Þ•üüQÜ N!pr#x#œ#À(ä! /4=NW^f ofyIà* 6A Q_q‘w 6E_bÂ(Çðù(x:;³+ï1=Sg~†"žÁÞ ùdE’@Ø%2?EKT g¯ *8OT]o† œ ª¸ ÌÚ!î&3@MRUX akszR˜ë òh°2 C €S ÄÔ Î™!Õh";>#"z#!#"¿##â#$ $'$4$=$U$g$o$„$tŒ$% %(%6H%%%[˜%ô%ü%&-&>&O&f&w&L{&È&ä&ÿ&'' 3'>'O'(g'0'0Á'1ò'$(,(.D()s([(_ù(+Y)6…)¼)#Ñ)õ)**.*A*V*t*5‹* Á*â*@÷**8+,c+ ++±+SÝ+V1,:ˆ,1Ã,6õ,.,-.[-*Š-%µ-(Û-*.C/.'s.-›./É.$ù.</5[/=‘/1Ï/:07<0-t0+¢0>Î0? 1)M1+w1£1*Ã1Mî1O<29Œ20Æ25÷2X-3-†3)´3$Þ3'4)+4BU4&˜4,¿4.ì4#54?5&t5%›5>Á5 61!6(S6;|6D¸63ý6)170[7)Œ7X¶7(8*880c8”8-¤8Ò8G`9F¨9ï9:D.:4s:¨:¼:Û:4ï:'$;|L;LÉ<===2=L=f=ƒ==¢=«=¼=Å=Ì=Ô=Ý=[æ=UB>˜> ¤>¯>Ê>Ý>ò>]ù>W?r?Š?‘?Jž?é?'ð?@%@2@9@W@ni@9Ø@)ATC“CW CøC ÿC DD)D0D9DIDYD^D{D‡DžDªD¶DÌDßDæD êDõDE E %E/E3E:E AEKEZE#aE<…E ÂEÌEÙEéE]öEŸTFôFGrG·G™GH¢áH1„I#¶IÚI öI(J@JVJbJrJ~J‘J £J®J ÁJxÌJEKTKjK.ŠK¹KÆKEÍKLL6LVLeL|L‹LšLNžLíLM$MQbQ"zQ:Q@ØQ!R;R*WR‚R)¡RËRèR!S!#S7ES'}S!¥S*ÇS!òS;T-PT3~T$²TF×T$U CU-dU-’U*ÀUëU#V(V"@V2cV8–V!ÏVñV* W?8W)xW¢W¿W!ØW!úW7X'TX!|X*žX!ÉX-ëXY9Y8YY’Y$±YÖY%õY>Z@ZZ›Z'ºZâZ0ûZ,['K[&s[š[%§[rÍ[5@\5v\¬\¿\6Õ\-]:]J]c]w]!—]“G€7V(ðX¬!åö?O¥QY-lïôHÃwÍzü¼#øuÇ6%,3ZK/=„5Ý¾k[qhŸL¯‡’IoÒÀ†JÏT.•ÚíBŒÙy·_µ²Å|s¹ˆ$—«Pr;SËtß¢ë‘9cÆîb¨à×±g»v§‹æxÐ&›¸©´ÑÊÌºÂšm°ªEdMÛž{ Š\'ìU–*Ø˜œ>¦û‚Þaä<Ä ½^Õ³é ~Nã‰4£òƒÈ™fiÜn0pWe@¿èúŽÖ]ñ)”ÁC÷1}FÔó` áDAêç2j¤ "…ù8õâÎRÓ+®¶¡É: / between elements | selects | next screen*Authentication ConfigurationLocal Authentication OptionsOther Authentication OptionsSmart Card Authentication OptionsUser Account Configuration

Tip: Smart cards support logging into both local and centrally managed accounts.Tip: This is managed via /etc/security/access.conf.ADS Realm:Ad_min Servers:Admin Server:Advanced _OptionsAlertAll configuration files which were modified by the previous authentication configuration change will be restored from backup. Revert the changes?Allow offline _loginAut_hentication Method:AuthenticationAuthentication ConfigurationAuthentication module %s/pam_%s.so is missing. Authentication process might not work correctly.BackBad smart card removal action specified.Base DN:Cache InformationCancelCard Re_moval Action:Certificate _URL:Click this button if you did not download a CA certificate yet or you have not set the CA certificate up by other means.Control how the system verifies users who attempt to log inCreate _home directories on the first loginDo not configure _NTPDo_n't SaveDomain Administrator:Domain