Question

最近使用Kerberos安装samba-share停止了工作。在另一台服务器上具有相同安装选项的相同共享有效。所以我假设我们的DNS设置和/或Active Directory设置没有任何问题。似乎是客户问题。

的输出

mount share

mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

fstab-entry看起来像这样：

//servername/share /home/username/share cifs _netdev,users,sec=krb5,noperm,noauto 0 0

日志显示：

Feb 21 10:01:11 clientserver cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=192.168.0.7;ip4=192.168.0.7;sec=krb5;uid=0x2b9d;creduid=0x2b9d;user=username;pid=0x68c6

Feb 21 10:01:11 clientserver cifs.upcall: ver=2
Feb 21 10:01:11 clientserver cifs.upcall: host=192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: ip=192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: sec=1
Feb 21 10:01:11 clientserver cifs.upcall: uid=11165
Feb 21 10:01:11 clientserver cifs.upcall: creduid=11165
Feb 21 10:01:11 clientserver cifs.upcall: user=username
Feb 21 10:01:11 clientserver cifs.upcall: pid=26822
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/11165': No such file or directory
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_11165 is valid ccache
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11167
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11167 is owned by 11167, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_0 is owned by 0, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11176
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11176 is owned by 11176, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11174
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11174 is owned by 11174, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11308
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11308 is owned by 11308, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: getting service ticket for 192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: cifs_krb5_get_req: unable to get credentials for 192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Feb 21 10:01:11 clientserver cifs.upcall: Unable to obtain service ticket
Feb 21 10:01:11 clientserver cifs.upcall: Exit status -1765328377

似乎主机名解析无法正常工作。我不知道cifs.upcall如何获取主机名，但如果我检查DNS记录A，PTR似乎没问题。 netbios解决方案也有效。

那么kerberos如何查找主机名。它是否从UNC-Path中提取主机名？

将主机名写入/ etc / hosts也不起作用。然而，另一台具有相同windbind，samba，cifs.upcall和kerberos版本的服务器确实有效。 resolv.conf也有相同的条目。还有一些其他samba-shares与kerberos完美配合。所以我现在有点卡住了。任何帮助将不胜感激。

Answer 1

尝试在/etc/request-key.d /

中添加'-t'选项来调用cifs.upcall

在我的情况下（ubuntu）它是文件/etc/request-key.d/cifs.spnego.conf

当时：创建cifs.spnego * * /usr/sbin/cifs.upcall％k

更改：创建cifs.spnego * * /usr/sbin/cifs.upcall -t％k

使用kerberos挂载cifs-share失败：挂载错误（126）：必需的密钥不可用

1 个答案: