Ubuntu 无法从 autofs 和 KRB5 挂载 CIFS 共享

我继承了一个 Ubuntu 14 文件服务器......

VERSION="14.04.5 LTS, Trusty Tahr"

客户端计算机是全新安装的 Ubuntu 18

VERSION="18.04.2 LTS (Bionic Beaver)"<br>
autofs/bionic-updates,now 5.1.2-1ubuntu3.1 amd64 [installed]<br>

我们在 Samba Active Directory (AD) 域中...

(Samba server)VERSION="14.04.5 LTS, Trusty Tahr"
(Samba)Version 4.3.11-Ubuntu

我已使用 配置了测试 SMB 挂载autofs。当我尝试以所有者“UserName”（Samba Active Directory 域用户）身份访问共享时，它会尝试挂载，但失败（请参阅下面的错误）。

我能够安装共享手动在命令行中。

root@LocalComputer:/mnt# sudo mount -t cifs -o rw,user=UserName,domain=DomainName  \\\\ShareServer\\testshare /mnt/test/
Password for UserName@\ShareServer\testshare:  *****************
root@LocalComputer:/mnt# cd test
root@LocalComputer:/mnt/test# ls -la
total 0
drwxr-xr-x 2 root root 0 Mai 23 13:35 .
drwxr-xr-x 3 root root 0 Mai 24 15:49 ..
drwxr-xr-x 2 root root 0 Mai 24 12:39 UserName

...但无法autofs...

UserName@LocalComputer:/mnt$ cd test/
-bash: cd: test/: No such file or directory
UserName@LocalComputer:/mnt$ 

服务器上的 Kerberos 似乎没问题……

root@LocalComputer:/mnt# kinit -l 10h -r 5d UserName
Password for UserName@DomainName:*****************

root@LocalComputer:/mnt# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: UserName@DomainName

Valid starting       Expires              Service principal
24.05.2019 16:19:00  25.05.2019 02:18:54  krbtgt/DomainName@DomainName
    renew until 29.05.2019 16:18:54

我该怎么做才能允许此用户使用 AD 提供的身份验证自动挂载共享？这与user=root错误日志中的内容有关吗？

系统日志错误

May 24 15:41:29 LocalComputer kernel: [ 3051.503993] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
May 24 15:41:29 LocalComputer cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=ShareServer.itec.uni-karlsruhe.de;ip4=xxx.xxx.xx9.10;sec=krb5;uid=0x0;creduid=0x1f420;user=root;pid=0x9e8
May 24 15:41:29 LocalComputer cifs.upcall: ver=2
May 24 15:41:29 LocalComputer cifs.upcall: host=ShareServer.itec.uni-karlsruhe.de
May 24 15:41:29 LocalComputer cifs.upcall: ip=xxx.xxx.xx9.10
May 24 15:41:29 LocalComputer cifs.upcall: sec=1
May 24 15:41:29 LocalComputer cifs.upcall: uid=0
May 24 15:41:29 LocalComputer cifs.upcall: creduid=123456
May 24 15:41:29 LocalComputer cifs.upcall: user=root
May 24 15:41:29 LocalComputer cifs.upcall: pid=2536
May 24 15:41:29 LocalComputer cifs.upcall: get_cachename_from_process_env: pathname=/proc/2536/environ
May 24 15:41:29 LocalComputer cifs.upcall: unable to init krb5 context: 13
May 24 15:41:29 LocalComputer kernel: [ 3051.567301] CIFS VFS: Send error in SessSetup = -126
May 24 15:41:29 LocalComputer kernel: [ 3051.567318] CIFS VFS: cifs_mount failed w/return code = -126
May 24 15:41:29 LocalComputer cifs.upcall: Exit status 1

自动主机管理工具

+dir:/etc/auto.master.d
+auto.master
/mnt /etc/auto.cifs

/etc/auto.cifs

test   -fstype=cifs,multiuser,cruid=${UID},sec=krb5  ://ShareServer.DomainName/testshare

autofs 启动正常

May 24 16:27:23 LocalComputer systemd[1]: Stopping Automounts filesystems on demand...
May 24 16:27:24 LocalComputer automount[2875]: umount_autofs_indirect: ask umount returned busy /mnt
May 24 16:27:25 LocalComputer systemd[1]: Stopped Automounts filesystems on demand.
May 24 16:27:25 LocalComputer systemd[1]: Starting Automounts filesystems on demand...
May 24 16:27:25 LocalComputer systemd[1]: Started Automounts filesystems on demand.