company.com config_file_version = 2 services = nss, pam default_domain_suffix = company.COM [domain/company.com] ad_domain = company.com krb5_realm = company.COM realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True #use_fully_qualified_names = True 这个后来注释掉了 ??? full_name_format = %1$s fallback_homedir = /home/%u access_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad ldap_schema = ad dyndns_update = true dyndns_refresh_interval = 43200 dyndns_update_ptr = true dyndns_ttl = 3600
尤其是下面几个地方要修改为自己公司的域控地址、名称
1 2 3 4 5 domains = tecmint.lan default_domain_suffix = TECMINT.LAN [domain/tecmint.lan] ad_domain = tecmint.lan krb5_realm = TECMINT.LAN
8.下一步,修改 /etc/sssd/sssd.conf文件的权限为600.不然会启动报错的。
启动报错日志可以在/var/log/sssd/sssd.log中查看
1 $ sudo chmod 600 /etc/sssd/sssd.conf
9.接下来,配置/etc/realmd.conf文件.
1 $ sudo vi /etc/realmd.conf
输入以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 [active-directory] os-name = Linux Ubuntu os-version = 17.04 [service] automatic-install = yes [users] default-home = /home/%d/%u default-shell = /bin/bash [tecmint.lan] user-principal = yes fully-qualified-names = no
这里是我们自己的配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 root@bf-pc04:~# cat /etc/realmd.conf [active-directory] os-name = Linux Ubuntu bf-pc04 os-version = 14.04 [service] automatic-install = no [users] default-home = /home/%u default-shell = /bin/bash [company.com] user-principal = yes fully-qualified-names = no
10.最后一部修改/etc/samba/smb.conf 配置文件
1 2 3 4 5 6 workgroup = TECMINT client signing = yes client use spnego = yes kerberos method = secrets and keytab realm = TECMINT.LAN security = ads
测试samba配置文件参数是否正确
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 root@bf-pc04:~# cat /etc/samba/smb.conf # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Some options that are often worth tuning have been included as # commented-out examples in this file. # - When such options are commented with ";", the proposed setting # differs from the default Samba behaviour # - When commented with "#", the proposed setting is the default # behaviour of Samba but the option is considered important # enough to be mentioned here # # NOTE: Whenever you modify this file you should run the command # "testparm" to check that you have not made any basic syntactic # errors. #======================= Global Settings ======================= [global] #can access symbol link file in windows with samba unix extensions = no follow symlinks = yes wide links = yes ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = company client signing = yes client use spnego = yes kerberos method = secrets and keytab realm = company.COM security = ads # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no #### Networking #### # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes #### Debugging/Accounting #### # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ####### Authentication ####### # Server role. Defines in which mode Samba will operate. Possible # values are "standalone server", "member server", "classic primary # domain controller", "classic backup domain controller", "active # directory domain controller". # # Most people will want "standalone sever" or "member server". # Running as "active directory domain controller" will require first # running "samba-tool domain provision" to wipe databases and create a # new domain. server role = standalone server # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes # This option controls how unsuccessful authentication attempts are mapped # to anonymous connections map to guest = bad user ########## Domains ########### # # The following settings only takes effect if 'server role = primary # classic domain controller', 'server role = backup domain controller' # or 'domain logons' is set # # It specifies the location of the user's # profile directory from the client point of view) The following # required a [profiles] share to be setup on the samba server (see # below) ; logon path = \\%N\profiles\%U # Another common choice is storing the profile in the user's home directory # (this is Samba's default) # logon path = \\%N\%U\profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) ; logon drive = H: # logon home = \\%N\%U # The following setting only takes effect if 'domain logons' is set # It specifies the script to run during logon. The script must be stored # in the [netlogon] share # NOTE: Must be store in 'DOS' file format convention ; logon script = logon.cmd # This allows Unix users to be created on the domain controller via the SAMR # RPC pipe. The example command creates a user account with a disabled Unix # password; please adapt to your needs ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u # This allows machine accounts to be created on the domain controller via the # SAMR RPC pipe. # The following assumes a "machines" group exists on the system ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u # This allows Unix groups to be created on the domain controller via the SAMR # RPC pipe. ; add group script = /usr/sbin/addgroup --force-badname %g ############ Misc ############ # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /home/samba/etc/smb.conf.