Controllers:Domain _administrator:Domain:Download CA CertificateEnable _fingerprint reader supportEnable _local access controlEnable _smart card supportError downloading CA certificateFingerprint authentication allows you to log in by scanning your finger with the fingerprint reader.Fingerprint readerHashing or crypto algorithm used for storing passwords of local usersHostname or ldap:// or ldaps:// URI pointing to the LDAP server.IPA R_ealm:IPA _Domain:IPA _Server:IPAv2IPAv2 SettingsIPAv2 domain join was not succesful. The ipa-client-install command failed.IPAv2 passwordIf the home directory of an user doesn't exist yet it will be created automatically on his first login.IgnoreJoin DomainJoin SettingsJoining Winbind DomainKDC:KerberosKerberos SettingsKerberos passwordLDAPLDAP Search _Base DN:LDAP SettingsLDAP _Server:LDAP authenticationLDAP passwordLocal accounts onlyLocal authorization is sufficientLockNISNIS SettingsNIS _Domain:NIS _Server:NIS passwordNextNoOkPasswordPassword:R_ealm:Realm:Require smart car_d for loginRestore the configuration files backed up before the previous configuration changeRevertSave SettingsSecurity Model:Server:Smart card authentication allows you to log in using a certificate and key associated with a smart card.Some of the configuration changes you've made should be saved to disk before continuing. If you do not save them, then your attempt to join the domain may fail. Save changes?Te_mplate Shell:Template Shell:The %s file was not found, but it is required for %s support to work properly. Install the %s package, which provides this file.To connect to a LDAP server with TLS protocol enabled you need a CA certificate which signed your server's certificate. Copy the certificate in the PEM format to the '%s' directory. Then press OK.To verify the LDAP server with TLS protocol enabled you need a CA certificate which signed the server's certificate. Please fill in the URL where the CA certificate in the PEM format can be downloaded from.Unable to initialize graphical environment. Most likely cause of failure is that the tool was not run using a graphical environment. Please either start your graphical user interface or set your DISPLAY variable. Unknown password hashing algorithm specified, using sha256.Use DNS