无法获得kerberos门票

问题描述 投票:0回答:1

我已经在AWS上成功构建了一个Active Director。我可以从位于同一VPC中的Centos7 EC2实例ping目录。现在,我尝试加入这个领域,但是我收到以下错误:

        [ec2-user@ip-172-22-2-182 ~]$ sudo realm join -U [email protected] corp.xxx.com --verbose
 * Resolving: _ldap._tcp.corp.xxx.com
 * Resolving: corp.xxx.com
 * Performing LDAP DSE lookup on: 172.22.2.34
 * Successfully discovered: corp.xxx.com
Password for [email protected]: 
 * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
 * LANG=C /usr/sbin/adcli join --verbose --domain xxx.com --domain-realm CORP.xxx.COM --domain-controller 172.22.2.34 --login-type user --login-user [email protected] --stdin-password
 * Using domain name: corp.xxx.com
 * Calculated computer account name from fqdn: IP-172-22-2-182
 * Using domain realm: xxx.com
 * Sending netlogon pings to domain controller: cldap://172.22.2.34
 * Received NetLogon info from: WIN-QUUMO7C7PU3.xxx.com
 * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-g1oscN/krb5.d/adcli-krb5-conf-RlQBkY
 ! Couldn't get kerberos ticket for: [email protected]: Cannot find KDC for realm "xxx.com"
adcli: couldn't connect to xxx.com domain: Couldn't get kerberos ticket for: [email protected]: Cannot find KDC for realm "xxx.com"
 ! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
[ec2-user@ip-172-22-2-182 ~]$

谁知道如何解决它? Amazon Documentation没有说明如何安装Samba及其与AWS Windows Active Directory的集成。它只有这个链接来注册主机enter link description here

谢谢

amazon-web-services amazon-ec2 active-directory kerberos kdc
1个回答
2
投票

不确定这是否仍未解决,但是在将Ubuntu计算机加入我的域时遇到了同样的错误...如果您使用的是Ubuntu 16.04,则必须输入所有大写字母的用户名域名部分。

例如,[email protected] corp.xxx.com --verbose,为我工作。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.