%m # Some defaults for winbind (make sure you're not using the ranges # for something else.) ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash # Setup usershare options to enable non-root users to share folders # with the net usershare command. # Maximum number of usershare. 0 (default) means that usershare is disabled. ; usershare max shares = 100 # Allow users who've been granted usershare privileges to create # public shares, not just authenticated ones usershare allow guests = yes #======================= Share Definitions ======================= # Un-comment the following (and tweak the other settings below to suit) # to enable the default home directory shares. This will share each # user's home directory as \\server\username [homes] comment = %h server Home Directories browseable = yes # By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them. read only = no # File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775. create mask = 0700 # Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775. directory mask = 0700 # By default, \\server\username shares can be connected to by anyone # with access to the samba server. # Un-comment the following parameter to make sure that only "username" # can connect to \\server\username # This might need tweaking when using external authentication schemes valid users = %S # Un-comment the following and create the netlogon directory for Domain Logons # (you need to configure Samba to act as a domain controller too.) ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; read only = yes # Un-comment the following and create the profiles directory to store # users profiles (see the "logon path" option above) # (you need to configure Samba to act as a domain controller too.) # The path below should be writable by all users so that their # profile directory may be created the first time they log on ;[profiles] ; comment = Users profiles ; path = /home/samba/profiles ; guest ok = no ; browseable = no ; create mask = 0600 ; directory mask = 0700 [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no # Uncomment to allow remote administration of Windows print drivers. # You may need to replace 'lpadmin' with the name of the group your # admin users are members of. # Please note that you also need to set appropriate Unix permissions # to the drivers directory for these users to have write rights in it ; write list = root, @lpadmin
使用testparm命令测试samba配置文件是否正确
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 root@bf-pc04:/etc/samba# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "syslog" option is deprecated Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = company realm = company.COM server string = %h server (Samba, Ubuntu) server role = standalone server security = ADS map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes kerberos method = secrets and keytab syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 client signing = if_required dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers
11.、当所有的配置都修改好了之后,我们就可以测试kerberos权限。这里需要使用域控管理员账号
1 2 $ sudo kinit ad_admin_user@DOMAIN.TLD $ sudo klist
1 2 3 4 5 6 7 8 9 10 11 root@bf-pc04:/etc/samba# kinit admin@company.COM Password for admin-@company.COM: root@bf-pc04:/etc/samba# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin-@company.COM Valid starting Expires Service principal 2019-05-17T17:12:28 2019-05-18T03:12:28 krbtgt/company.COM@company.COM renew until 2019-05-18T17:12:21
Step 3: Join Ubuntu to Samba4 Realm 12、使用realm加入域控
1 2 3 4 5 $ sudo realm discover -v DOMAIN.TLD $ sudo realm list $ sudo realm join TECMINT.LAN -U ad_admin_user -v $ sudo net ads join -k # 这一步要执行
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 root@bf-pc04:/etc/samba# realm discover -v company.COM * Resolving: _ldap._tcp.company.com * Performing LDAP DSE lookup on: 10.0.13.253 * Performing LDAP DSE lookup on: 10.0.17.228 * Performing LDAP DSE lookup on: 10.0.13.252 * Successfully discovered: company.com company.com type: kerberos realm-name: company.COM domain-name: company.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-realm-logins
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 root@bf-pc04:/etc/samba# realm list company.com type: kerberos realm-name: company.COM domain-name: company.com configured: kerberos-member server-software: active-directory client-software: winbind required-package: winbind required-package: libpam-winbind required-package: samba-common-bin login-formats: company\%U login-policy: allow-any-login company.com type: kerberos realm-name: company.COM domain-name: company.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-realm-logins
1 2 3 4 5 6 7 8 root@bf-pc04:/etc/samba# realm join company.COM -U admin- -v * Resolving: _ldap._tcp.company.com * Performing LDAP DSE lookup on: 10.0.13.253 * Performing LDAP DSE lookup on: 10.0.13.252 * Successfully discovered: company.com realm: 已加入该域 root@bf-pc04:/etc/samba#
13、After the domain binding took place, run the below command to assure that all domain accounts are permitted to authenticate on the machine.
1 $ sudo realm permit --all
1 2 3 4 $ sudo realm deny -a $ realm permit --groups ‘domain.tld\Linux Admins’ $ realm permit user@domain.lan $ realm permit DOMAIN\\User2
这一步会报错.目前还没查明怎么弄???
