Acesso negado ao tentar ingressar no domínio do AD usando o Centos 7

3

Eu tentei por dias para conseguir essas instruções funcionarem, mas apesar de tudo, eu não posso entrar no meu domínio.

Quando executo realm discover , consigo ver meu domínio bem:

[root@centos5 ~]# realm discover home.domain.com
home.domain.com
  type: kerberos
  realm-name: HOME.domain.COM
  domain-name: home.domain.com
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
[root@centos5 ~]#

mas quando tento me juntar a ele, depois de receber a senha, recebo o seguinte:

[root@centos5 ~]# realm join -U user home.domain.com
Password for user:
See: journalctl REALMD_OPERATION=r158905.22733
realm: Couldn't join realm: Joining the domain home.domain.com failed
[root@centos5 ~]#

journalctl mostra o seguinte:

Mar 05 10:37:47 centos5.home.domain.com dbus[731]: [system] Activating service name='org.freedesktop.realmd' (using servicehelper)
Mar 05 10:37:47 centos5.home.domain.com dbus-daemon[731]: dbus[731]: [system] Activating service name='org.freedesktop.realmd' (using servicehelper)
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Loaded settings from: /usr/lib64/realmd/realmd-defaults.conf /usr/lib64/realmd/realmd-distro.conf
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: holding daemon: startup
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: starting service
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: connected to bus
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: released daemon: startup
Mar 05 10:37:47 centos5.home.domain.com dbus[731]: [system] Successfully activated service 'org.freedesktop.realmd'
Mar 05 10:37:47 centos5.home.domain.com dbus-daemon[731]: dbus[731]: [system] Successfully activated service 'org.freedesktop.realmd'
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: claimed name on bus: org.freedesktop.realmd
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: client using service: :1.112
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: holding daemon: :1.112
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Using 'r158905.22733' operation for method 'Discover' invocation on 'org.freedesktop.realmd.Provider' interface
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Registered cancellable for operation 'r158905.22733'
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]:  * Resolving: _ldap._tcp.home.domain.com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]:  * Resolving: _ldap._tcp.home.domain.com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]:  * Performing LDAP DSE lookup on: 192.168.2.6
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]:  * Performing LDAP DSE lookup on: 192.168.2.6
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Searching  for (objectClass=*)
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Got defaultNamingContext: DC=home,DC=domain,DC=com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Sending TCP Netlogon request
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]: Received TCP Netlogon response
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]:  * Successfully discovered: home.domain.com
Mar 05 10:37:47 centos5.home.domain.com realmd[22736]:  * Successfully discovered: home.domain.com
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Using 'r158905.22733' operation for method 'Join' invocation on 'org.freedesktop.realmd.KerberosMembership' interface
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Registered cancellable for operation 'r158905.22733'
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: holding daemon: current-invocation
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]:  * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]:  * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]:  * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.7OYXDY -U user ads join home.domain.com
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]:  * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.7OYXDY -U user ads join home.domain.com
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: process started: 22742
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Could not initialise message context. Try running as root
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Could not initialise message context. Try running as root
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Failed to join domain: Access is denied
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: Failed to join domain: Access is denied
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: process exited: 22742
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]:  ! Joining the domain home.domain.com failed
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]:  ! Joining the domain home.domain.com failed
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: released daemon: current-invocation
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: client gone away: :1.112
Mar 05 10:37:49 centos5.home.domain.com realmd[22736]: released daemon: :1.112

O que me confunde sobre a mensagem de log é que ela diz Não foi possível inicializar o contexto da mensagem. Tente executar como root . Não sei se isso tem algum significado, mas definitivamente estou rodando como root.

Outra coisa que é confusa é a mensagem Acesso negado . Tenho 100% de certeza de que tenho o usuário e a senha corretos ao tentar ingressar no domínio.

