1. 首頁
  2. 問答
  3. 使用Kerberos安裝cifs-share失敗:安裝錯誤(126):必需的密鑰不可用

使用Kerberos安裝cifs-share失敗:安裝錯誤(126):必需的密鑰不可用

2017-02-21 42 views
2

最近通過使用Kerberos掛載samba-share停止工作。與另一臺服務器上的相同安裝選項相同的份額可以工作。所以我認爲我們的DNS設置和/或Active Directory安裝沒有任何問題。似乎是一個客戶問題。使用Kerberos安裝cifs-share失敗:安裝錯誤(126):必需的密鑰不可用

輸出的

安裝份額

mount error(126): Required key not available 
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

fstab的入境看起來是這樣的:

//servername/share /home/username/share cifs _netdev,users,sec=krb5,noperm,noauto 0 0

日誌顯示此:

Feb 21 10:01:11 clientserver cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=192.168.0.7;ip4=192.168.0.7;sec=krb5;uid=0x2b9d;creduid=0x2b9d;user=username;pid=0x68c6 

Feb 21 10:01:11 clientserver cifs.upcall: ver=2 
Feb 21 10:01:11 clientserver cifs.upcall: host=192.168.0.7 
Feb 21 10:01:11 clientserver cifs.upcall: ip=192.168.0.7 
Feb 21 10:01:11 clientserver cifs.upcall: sec=1 
Feb 21 10:01:11 clientserver cifs.upcall: uid=11165 
Feb 21 10:01:11 clientserver cifs.upcall: creduid=11165 
Feb 21 10:01:11 clientserver cifs.upcall: user=username 
Feb 21 10:01:11 clientserver cifs.upcall: pid=26822 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/11165': No such file or directory 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11165 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_11165 is valid ccache 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11167 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11167 is owned by 11167, not 11165 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_0 is owned by 0, not 11165 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11176 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11176 is owned by 11176, not 11165 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11174 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11174 is owned by 11174, not 11165 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11308 
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11308 is owned by 11308, not 11165 
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: getting service ticket for 192.168.0.7 
Feb 21 10:01:11 clientserver cifs.upcall: cifs_krb5_get_req: unable to get credentials for 192.168.0.7 
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377) 
Feb 21 10:01:11 clientserver cifs.upcall: Unable to obtain service ticket 
Feb 21 10:01:11 clientserver cifs.upcall: Exit status -1765328377

似乎主機名解析無法正常工作。我不知道cifs.upcall如何獲取主機名,但如果我檢查DNS記錄A,PTR似乎沒問題。而netbios解決方案也有效。

那麼kerberos如何查找主機名。它是否將主機名提取出UNC-Path?

將主機名寫入/ etc/hosts也不起作用。儘管如此,另一臺服務器具有相同的windbind,samba,cifs.upcall和kerberos版本。 resolv.conf也有相同的條目。 還有一些與kerberos完美配合的其他samba-shares。所以我現在有點卡住了。任何幫助,將不勝感激。

來源

2017-02-21 Andre

回答

1

嘗試 '-t' 選項/etc/request-key.d/

添加到cifs.upcall的調用在我的情況下(Ubuntu的),這是文件/etc/request-key.d/ cifs.spnego.conf

那句話: 創建cifs.spnego * /usr/sbin/cifs.upcall%K

更改: 創建cifs.spnego * /usr/sbin/cifs.upcall - t%k

來源

2017-03-13 13:13:17

+0

非常感謝。現在它工作了! -t選項執行以下操作:使用krb5 upcalls時,用作服務主體主機部分的名稱默認爲UNC的主機名部分。此選項允許上調程序反向解析服務器的網絡地址以獲取主機名。 – Andre

+0

我真的不明白我有哪種DNS問題,因爲dns查找可以很好地解決所涉及主機名的IP地址。 – Andre

+0

問題不在於DNS解析自身,而是由於默認情況下它不信任該DNS。 –

相關問題

 相關問題