1 2 3 root@bf-pc04:/var/log# realm deny -a See: journalctl REALMD_OPERATION=r151224.2915 realm: Couldn't change permitted logins: The Samba provider cannot restrict permitted logins.
14、从Windows域控上就可以看到这台linux计算机了
15、In order to authenticate on Ubuntu machine with domain accounts you need to run pam-auth-update command with root privileges and enable all PAM profiles including the option to automatically create home directories for each domain account at the first login.
16、On systems manually edit /etc/pam.d/common-account file and the following line in order to automatically create homes for authenticated domain users.
1 session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
17、If Active Directory users can’t change their password from command line in Linux, open /etc/pam.d/common-password file and remove the use_authtok statement from password line to finally look as on the below excerpt.
1 password [success=1 default=ignore] pam_winbind.so try_first_pass
23、To use a domain account with root privileges on your Ubuntu machine, you need to add the AD username to the sudo system group by issuing the below command:
1 $ sudo usermod -aG sudo your_domain_user@domain.tld
24、To add root privileges for a domain group, open end edit /etc/sudoers file using visudo command and add the following line as illustrated.
1 %domain\ admins@tecmint.lan ALL=(ALL:ALL) ALL
25、To use domain account authentication for Ubuntu Desktop modify LightDM display manager by editing /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf file, append the following two lines and restart lightdm service or reboot the machine apply changes.
1 2 greeter-show-manual-login=true greeter-hide-users=true
26、To use short name format for Samba AD accounts, edit /etc/sssd/sssd.conf file, add the following line in [sssd] block as illustrated below.
27、In case you cannot login due to enumerate=true argument set in sssd.conf you must clear sssd cached database by issuing the below command:
1 $ rm /var/lib/sss/db/cache_tecmint.lan.ldb
补充 The Pluggable Authentication Modules library, or PAM
1 2 3 To enable this module we need to add the following line to /etc/pam.d/common-account: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
The common-account file is included by several other authentication files, so it will take effect for remote SSH logins, local GDM logins, and console logins too.
This is very handy but if your users are also able to access through Samba no home directory will be created, since it does not authenticate through PAM. The only way around this I found was through using the ‘root preexec’ directive in smb.conf for the home share. Like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 root preexec = /usr/sbin/smb-mkhomedir.sh %U root preexec = mkhomedir_helper "%u" #!/bin/bash #smb-mkhomedir.sh DHOME="/home" USERS_GID="1000" SKEL="/etc/skel" # Reads config file (will override defaults above) [ -r /etc/adduser.conf ] && . /etc/adduser.conf if [ -z $1 ]; then echo "Usage: $0 username" 1>&2 exit 1 fi if [ ! -e $DHOME/$1 ]; then mkdir -m $DIR_MODE -p $DHOME/$1 cp -R $SKEL/* $DHOME/$1 chown -R $1:$USERS_GID $DHOME/$1 fi exit 0
pam exec 模块
1 2 3 4 5 6 7 8 9 10 11 #!/bin/sh [ "$PAM_TYPE" = "open_session" ] || exit 0 { echo "User: $PAM_USER" echo "Ruser: $PAM_RUSER" echo "Rhost: $PAM_RHOST" echo "Service: $PAM_SERVICE" echo "TTY: $PAM_TTY" echo "Date: `date`" echo "Server: `uname -a`" }
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 root@fs-share:/var/log# cat pam_exec.log # 登陆账户 *** Tue Jun 4 13:32:39 2019 MAIL=/var/mail/bright.ma PAM_USER=bright.ma PAM_TYPE=open_session PAM_RUSER=root PAM_SERVICE=su PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games PAM_TTY=/dev/pts/0 LANG=en_US.UTF-8 PWD=/tmp # 下面是 退出登陆 *** Tue Jun 4 13:32:50 2019 PAM_USER=bright.ma PAM_TYPE=close_session PAM_RUSER=root PAM_SERVICE=su PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games PAM_TTY=/dev/pts/0 LANG=en_US.UTF-8 PWD=/tmp
1 2 3 4 5 6 7 默认配置 ldap_id_mapping = true ldap_idmap_range_min = 100000 ldap_idmap_range_max = 2000100000 ldap_idmap_range_size = 2000000000
微信