to _locate KDCs for realmsUse DNS to locate KDCs for realmsUse DNS to resolve hosts to realmsUse D_NS to resolve hosts to realmsUse Fingerprint readerUse IPAv2Use KerberosUse LDAPUse LDAP AuthenticationUse MD5 PasswordsUse NISUse Shadow PasswordsUse TLSUse Transport Layer Security extension for LDAP as defined by RFC-2830. It must not be ticked with ldaps server URI.Use WinbindUse Winbind AuthenticationUse _TLS to encrypt connectionsUse the "Join Domain" button to join the IPAv2 domain.User InformationWarningWhen enabled /etc/security/access.conf will be consulted for authorization of users access.WinbindWinbind ADS R_ealm:Winbind Domain Co_ntrollers:Winbind SettingsWinbind _Domain:Winbind authenticationWinbind passwordYesYou must provide ldaps:// server address or use TLS for LDAP authentication._Download CA Certificate..._Identity & Authentication_Join Domain..._KDCs:_Password Hashing Algorithm:_Password:_Security Model:_User Account Database:action to be taken on smart card removalauthenticate system accounts by local files onlyauthenticate system accounts by network servicesauthorize local users also through remote servicecachingcan only be run as rootcheck access.conf during account authorizationconfigures winbind to allow offline loginconfigures winbind to assume that users with no domain in their user names are domain usersconfigures winbind to assume that users with no domain in their user names are not domain usersconfigures winbind to prevent offline logincreate home directories for users on their first logindefault LDAP base DNdefault LDAP server hostname or URIdefault NIS domaindefault NIS serverdefault hesiod LHSdefault hesiod RHSdefault kerberos KDCdefault kerberos admin serverdefault kerberos realmdefault realm for samba and winbind when security=adsdefault smart card module to usedialog was cancelleddisable IPAv2 for user information and authentication by defaultdisable LDAP for authentication by defaultdisable LDAP for user information by defaultdisable MD5 passwords by defaultdisable NIS for user information by defaultdisable SSSD for authentication by default (still used for supported configurationsdisable SSSD for user information by default (still used for supported configurations)disable authentication with fingerprint