使用 kerberos 安装 cifs 未获取票证

tag-icon tag-icon 20.04 mount samba fstab cifs
使用 kerberos 安装 cifs 未获取票证

我正在尝试使用 Kerberos 身份验证在 Ubuntu 上挂载共享,使用 AD 帐户登录后,klist输出以下内容

Ticket cache: FILE:/tmp/krb5cc_1320813139_Ipmgx6
Default principal: [email protected]

Valid starting       Expires              Service principal
06.09.2022 14:15:58  07.09.2022 00:15:58  krbtgt/[email protected]
    renew until 07.09.2022 14:15:58

我还可以使用 列出股票smbclient -k -L XXXX.com

我正在使用这个脚本来进行安装:

#!/bin/bash


user=$(whoami)
cruid=$(whoami)
gid=$(id -g $user)
uid=$(id -u $user)

sudo mkdir /home/test
sudo mount --verbose -t cifs -o user=$user,cruid=$user,sec=krb5,gid=$gid,uid=$uid,vers=3.0 //XXX.com/XXXX /home/test

它输出以下错误::q

mount error(126): Required key not available

以下是/var/log/syslog

Sep  6 14:21:36 anis-VM kernel: [ 8682.404967] CIFS: Attempting to mount \\XXX.com\XXX
Sep  6 14:21:36 anis-VM cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=XXX.com;ip4=10.130.0.16;sec=krb5;uid=0x4eba0253;creduid=0x4eba0253;[email protected];pid=0x1658
Sep  6 14:21:36 anis-VM cifs.upcall: ver=2
Sep  6 14:21:36 anis-VM cifs.upcall: host=xxxx.com
Sep  6 14:21:36 anis-VM cifs.upcall: ip=10.130.0.16
Sep  6 14:21:36 anis-VM cifs.upcall: sec=1
Sep  6 14:21:36 anis-VM cifs.upcall: uid=1320813139
Sep  6 14:21:36 anis-VM cifs.upcall: creduid=1320813139
Sep  6 14:21:36 anis-VM cifs.upcall: [email protected]
Sep  6 14:21:36 anis-VM cifs.upcall: pid=5720
Sep  6 14:21:36 anis-VM cifs.upcall: get_cachename_from_process_env: pathname=/proc/5720/environ
Sep  6 14:21:36 anis-VM cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc_1320813139_Ipmgx6
Sep  6 14:21:36 anis-VM cifs.upcall: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1320813139_Ipmgx6
Sep  6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: getting service ticket for xxxx.com
Sep  6 14:21:36 anis-VM cifs.upcall: cifs_krb5_get_req: unable to get credentials for xxxx.com
Sep  6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Sep  6 14:21:36 anis-VM cifs.upcall: ip_to_fqdn: resolved 10.130.0.16 to xxxx.com
Sep  6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: getting service ticket for xxx.com
Sep  6 14:21:36 anis-VM cifs.upcall: cifs_krb5_get_req: unable to get credentials for xxx.com
Sep  6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Sep  6 14:21:36 anis-VM cifs.upcall: Unable to obtain service ticket
Sep  6 14:21:36 anis-VM cifs.upcall: Exit status -1765328377
Sep  6 14:21:36 anis-VM kernel: [ 8682.430729] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed
Sep  6 14:21:36 anis-VM kernel: [ 8682.430771] CIFS: VFS: \\xxx.com Send error in SessSetup = -126
Sep  6 14:21:36 anis-VM kernel: [ 8682.430864] CIFS: VFS: cifs_mount failed w/return code = -126

我尝试了所有方法,但似乎没有任何方法可以解决这个问题,有人能帮我提出一个想法吗?

相关内容