krb5.confを編集
[realms]にADのRealmとサーバアドレスを追加(ホスト名の方がベターかも)$ sudo vim /private/etc/krb5.conf
HDP.LOCALDOMAIN = {
admin_server = 192.168.0.21
kdc = 192.168.0.21
}
ログインしてチケットを確認
$ kinithosako@HDP.LOCALDOMAIN's password:
HW11970:~ hosako$ klist
Credentials cache: API:301A5EDD-3897-4E1E-A4CE-52C35E56D494
Principal: hosako@HDP.LOCALDOMAIN
Issued Expires Principal
Oct 27 08:09:07 2017 Oct 27 18:09:07 2017 krbtgt/HDP.LOCALDOMAIN@HDP.LOCALDOMAIN
自分を検索してみる
IPだとうまく行きません$ ldapsearch -Y GSSAPI -R HDP.LOCALDOMAIN -U "hosako@hdp.localdomain" -b "dc=hdp,dc=localdomain" -h 192.168.0.21 "(sAMAccountName=hosako)"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text (Server (krbtgt/168.0.21@HDP.LOCALDOMAIN) unknown while looking up ...
FQDNだとうまく行きます。
$ ldapsearch -LL -Y GSSAPI -b "dc=hdp,dc=localdomain" -h WIN-TEST.hdp.localdomain "(sAMAccountName=hosako)" dn
SASL/GSSAPI authentication started
SASL username: hosako@HDP.LOCALDOMAIN
SASL SSF: 112
SASL data security layer installed.
version: 1
dn: CN=Hajime Osako,CN=Users,DC=hdp,DC=localdomain
...
Service Principal Nameでも検索してみる
$ ldapsearch -LL -Y GSSAPI -b "dc=hdp,dc=localdomain" -h WIN-TEST.hdp.localdomain "(serviceprincipalname=HTTP*)" dn
SASL/GSSAPI authentication started
SASL username: hosako@HDP.LOCALDOMAIN
SASL SSF: 112
SASL data security layer installed.
version: 1
dn: CN=HTTP/sandbox.hortonworks.com,OU=Hadoop,DC=hdp,DC=localdomain
...
0 件のコメント:
コメントを投稿