Centos 已成功加入域,无法创建密钥表?

Centos 已成功加入域,无法创建密钥表?

您好,我正在尝试创建密钥表。此客户端系统已加入域。

下面我遇到了一系列错误。不过看起来主要有两个错误,最明显的是:

create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for
file /var/lib/samba/lock/smb_tmp_krb5.S7p77o. Errno Permission denied

ads_connect: No logon servers are currently available to service the logon request.

。 和

kerberos_kinit_password [email protected] failed: Client not found in Kerberos database

$ net ads keytab create
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.3KhTHs. Errno Permission denied
Enter user's password:
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.S7p77o. Errno Permission denied
ads_connect: No logon servers are currently available to service the logon request.
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.njsTEl. Errno Permission denied
kerberos_kinit_password [email protected] failed: Client not found in Kerberos database
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.hwnaei. Errno Permission denied
ads_connect: No logon servers are currently available to service the logon request.

使用 sudo:

[user@hostname ~]$ sudo net ads keytab create
Enter root's password:
ads_connect: No logon servers are currently available to service the logon request.
kerberos_kinit_password [email protected] failed: Client not found in Kerberos database
ads_connect: No logon servers are currently available to service the logon request.

有人至少知道现在哪个错误是最重要的吗?

答案1

您运行了 kinit YOURADMINUSER 吗?

这对我来说解决了问题。来自https://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kinit.html

kinit 获取并缓存主体的初始票证授予票。

这是创建 keytab 所必需的,因为 keytab,

密钥表 (“密钥表”的缩写) 存储一个或多个主体的长期密钥。 https://web.mit.edu/kerberos/krb5-devel/doc/basic/keytab_def.html

我们需要第一张票来存储。

相关内容