readers by defaultdisable authentication with smart card by defaultdisable caching of user credentials in SSSD by defaultdisable caching of user information by defaultdisable hesiod for user information by defaultdisable kerberos authentication by defaultdisable shadowed passwords by defaultdisable use of DNS to find kerberos KDCsdisable use of DNS to find kerberos realmsdisable use of RFC-2307bis schema for LDAP user information lookupsdisable use of TLS with LDAP (RFC-2830)disable winbind for authentication by defaultdisable winbind for user information by defaultdisable wins for hostname resolutiondisplay Back instead of Cancel in the main dialog of the TUIdo not check access.conf during account authorizationdo not create home directories for users on their first logindo not display the deprecated text user interfacedo not prefer dns over wins or nis for hostname resolutiondo not require smart card for authentication by defaultdo not setup the NTP against the IPAv2 domaindo not start/stop portmap, ypbind, and nscddo not update the configuration files, only print new settingsenable IPAv2 for user information and authentication by defaultenable LDAP for authentication by defaultenable LDAP for user information by defaultenable MD5 passwords by defaultenable NIS for user information by defaultenable SSSD for authentication by default with manually managed configurationenable SSSD for user information by default with manually managed configurationenable authentication with fingerprint readers by defaultenable authentication with smart card by defaultenable caching of user credentials in SSSD by defaultenable caching of user information by default (automatically disabled when SSSD is used)enable hesiod for user information by defaultenable kerberos authentication by defaultenable shadowed passwords by defaultenable use of DNS to find kerberos KDCsenable use of DNS to find kerberos realmsenable use of RFC-2307bis schema for LDAP user information lookupsenable use of TLS with LDAP (RFC-2830)enable winbind for authentication by defaultenable winbind for user information by defaultenable wins for hostname resolutiongid range winbind will assign to domain or ads usershash/crypt algorithm for new passwordsjoin the IPAv2 domain as this accountjoin the