将Linux主机加入Active Directory无人值守

有没有办法通过凭证文件或使用密码哈希来提交密码？显然我不想把它作为纯文本传递.

@ewwhite感谢您的链接,我来看看.我不确定是什么,我绝对不反对使用SSSD,如果它让我完成同样的事情,它允许无人值守的配置.我使用Samba / Winbind更多地与我的舒适程度有关.你能否建议我如何使用SSSD做同样的事情,记住我不想手动输入密码？

相关的kickstart内容：

cat << EOF > /etc/samba/smb.conf
[global]
   encrypt passwords = yes
   # logs split per machine
   log file = /var/log/samba/log.%m
   # max 50KB per log file,then rotate
   max log size = 50
   passdb backend = tdbsam
EOF

chkconfig smb on
chkconfig nmb on
service smb restart
service nmb restart

cat << EOF > /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = AD.DOMAIN.NET
 dns_lookup_realm = true
 dns_lookup_kdc = true
 allow_weak_crypto = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 rdns = false
 forwardable = true

[realms]
 AD.DOMAIN.NET = {
  admin_server = dc01.ad.domain.net
  default_domain = ad.domain.net
  kdc = dc01.ad.domain.net
 }

[domain_realm]
 .ad.domain.net = AD.DOMAIN.NET
 ad.domain.net = AD.DOMAIN.NET
EOF

net time set -S dc01.ad.domain.net

/usr/bin/kinit -k -t addom.keytab Administrator@AD.DOMAIN.NET

authconfig --update 
           --kickstart 
           --enablewinbind 
           --enablewinbindauth 
           --smbsecurity=ads 
           --smbrealm=AD.DOMAIN.NET 
           --winbindjoin=administrator@AD.DOMAIN.NET 
           --winbindtemplatehomedir=/home/DOMAIN/%U 
           --winbindtemplateshell=/bin/bash 
           --enablewinbindusedefaultdomain 
           --enablelocauthorize 
           --smbservers=dc01.ad.domain.net 
           --enablemkhomedir 
           --smbidmaprange=100000-200000