我正在尝试设置一个测试环境来获取ipa和samba。
我有两台虚拟机,网络已设置好,一切运行正常。我正在尝试设置ipa,但在尝试启动服务samba时出现错误。samba
Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details.
[root@main samba]# tail log.smbd
[2017/01/23 23:16:23.606753, 0] ipa_sam.c:4193(bind_callback_cleanup)
kerberos error: code=-1765328378, message=Client 'cifs/[email protected]' not found in Kerberos database
[2017/01/23 23:16:23.606833, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 14 try!
[2017/01/23 23:16:24.606960, 1] ipa_sam.c:3711(ipasam_get_base_dn)
Failed to get base DN from RootDSE: Timed out
[2017/01/23 23:16:24.607023, 0] ipa_sam.c:4505(pdb_init_ipasam)
Failed to get base DN.
[2017/01/23 23:16:24.607068, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XXXXXX-XXXX.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
我可以登录系统并使用 测试帐户ipa。我已运行ipa-adtrust-install并按照步骤将 samba 连接到 ipa。我认为 kerberos 配置存在问题,但我无法弄清楚。
答案1
IPA 服务器中的 kerberos 配置存在问题,我通过运行 ipa-server-upgrade 解决了此问题。我不确定我在设置中做了什么导致此问题,但我需要将其设为 kerberos 授权。