winbind domain or ads realm now as this administratorload CA certificate from the URLlocal authorization is sufficient for local usersnames of servers to authenticate againstnever use SSSD implicitly even for supported configurationsopposite of --test, update configuration files with changed settingsprefer dns over wins or nis for hostname resolutionprobe network for defaults and print themrequire smart card for authentication by defaultrestore the backup of configuration filesrestore the backup of configuration files saved before the previous configuration changesave a backup of all configuration filessecurity mode to use for samba and winbindsetup the NTP against the IPAv2 domain (default)shadow passwordthe IPAv2 domain the system should be part ofthe character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enabledthe directory which winbind-created users will have as home directoriesthe group which winbind-created users will have as their primary groupthe realm for the IPAv2 domainthe server for the IPAv2 domainthe shell which winbind-created users will have as their login shelluid range winbind will assign to domain or ads usersunexpected argumentupdate all configuration filesusage: %s [options]use SSSD implicitly if it supports the configurationworkgroup authentication servers are inProject-Id-Version: authconfig.default Report-Msgid-Bugs-To: POT-Creation-Date: 2012-05-02 17:32+0200 PO-Revision-Date: 2012-05-21 01:28-0400 Last-Translator: Leah Liu Language-Team: Wei Liu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Language: zh-Hans Plural-Forms: nplurals=1; plural=0; X-Generator: Zanata 1.5.0 / åœ¨å…ƒç´ é—´åˆ‡æ¢ | é€‰æ‹© | ä¸‹ä¸€é¡µ*éªŒè¯é…ç½®æœ¬åœ°éªŒè¯é€‰é¡¹å…¶å®ƒéªŒè¯é€‰é¡¹æ™ºèƒ½å¡éªŒè¯é€‰é¡¹ç”¨æˆ·å¸æˆ·é…ç½®

æç¤ºï¼šæ™ºèƒ½å¡å¯æ”¯æŒç™»å½•åˆ°æœ¬åœ°å’Œé›†ä¸ç®¡ç†çš„å¸æˆ·ã€‚æç¤ºï¼šè¿™æ˜¯ä½¿ç”¨ /etc/security/access.conf è¿›è¡Œç®¡ç†ã€‚ADS åŸŸï¼šç®¡ç†æœåŠ¡å™¨ï¼ˆ_mï¼‰ï¼šç®¡ç†æœåŠ¡å™¨ï¼šé«˜çº§é€‰é¡¹ï¼ˆ_Oï¼‰è¦å‘Šå°†ä»Žå¤‡ä»½ä¸æ¢å¤ä¹‹å‰ç”±éªŒè¯é…ç½®æ›´æ”¹ä¿®æ”¹çš„æ‰€æœ‰é…ç½®æ–‡ä»¶ã€‚æ¢å¤ä¿®æ”¹ï¼Ÿå…è®¸ç¦»çº¿ç™»å½•ï¼ˆ_lï¼‰éªŒè¯ï¼ˆ_hï¼‰æ–¹æ³•ï¼šéªŒè¯éªŒè¯é…ç½®ç¼ºå°‘éªŒè¯æ¨¡å— %s/pam_%s.so ã€‚éªŒè¯è¿›ç¨‹å¯èƒ½æ— æ³•æ£å¸¸è¿›è¡Œã€‚è¿”å›žæŒ‡å®šçš„é”™è¯¯æ™ºèƒ½å¡åˆ é™¤åŠ¨ä½œã€‚åŸºç‚¹ DNï¼šç¼“å˜ä¿¡æ¯å–æ¶ˆåˆ é™¤å¡çš„æ“ä½œï¼ˆ_mï¼‰ï¼šè¯ä¹¦ URL(_U)ï¼šå¦‚æžœæ‚¨è¿˜æ²¡æœ‰ä¸‹è½½ CA è¯ä¹¦æˆ–è€…è¿˜æ²¡æœ‰ä½¿ç”¨å…¶å®ƒæ–¹æ³•è®¾ç½® CA è¯ä¹¦ï¼Œè¯·ç‚¹å‡»è¿™ä¸ªæŒ‰é’®ã€‚æŽ§åˆ¶ç³»ç»Ÿå¯¹è¯•å›¾ç™»å½•çš„ç”¨æˆ·è¿›è¡Œæ ¡éªŒçš„æ–¹å¼åœ¨é¦–æ¬¡ç™»å½•æ—¶åˆ›å»ºä¸»ç›®å½•ï¼ˆ_hï¼‰ä¸è¦é…ç½® NTPï¼ˆ_Nï¼‰ä¸ä¿å˜ï¼ˆ_nï¼‰åŸŸç®¡ç†å‘˜ï¼šåŸŸæŽ§åˆ¶å™¨ï¼šåŸŸç®¡ç†å‘˜ï¼ˆ_aï¼‰ï¼šåŸŸï¼šä¸‹è½½ CA è¯ä¹¦å¯ç”¨æŒ‡çº¹è¯»å–å™¨æ”¯æŒï¼ˆ_fï¼‰å¯ç”¨æœ¬åœ°è®¿é—®æŽ§åˆ¶ï¼ˆ_lï¼‰å¯ç”¨æ™ºèƒ½å¡æ”¯æŒï¼ˆ_sï¼‰ä¸‹è½½ CA è¯ä¹¦é”™è¯¯æŒ‡çº¹éªŒè¯å…è®¸æ‚¨é€šè¿‡ä½¿ç”¨æŒ‡çº¹è¯»å–å™¨æ‰«ææŒ‡çº¹ç™»å½•ã€‚æŒ‡çº¹è¯»å–å™¨ä¿å˜æœ¬åœ°ç”¨æˆ·å¯†ç çš„æ•£åˆ—æˆ–è€…åŠ å¯†ç®—æ³•æŒ‡å‘ LDAP æœåŠ¡å™¨çš„ä¸»æœºåæˆ–è€… ldap:// æˆ–è€… ldaps:// URIã€‚IPA èŒƒå›´ï¼ˆ_eï¼‰ï¼šIPA åŸŸï¼ˆ_Dï¼‰ï¼šIPA æœåŠ¡å™¨ (_S)ï¼šIPAv2IPAv2 è®¾ç½®åŠ å…¥ IPAv2 åŸŸä¸æˆåŠŸã€‚ipa-client-install å‘½ä»¤å¤±è´¥ã€‚IPAv2 å¯†ç å¦‚æžœæŸä¸ªç”¨æˆ·çš„ä¸»ç›®å½•è¿˜ä¸å˜åœ¨ï¼Œå°±ä¼šåœ¨è¯¥ç”¨æˆ·é¦–æ¬¡ç™»å½•æ—¶åˆ›å»ºã€‚å¿½ç•¥åŠ å…¥åŸŸåŠ å…¥è®¾ç½®åŠ å…¥ Winbind åŸŸKDCï¼šKerberosKerberos è®¾ç½®Kerberos å¯†ç LDAPLDAP æœç´¢åŸºç‚¹ DN (_B)ï¼šLDAP è®¾ç½®LDAP æœåŠ¡å™¨ (_S)ï¼šLDAP éªŒè¯LDAP å¯†ç ä»…é™äºŽæœ¬åœ°å¸æˆ·æœ¬åœ°æŽˆæƒå³å¯é”å®šNISNIS è®¾ç½®NIS åŸŸ (_D)ï¼šNIS æœåŠ¡å™¨(_S)ï¼šNIS å¯†ç ä¸‹ä¸€æ¥å¦ç¡®å®šå¯†ç å¯†ç ï¼šåŸŸï¼ˆ_eï¼‰ï¼šåŸŸï¼šè¦æ±‚ä½¿ç”¨æ™ºèƒ½å¡ç™»å½•ï¼ˆ_dï¼‰æ¢å¤åœ¨ä¹‹å‰è¿›è¡Œçš„é…ç½®æ›´æ”¹å‰å¤‡ä»½çš„é…ç½®æ–‡ä»¶æ¢å¤ï¼šä¿å˜è®¾ç½®å®‰å…¨æ¨¡åž‹ï¼šæœåŠ¡å™¨ï¼šæ™ºèƒ½å¡è®¤è¯å…è®¸æ‚¨ä½¿ç”¨ä¸€ä¸ªè¯ä¹¦å’Œä¸€ä¸ªä¸Žæ™ºèƒ½å¡å…³è”çš„å¯†é’¥è¿›è¡Œç™»å½•ã€‚åœ¨ç»§ç»æ“ä½œå‰ï¼Œæ‚¨åº”è¯¥å°†æ‰€åšé…ç½®ä¿®æ”¹ä¿å˜åˆ°ç£ç›˜ä¸ã€‚å¦‚æžœæ‚¨ä¸ä¿å˜å®ƒä»¬ï¼Œé‚£ä¹ˆæ‚¨åŠ å…¥åŸŸçš„å°è¯•å°±ä¼šå¤±è´¥ã€‚ä¿å˜ä¿®æ”¹å—ï¼Ÿæ¨¡æ¿ Shellï¼ˆ_mï¼‰ï¼šæ¨¡æ¿ Shellï¼šæ²¡æœ‰æ‰¾åˆ° %s æ–‡ä»¶ã€‚%s æ”¯æŒéœ€è¦è¿™ä¸ªæ–‡ä»¶æ–¹å¯æ£å¸¸å·¥ä½œã€‚ å®‰è£…æä¾›è¯¥æ–‡ä»¶çš„ %s è½¯ä»¶åŒ…ã€‚è¦è¿žæŽ¥åˆ°ä½¿ç”¨ TLS çš„ LDAP æœåŠ¡å™¨ï¼Œæ‚¨éœ€è¦ç”¨æ¥ç¾ç½²æ‚¨æœåŠ¡å™¨è¯ä¹¦çš„ CA è¯ä¹¦ã€‚å°†è¿™ä¸ªè¯ä¹¦ä»¥ PEM çš„æ ¼å¼å¤åˆ¶åˆ° '%s' ç›®å½•ä¸ã€‚ ç„¶åŽæŒ‰â€œç¡®å®šâ€ã€‚è¦ç¡®å®šå¯ç”¨äº†å¸¦æœ‰ TLS åè®®çš„ LDAP æœåŠ¡å™¨ï¼Œæ‚¨éœ€è¦ç¾ç½²äº†æœåŠ¡å™¨è¯ä¹¦çš„ CAè¯ä¹¦ã€‚è¯·å¡«å†™å¯ä¸‹è½½ PEM æ ¼å¼ CA è¯ä¹¦çš„ URLã€‚æ— æ³•åˆå§‹åŒ–å›¾å½¢åŒ–çŽ¯å¢ƒã€‚å¯èƒ½çš„åŽŸå› æ˜¯å·¥å…·å¹¶éžåœ¨å›¾å½¢åŒ–çŽ¯å¢ƒä¸‹è¿è¡Œã€‚è¯· å¯åŠ¨æ‚¨çš„å›¾å½¢åŒ–çŽ¯å¢ƒæˆ–è€…è®¾ç½®æ‚¨çš„ DISPLAY å˜é‡ã€‚ æŒ‡å®šæœªçŸ¥å¯†ç æ•£åˆ—ç®—æ³•ï¼Œä½¿ç”¨ sha256ã€‚é€šè¿‡ DNS æŸ¥æ‰¾é¢†åŸŸçš„ KDC (_l)é€šè¿‡ DNS æŸ¥æ‰¾åŸŸçš„ KDCä½¿ç”¨ DNS å°†ä¸»æœºè§£æžåˆ°åŸŸä½¿ç”¨ DNS