我一直遵循[这些][1]说明来设置 Kerberos 以使用现有的 OpenLDAP 服务器作为其后端。
我在最后一步遇到了问题。我试图将现有用户添加为主体,并希望看到 kerberos 对象添加到 LDAP 数据库中的用户对象中。
我可以kinit毫无问题地运行。我进行了身份验证,没有收到任何错误:
> kinit {user}/admin@{REALM}
Password for {user}/admin@{REALM}:
> echo ${?}
0
>
然后我尝试运行kadmin.local并收到以下错误:
> kadmin.local
Authenticating as principal {user}/admin@{REALM} with password.
kadmin.local: LDAP bind dn value missing while initializing kadmin.local interface
>
我已回顾了说明中的所有步骤,但找不到我做错的地方。应该在哪里bind dn定义或配置?
更新:我刚刚发现该kadmind服务没有运行。它在启动时失败并出现类似错误:
root# systemctl status krb5-admin-server
x krb5-admin-server.service - Kerberos 5 Admin Server
Loaded: loaded (/lib/systemd/system/krb5-admin-server.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/krb5-admin-server.service.d
`-slapd-before-kdc.conf
Active: failed (Result: exit-code) since Wed 2023-10-11 10:53:58 EDT; 18min ago
Process: 315834 ExecStart=/usr/sbin/kadmind -nofork $DAEMON_ARGS (code=exited, status=1/FAILURE)
Main PID: 315834 (code=exited, status=1/FAILURE)
CPU: 90ms
Oct 11 10:53:58 isadm-a01 systemd[1]: Started Kerberos 5 Admin Server.
Oct 11 10:53:58 isadm-a01 kadmind[315834]: kadmind: LDAP bind dn value missing while initializing, aborting
Oct 11 10:53:58 isadm-a01 kadmind[315834]: LDAP bind dn value missing while initializing, aborting
Oct 11 10:53:58 isadm-a01 systemd[1]: krb5-admin-server.service: Main process exited, code=exited, status=1/FAILURE
Oct 11 10:53:58 isadm-a01 systemd[1]: krb5-admin-server.service: Failed with result 'exit-code'.