Active Directory：Thunderbird LDAP 自动完成功能不适用于 Kerberos 身份验证

问题：

我正在尝试配置一个LDAP 邮件自动完成- 内置功能Mozilla Thunderbird17.0.5 @ Windows 7 x64 2008R2 域环境中。操作系统是 VBox 上的全新开箱安装。似乎我无法让它与 Kerberos 身份验证一起工作（原生 SSPI）。

我已经正确配置了 LDAP 参数 - 我已成功使用 Thunderbird 中的“简单”身份验证模式（该模式要求用户手动输入域凭据）验证了这一点。在该模式下，TB 自动完成功能有效。

但是，每当我切换到 Kerberos 身份验证时，我都不会得到自动完成结果。在我输入地址字段中的每个字母后，VBox 都会显示一些网络活动，但没有返回任何结果。

这对于标准用户帐户和域管理员帐户的作用相同。

问题：

据我所知，这可能是 Thunderbird 的一些问题，也可能是域/kerberos 问题。

根据谷歌搜索结果，Thunderbird 的这个功能并不流行，但我读到的大部分内容似乎都证明它应该在任何默认配置的域环境中工作。由于域控制器是由前员工设置的，因此域的某些功能可能被重新配置或禁用。我从未接触过内置的 Kerberos。

有人能建议我，我该寻找什么？

调试：

我尝试调试 Thunderbird 客户端，并得到了一个日志，我将把它发布在底部。日志中没有显示任何错误，尽管我对 Kerberos 的内部工作原理几乎一无所知，但据我所知，客户端正在尝试进行身份验证 ( InitializeSecurityContext: succeeded)，但似乎从未收到任何答复。然而 TB 也没有返回任何错误。

此外，无论我配置了正确的Bind DN名称（[email protected]是正确的）还是一些完全随机的字母，日志似乎都几乎相同。

如果我之后启动 Thunderbird klist purge，系统似乎可以正确获取新票（krbtgt\domain.mydomain.com和LDAP\dc02.domain.mydomain.com）。

雷鸟日志：

0[e0f140]:   nsAuthSSPI::Init
0[e0f140]:   InitSSPI
0[e0f140]: Using SPN of [ldap/mydomain.com]
0[e0f140]: AcquireCredentialsHandle() succeeded.
0[e0f140]: entering nsAuthSSPI::GetNextToken()
0[e0f140]: InitializeSecurityContext: continue.
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed; total pending operations now = 0
1428[e13ac0]: entering nsAuthSSPI::GetNextToken()
1428[e13ac0]: InitializeSecurityContext: succeeded.
1428[e13ac0]: pending operation added; total pending operations now = 1
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed; total pending operations now = 0
1428[e13ac0]: pending operation added; total pending operations now = 1
0[e0f140]:   nsAuthSSPI::Init
0[e0f140]: Using SPN of [ldap/mydomain.com]
0[e0f140]: AcquireCredentialsHandle() succeeded.
0[e0f140]: entering nsAuthSSPI::GetNextToken()
0[e0f140]: InitializeSecurityContext: continue.
0[e0f140]: pending operation added; total pending operations now = 2
1428[e13ac0]: pending operation removed; total pending operations now = 1
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed; total pending operations now = 0
1428[e13ac0]: entering nsAuthSSPI::GetNextToken()
1428[e13ac0]: InitializeSecurityContext: succeeded.
1428[e13ac0]: pending operation added; total pending operations now = 1
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed
1428[e13ac0]: nsLDAPConnection::RemovePendingOperation(): operation removed; total pending operations now = 0
1428[e13ac0]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=balsams*)(userPrincipalName=balsams*)(sn=balsams*)(cn=balsams*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=balsam*)(userPrincipalName=balsam*)(sn=balsam*)(cn=balsam*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=balsa*)(userPrincipalName=balsa*)(sn=balsa*)(cn=balsa*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=bals*)(userPrincipalName=bals*)(sn=bals*)(cn=bals*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=bal*)(userPrincipalName=bal*)(sn=bal*)(cn=bal*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=bals*)(userPrincipalName=bals*)(sn=bals*)(cn=bals*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=balsa*)(userPrincipalName=balsa*)(sn=balsa*)(cn=balsa*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: nsLDAPOperation::SearchExt(): called with aBaseDn = 'OU=MyContainer,DC=mydomain,DC=com'; aFilter = '(&(objectClass=person)(|(mail=balsam*)(userPrincipalName=balsam*)(sn=balsam*)(cn=balsam*)))'; aAttributes = a,sn,mail; aSizeLimit = 100
0[e0f140]: pending operation added; total pending operations now = 1
1428[e13ac0]: pending operation removed; total pending operations now = 0
0[e0f140]: unbinding
0[e0f140]: unbound
0[e0f140]: unbinding
0[e0f140]: unbound