후속작입니다이 문제.
도메인 FOOBAR에 CentOS 7 시스템이 가입되어 있습니다. AD에 저장된 사용자 정보는 다음과 같은 방법으로 성공적으로 얻을 수 있습니다.
id [email protected]
getent passwd단 , getent groupAD에 정의된 사용자 및 그룹은 표시되지 않습니다.
다음은 관련 라인입니다 /etc/nsswitch.conf.
passwd: files sss
shadow: files sss
group: files sss
거기에 무엇을 추가해야 합니까?
답변1
@Doug O'Neal이 의견에서 제안했듯이
enumerate = true
존재하다 /etc/sssd/sssd.conf.
이제 AD에 정의된 모든 사용자 및 그룹이 getent passwd표시 됩니다.getent group
이 옵션은 일반적으로 권장되지 않습니다. 에서 man sssd.conf:
(...)
enumerate (bool)
Determines if a domain can be enumerated. This parameter can have one of the
following values:
TRUE = Users and groups are enumerated
FALSE = No enumerations for this domain
Default: FALSE
Note: Enabling enumeration has a moderate performance impact on SSSD while enumeration
is running. It may take up to several minutes after SSSD startup to fully complete
enumerations. During this time, individual requests for information will go directly
to LDAP, though it may be slow, due to the heavy enumeration processing. Saving a large
number of entries to cache after the enumeration completes might also be CPU intensive
as the memberships have to be recomputed.
While the first enumeration is running, requests for the complete user or group lists
may return no results until it completes.
Further, enabling enumeration may increase the time necessary to detect network
disconnection, as longer timeouts are required to ensure that enumeration
lookups are completed successfully. For more information, refer to the man pages for
the specific id_provider in use.
For the reasons cited above, enabling enumeration is not recommended, especially in
large environments.
(...)