å°†ä¸»æœºè§£æžåˆ°åŸŸï¼ˆ_Nï¼‰ä½¿ç”¨æŒ‡çº¹è¯»å–å™¨ä½¿ç”¨ IPA2ä½¿ç”¨ Kerberosä½¿ç”¨ LDAPä½¿ç”¨ LDAP éªŒè¯ä½¿ç”¨ MD5 å¯†ç ä½¿ç”¨ NISä½¿ç”¨å½±åå¯†ç ä½¿ç”¨ TLSä½¿ç”¨ RFCï¼2830 ä¸º LDAP å®šä¹‰çš„ä¼ è¾“å±‚å®‰å…¨æ€§æ‰©å±•ã€‚ä¸€å®šä¸è¦å°†å…¶ä¸Ž ldaps æœåŠ¡å™¨ URI ä¸€åŒé€‰æ‹©ã€‚ä½¿ç”¨ Winbindä½¿ç”¨ Winbind éªŒè¯ä½¿ç”¨ TLS æ¥åŠ å¯†è¿žæŽ¥ (_T)ä½¿ç”¨â€œåŠ å…¥åŸŸâ€æŒ‰é’®åŠ å…¥ IPAv2 åŸŸã€‚ç”¨æˆ·ä¿¡æ¯è¦å‘Šå¯ç”¨ /etc/security/access.conf å°†åœ¨ç”¨æˆ·è®¿é—®æ—¶è¯¢é—®æŽˆæƒã€‚WinbindWinbind ADS åŸŸï¼ˆ_rï¼‰ï¼šWinbind åŸŸæŽ§åˆ¶å™¨ï¼ˆ_nï¼‰ï¼šWinbind è®¾ç½®Winbind åŸŸï¼ˆ_Dï¼‰ï¼šWinbind éªŒè¯Winbind å¯†ç æ˜¯æ‚¨å¿…é¡»æä¾› ldaps:// æœåŠ¡å™¨åœ°å€æˆ–è€…ä½¿ç”¨ TLS è¿›è¡Œ LDAP éªŒè¯ã€‚ä¸‹è½½ CA è¯ä¹¦ï¼ˆ_Dï¼‰......è¯†åˆ«ï¼ˆ_Iï¼‰å’ŒéªŒè¯åŠ å…¥åŸŸï¼ˆ_Jï¼‰......KDCï¼ˆ_Kï¼‰ï¼šå¯†ç æ•£åˆ—ç®—æ³•ï¼ˆ_Pï¼‰ï¼šå¯†ç ï¼ˆ_Pï¼‰ï¼šå®‰å…¨æ¨¡åž‹ï¼ˆ_Sï¼‰ï¼šç”¨æˆ·å¸æˆ·æ•°æ®åº“ï¼ˆ_Uï¼‰ï¼šåˆ é™¤æ™ºèƒ½å¡æ—¶è¿›è¡Œçš„æ“ä½œä»…é€šè¿‡æœ¬åœ°æ–‡ä»¶éªŒè¯ç³»ç»Ÿå¸æˆ·é€šè¿‡ç½‘ç»œæœåŠ¡è®¤è¯ç³»ç»Ÿå¸æˆ·ä¹Ÿå¯é€šè¿‡è¿œç¨‹æœåŠ¡æŽˆæƒæœ¬åœ°ç”¨æˆ·ç¼“å˜åªèƒ½ä»¥æ ¹ç”¨æˆ·èº«ä»½è¿è¡Œåœ¨å¸æˆ·éªŒè¯è¿‡ç¨‹ä¸æ£€æŸ¥ access.confå°† winbind é…ç½®ä¸ºå…è®¸ç¦»çº¿ç™»å½•å°† winbind é…ç½®ä¸ºå‡è®¾é‚£äº›ç”¨æˆ·åä¸æ²¡æœ‰åŸŸçš„ç”¨æˆ·ä¸ºåŸŸç”¨æˆ·å°† winbind é…ç½®ä¸ºå‡è®¾é‚£äº›ç”¨æˆ·åä¸æ²¡æœ‰åŸŸçš„ç”¨æˆ·ä¸æ˜¯åŸŸç”¨æˆ·å°† winbind é…ç½®ä¸ºé˜»æ¢ç¦»çº¿ç™»å½•åœ¨ç”¨æˆ·é¦–æ¬¡ç™»å½•æ—¶ä¸ºå…¶åˆ›å»ºä¸»ç›®å½•é»˜è®¤ LDAP åŸºç‚¹ DNé»˜è®¤ LDAP æœåŠ¡å™¨ä¸»æœºåæˆ–è€… URIé»˜è®¤ NIS åŸŸé»˜è®¤ NIS æœåŠ¡å™¨é»˜è®¤çš„ hesiod LHSé»˜è®¤çš„ hesiod RHS é»˜è®¤çš„ kerberos KDCé»˜è®¤çš„ kerberos ç®¡ç†æœåŠ¡å™¨é»˜è®¤çš„ kerberos åŸŸå½“ security=ads æ—¶ samba å’Œ winbind çš„é»˜è®¤åŸŸé»˜è®¤ä½¿ç”¨çš„æ™ºèƒ½å¡æ¨¡å—å¯¹è¯è¢«å–æ¶ˆé»˜è®¤ä¸ºç”¨æˆ·ä¿¡æ¯å’Œè®¤è¯ç¦ç”¨ IPAv2é»˜è®¤ç¦ç”¨ LDAP éªŒè¯é»˜è®¤åœ¨ç”¨æˆ·ä¿¡æ¯ä¸ç¦ç”¨ LDAPé»˜è®¤ç¦ç”¨ MD5 å¯†ç é»˜è®¤åœ¨ç”¨æˆ·ä¿¡æ¯ä¸ç¦ç”¨ NISåœ¨éªŒè¯ä¸é»˜è®¤ç¦ç”¨SSSDï¼ˆä»ç„¶ç”¨äºŽæ”¯æŒé…ç½®ï¼‰åœ¨ç”¨æˆ·ä¿¡æ¯ä¸é»˜è®¤ç¦ç”¨SSSDï¼ˆä»ç„¶ç”¨äºŽæ”¯æŒé…ç½®ï¼‰é»˜è®¤ç¦ç”¨æŒ‡çº¹è¯»å–å™¨éªŒè¯é»˜è®¤ç¦ç”¨æ™ºèƒ½å¡éªŒè¯åœ¨ SSSD ä¸é»˜è®¤ç¦ç”¨ç”¨æˆ·ä¿¡ç”¨ç¼“å˜é»˜è®¤ç¦ç”¨ç”¨æˆ·ä¿¡æ¯ç¼“å˜é»˜è®¤ç¦ç”¨ hesiod æ¥èŽ·å–ç”¨æˆ·ä¿¡æ¯é»˜è®¤ç¦ç”¨ kerberos éªŒè¯é»˜è®¤ç¦ç”¨å½±åå¯†ç ç¦ç”¨ DNS æ¥æŸ¥æ‰¾ kerberos KDCç¦ç”¨ DNS æ¥æŸ¥æ‰¾ kerberos åŸŸåœ¨ LDAP ç”¨æˆ·ä¿¡æ¯æŸ¥è¯¢ä¸ç¦ç”¨ RFC-2307bis æ–¹æ¡ˆç¦ç”¨ä½¿ç”¨ LDAP çš„ TLSï¼ˆRFC-2830ï¼‰é»˜è®¤ç¦ç”¨ winbind è¿›è¡ŒéªŒè¯é»˜è®¤ç¦ç”¨ winbind