Apenas por completo, tentei seguir as mesmas instruções que funcionam bem em minhas máquinas virtuais do Centos 6, e também recebo um erro quando executo authconfig :

[root@centos5 ~]# authconfig --disablecache --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=HOME --smbrealm=HOME.DOMAIN.COM --enablewinbindusedefaultdomain --winbindtemplatehomedir=/home/HOME.ABO PU.COM/%U --winbindtemplateshell=/bin/bash --enablekrb5 --krb5realm=HOME.DOMAIN.COM --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall
Job for winbind.service failed because the control process exited with error code. See "systemctl status winbind.service" and "journalctl -xe" for details.
[root@centos5 ~]#

E recebo o seguinte no journalctl:

Mar 05 10:47:54 centos5.home.domain.com yum[22762]: Updated: krb5-libs-1.13.2-10.el7.x86_64
Mar 05 10:47:55 centos5.home.domain.com yum[22762]: Installed: pam_krb5-2.4.8-4.el7.x86_64
Mar 05 10:47:57 centos5.home.domain.com yum[22762]: Installed: krb5-workstation-1.13.2-10.el7.x86_64
Mar 05 10:47:58 centos5.home.domain.com yum[22762]: Updated: authconfig-6.2.8-10.el7.x86_64
Mar 05 10:48:13 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22831:15953076 (system bus name :1.116 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:13 centos5.home.domain.com systemd[1]: Reloading.
Mar 05 10:48:13 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Mar 05 10:48:13 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Mar 05 10:48:13 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22831:15953076 (system bus name :1.116, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:14 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22849:15953158 (system bus name :1.117 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:14 centos5.home.domain.com systemd[1]: Stopped Samba Winbind Daemon.
Mar 05 10:48:14 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22849:15953158 (system bus name :1.117, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:14 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22854:15953171 (system bus name :1.118 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:15 centos5.home.domain.com systemd[1]: Starting Samba Winbind Daemon...
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: [2016/03/05 10:48:16.221209,  0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache)
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: [2016/03/05 10:48:16.564406,  0] ../source3/winbindd/winbindd_util.c:736(init_domain_list)
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]:   Could not fetch our SID - did we join?
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]: [2016/03/05 10:48:16.564586,  0] ../source3/winbindd/winbindd.c:1294(winbindd_register_handlers)
Mar 05 10:48:16 centos5.home.domain.com winbindd[22861]:   unable to initialize domain list
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: winbind.service: main process exited, code=exited, status=1/FAILURE
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Failed to start Samba Winbind Daemon.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Unit winbind.service entered failed state.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: winbind.service failed.
Mar 05 10:48:16 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22854:15953171 (system bus name :1.118, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:16 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22864:15953418 (system bus name :1.119 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Reloading.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Mar 05 10:48:16 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Mar 05 10:48:16 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22864:15953418 (system bus name :1.119, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22882:15953455 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Stopped privileged operations for unprivileged applications.
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22882:15953455 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22887:15953465 (system bus name :1.121 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Started privileged operations for unprivileged applications.
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Starting privileged operations for unprivileged applications...
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22887:15953465 (system bus name :1.121, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22901:15953526 (system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Stopped System Security Services Daemon.
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22901:15953526 (system bus name :1.123, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:17 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22907:15953544 (system bus name :1.124 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:17 centos5.home.domain.com systemd[1]: Reloading.
Mar 05 10:48:18 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Mar 05 10:48:18 centos5.home.domain.com systemd[1]: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Mar 05 10:48:18 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22907:15953544 (system bus name :1.124, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 05 10:48:18 centos5.home.domain.com polkitd[856]: Registered Authentication Agent for unix-process:22925:15953582 (system bus name :1.125 [/usr/bin/pkttyagent --notify-fd 47 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 05 10:48:18 centos5.home.domain.com polkitd[856]: Unregistered Authentication Agent for unix-process:22925:15953582 (system bus name :1.125, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

O que pode estar causando isso?

    
por agent154 05.03.2016 / 15:34

2 respostas

1

Eu tive esse problema e (depois de horas de investigações) consegui resolvê-lo atualizando meus pacotes usando o yum. ou seja,

yum upgrade

    
por 11.05.2016 / 15:12
0

Agente 154.

Acredito que você tenha criado previamente a conta da máquina (conta de computador) em um contêiner do AD ao qual o usuário tem acesso total (ou seja, o usuário fornecido ao comando "realm join").

Espero que ajude.

    
por 10.03.2016 / 11:24