无法获取领域的kerberos票证

Question

我已经成功地在AWS上构建了一个Active Director。我可以在同一个私有网络中的Centos7 EC2实例上ping该目录。现在，我尝试加入领域，但收到以下错误：

        [ec2-user@ip-172-22-2-182 ~]$ sudo realm join -U admin@corp.xxx.com corp.xxx.com --verbose
 * Resolving: _ldap._tcp.corp.xxx.com
 * Resolving: corp.xxx.com
 * Performing LDAP DSE lookup on: 172.22.2.34
 * Successfully discovered: corp.xxx.com
Password for admin@corp.xxx.com: 
 * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
 * LANG=C /usr/sbin/adcli join --verbose --domain xxx.com --domain-realm CORP.xxx.COM --domain-controller 172.22.2.34 --login-type user --login-user admin@xxx.com --stdin-password
 * Using domain name: corp.xxx.com
 * Calculated computer account name from fqdn: IP-172-22-2-182
 * Using domain realm: xxx.com
 * Sending netlogon pings to domain controller: cldap://172.22.2.34
 * Received NetLogon info from: WIN-QUUMO7C7PU3.xxx.com
 * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-g1oscN/krb5.d/adcli-krb5-conf-RlQBkY
 ! Couldn't get kerberos ticket for: admin@xxx.com: Cannot find KDC for realm "xxx.com"
adcli: couldn't connect to xxx.com domain: Couldn't get kerberos ticket for: admin@xxx.com: Cannot find KDC for realm "xxx.com"
 ! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
[ec2-user@ip-172-22-2-182 ~]$ 

有人知道如何解决这个问题吗？Amazon文档并未说明如何安装Samba及其与AWS Windows Active Directory的集成。它只具有注册主机enter link description here的链接

谢谢

Answer 1

不确定这是不是仍然没有解决，但我在将Ubuntu机器加入到我的域中时也遇到了同样的错误...如果您使用的是Ubuntu 16.04，您必须输入用户名的域名部分，全部为大写字母。

例如，admin@CORP.XXX.COM corp.xxx.com --verbose，为我工作。