And*_*dre 2 samba kerberos cifs
最近使用 Kerberos 安装 samba 共享停止工作。在另一台服务器上具有相同挂载选项的相同共享有效。所以我认为我们的 DNS 设置和/或 Active Directory 设置没有问题。好像是客户端的问题。
输出
挂载共享
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
fstab 条目如下所示:
//servername/share /home/username/share cifs _netdev,users,sec=krb5,noperm,noauto 0 0
日志显示:
Feb 21 10:01:11 clientserver cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=192.168.0.7;ip4=192.168.0.7;sec=krb5;uid=0x2b9d;creduid=0x2b9d;user=username;pid=0x68c6
Feb 21 10:01:11 clientserver cifs.upcall: ver=2
Feb 21 10:01:11 clientserver cifs.upcall: host=192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: ip=192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: sec=1
Feb 21 10:01:11 clientserver cifs.upcall: uid=11165
Feb 21 10:01:11 clientserver cifs.upcall: creduid=11165
Feb 21 10:01:11 clientserver cifs.upcall: user=username
Feb 21 10:01:11 clientserver cifs.upcall: pid=26822
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/11165': No such file or directory
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_11165 is valid ccache
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11167
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11167 is owned by 11167, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_0 is owned by 0, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11176
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11176 is owned by 11176, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11174
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11174 is owned by 11174, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11308
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11308 is owned by 11308, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: getting service ticket for 192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: cifs_krb5_get_req: unable to get credentials for 192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Feb 21 10:01:11 clientserver cifs.upcall: Unable to obtain service ticket
Feb 21 10:01:11 clientserver cifs.upcall: Exit status -1765328377
似乎主机名解析无法正常工作。我不知道 cifs.upcall 如何获取主机名,但如果我检查 DNS 记录 A,PTR 似乎没问题。netbios 分辨率也确实有效。
那么 kerberos 如何查找主机名。它是否从 UNC 路径中提取主机名?
将主机名写入 /etc/hosts 也不起作用。尽管如此,具有相同windbind、samba、cifs.upcall 和kerberos 版本的另一台服务器确实可以工作。resolv.conf 也有相同的条目。还有其他一些与 kerberos 完美配合的 samba 共享。所以我现在有点卡住了。任何帮助,将不胜感激。
小智 5
尝试在 /etc/request-key.d/ 中添加 '-t' 选项来调用 cifs.upcall
在我的情况下(ubuntu)它是文件 /etc/request-key.d/cifs.spnego.conf
是:创建 cifs.spnego * * /usr/sbin/cifs.upcall %k
更改:创建 cifs.spnego * * /usr/sbin/cifs.upcall -t %k
| 归档时间: |
|
| 查看次数: |
7346 次 |
| 最近记录: |