æ¥èŽ·å–ç”¨æˆ·ä¿¡æ¯ç¦ç”¨ wins è¿›è¡Œä¸»æœºåè§£æžåœ¨ TUI ä¸»å¯¹è¯æ¡†ä¸æ˜¾ç¤ºâ€œè¿”å›žâ€è€Œéžâ€œå–æ¶ˆâ€åœ¨å¸æˆ·éªŒè¯è¿‡ç¨‹ä¸ä¸æ£€æŸ¥ access.confä¸è¦ä¸ºç”¨æˆ·åœ¨å…¶é¦–æ¬¡ç™»å½•æ—¶åˆ›å»ºä¸»ç›®å½•ä¸æ˜¾ç¤ºè¿‡æ—¶çš„æ–‡æœ¬ç”¨æˆ·ç•Œé¢åœ¨ dnsã€wins æˆ–è€… nis ä¸ä¸é¦–é€‰ä½¿ç”¨ dns è¿›è¡Œä¸»æœºåè§£æžé»˜è®¤ä¸éœ€è¦ä½¿ç”¨æ™ºèƒ½å¡éªŒè¯ä¸è¦æ ¹æ® IPAv2 åŸŸè®¾ç½® NTPä¸è¦å¯åŠ¨/åœæ¢ portmapã€ypbind å’Œ nscdä¸æ›´æ–°é…ç½®æ–‡ä»¶ï¼Œåªè¾“å‡ºæ–°çš„è®¾ç½®é»˜è®¤ä¸ºç”¨æˆ·ä¿¡æ¯å’Œè®¤è¯å¯ç”¨ IPAv2é»˜è®¤å¯ç”¨ LDAP éªŒè¯é»˜è®¤åœ¨ç”¨æˆ·ä¿¡æ¯ä¸å¯ç”¨ LDAPé»˜è®¤å¯ç”¨ MD5 å¯†ç é»˜è®¤åœ¨ç”¨æˆ·ä¿¡æ¯ä¸å¯ç”¨ NISæ‰‹åŠ¨ç®¡ç†é…ç½®æ—¶åœ¨éªŒè¯ä¸é»˜è®¤å¯ç”¨ SSSDæ‰‹åŠ¨ç®¡ç†é…ç½®æ—¶åœ¨ç”¨æˆ·ä¿¡æ¯ä¸é»˜è®¤å¯ç”¨ SSSDé»˜è®¤å¯ç”¨æŒ‡çº¹è¯»å–å™¨éªŒè¯é»˜è®¤å¯ç”¨æ™ºèƒ½å¡éªŒè¯åœ¨ SSSD ä¸é»˜è®¤å¯ç”¨ç”¨æˆ·ä¿¡ç”¨ç¼“å˜é»˜è®¤å¯ç”¨ç”¨æˆ·ä¿¡æ¯ç¼“å˜ï¼ˆä½¿ç”¨ SSSD æ—¶è‡ªåŠ¨ç¦ç”¨ï¼‰é»˜è®¤å¯ç”¨ hesiod æ¥èŽ·å–ç”¨æˆ·ä¿¡æ¯é»˜è®¤å¯ç”¨ kerberos éªŒè¯é»˜è®¤å¯ç”¨å½±åå¯†ç å¯ç”¨ DNS æ¥æŸ¥æ‰¾ kerberos KDCå¯ç”¨ DNS æ¥æŸ¥æ‰¾ kerberos åŸŸåœ¨ LDAP ç”¨æˆ·ä¿¡æ¯æŸ¥è¯¢ä¸å¯ç”¨ RFC-2307bis æ–¹æ¡ˆå¯ç”¨ä½¿ç”¨ LDAP çš„ TLSï¼ˆRFC-2830ï¼‰é»˜è®¤å¯ç”¨ winbind è¿›è¡ŒéªŒè¯é»˜è®¤å¯ç”¨ winbind æ¥èŽ·å–ç”¨æˆ·ä¿¡æ¯å¯ç”¨ wins è¿›è¡Œä¸»æœºåè§£æžwinbind åˆ†é…åŸŸæˆ– ads ç”¨æˆ·çš„ gid èŒƒå›´æ–°å¯†ç çš„æ•£åˆ—/åŠ å¯†ç®—æ³•ä»¥è¿™ä¸ªå¸æˆ·åŠ å…¥ IPAv2 åŸŸç«‹å³ä½œä¸ºç³»ç»Ÿç®¡ç†å‘˜åŠ å…¥ winbind åŸŸæˆ– ads åŸŸä»Žè¿™ä¸ª URL è½½å…¥ CA è¯ä¹¦æœ¬åœ°ç”¨æˆ·ä½¿ç”¨æœ¬åœ°æŽˆæƒå³å¯ç”¨æ¥éªŒè¯çš„æœåŠ¡å™¨åç§°å³ä½¿é…ç½®æ”¯æŒä¹Ÿä¸è¦ä½¿ç”¨SSSDä¸Ž --test ç›¸åï¼Œä½¿ç”¨ä¿®æ”¹è¿‡çš„è®¾ç½®å‡çº§é…ç½®æ–‡ä»¶é¦–é€‰ä½¿ç”¨ dns è€Œä¸æ˜¯ wins æˆ–è€… nis è¿›è¡Œä¸»æœºåè§£æžæŽ¢æµ‹ç½‘ç»œé»˜è®¤å€¼å¹¶æ‰“å°é»˜è®¤éœ€è¦ä½¿ç”¨éªŒè¯æ™ºèƒ½å¡éªŒè¯æ¢å¤é…ç½®æ–‡ä»¶å¤‡ä»½åœ¨æ›´æ”¹ä¹‹å‰é…ç½®å‰æ¢å¤é…ç½®æ–‡ä»¶å¤‡ä»½ä¿å˜æ‰€æœ‰é…ç½®æ–‡ä»¶å¤‡ä»½samba å’Œ winbind ä½¿ç”¨çš„å®‰å…¨æ¨¡å¼æ ¹æ® IPAv2 åŸŸè®¾ç½® NTPï¼ˆé»˜è®¤ï¼‰å½±åå¯†ç ç³»ç»Ÿåº”ä¸ºå…¶ä¸€éƒ¨åˆ†çš„ IPAv2 åŸŸå¦‚æžœæ²¡æœ‰å¯ç”¨ winbindusedefaultdomainï¼Œç”¨æ¥åˆ†éš” winbind åˆ›å»ºçš„ç”¨æˆ·åä¸åŸŸå’Œç”¨æˆ·éƒ¨åˆ†çš„å—ç¬¦winbind åˆ›å»ºçš„ç”¨æˆ·çš„ç›®å½•å°†ä¼šä½œä¸ºä¸»ç›®å½•winbind åˆ›å»ºçš„ç”¨æˆ·ç»„ç¾¤å°†ä¼šä½œä¸ºä¸»è¦ç»„ç¾¤IPAv2 åŸŸçš„ realmIPAv2 åŸŸçš„æœåŠ¡å™¨winbind åˆ›å»ºçš„ç”¨æˆ· shell å°†ä¼šä½œä¸ºç™»å½• shellwinbind åˆ†é…åŸŸæˆ– ads ç”¨æˆ·çš„ uid èŒƒå›´é”™è¯¯çš„å‚æ•°æ›´æ–°æ‰€æœ‰é…ç½®æ–‡ä»¶ç”¨æ³•: %s [é€‰é¡¹]å¦‚æžœé…ç½®æ”¯æŒå°±æ˜¯ç”¨SSSDéªŒè¯æœåŠ¡å™¨æ‰€åœ¨çš„å·¥ä½œç»„