您好,我正在尝试创建密钥表。此客户端系统已加入域。
下面我遇到了一系列错误。不过看起来主要有两个错误,最明显的是:
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for
file /var/lib/samba/lock/smb_tmp_krb5.S7p77o. Errno Permission denied
。
ads_connect: No logon servers are currently available to service the logon request.
。 和
kerberos_kinit_password [email protected] failed: Client not found in Kerberos database
。
$ net ads keytab create
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.3KhTHs. Errno Permission denied
Enter user's password:
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.S7p77o. Errno Permission denied
ads_connect: No logon servers are currently available to service the logon request.
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.njsTEl. Errno Permission denied
kerberos_kinit_password [email protected] failed: Client not found in Kerberos database
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/lock/smb_tmp_krb5.hwnaei. Errno Permission denied
ads_connect: No logon servers are currently available to service the logon request.
使用 sudo:
[user@hostname ~]$ sudo net ads keytab create
Enter root's password:
ads_connect: No logon servers are currently available to service the logon request.
kerberos_kinit_password [email protected] failed: Client not found in Kerberos database
ads_connect: No logon servers are currently available to service the logon request.
有人至少知道现在哪个错误是最重要的吗?
答案1
您运行了 kinit YOURADMINUSER 吗?
这对我来说解决了问题。来自https://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kinit.html
kinit 获取并缓存主体的初始票证授予票。
这是创建 keytab 所必需的,因为 keytab,
密钥表 (“密钥表”的缩写) 存储一个或多个主体的长期密钥。 https://web.mit.edu/kerberos/krb5-devel/doc/basic/keytab_def.html
我们需要第一张票来存储。