我正在尝试使用 Kerberos 身份验证在 Ubuntu 上挂载共享,使用 AD 帐户登录后,klist
输出以下内容
Ticket cache: FILE:/tmp/krb5cc_1320813139_Ipmgx6
Default principal: [email protected]
Valid starting Expires Service principal
06.09.2022 14:15:58 07.09.2022 00:15:58 krbtgt/[email protected]
renew until 07.09.2022 14:15:58
我还可以使用 列出股票smbclient -k -L XXXX.com
。
我正在使用这个脚本来进行安装:
#!/bin/bash
user=$(whoami)
cruid=$(whoami)
gid=$(id -g $user)
uid=$(id -u $user)
sudo mkdir /home/test
sudo mount --verbose -t cifs -o user=$user,cruid=$user,sec=krb5,gid=$gid,uid=$uid,vers=3.0 //XXX.com/XXXX /home/test
它输出以下错误::q
mount error(126): Required key not available
以下是/var/log/syslog
Sep 6 14:21:36 anis-VM kernel: [ 8682.404967] CIFS: Attempting to mount \\XXX.com\XXX
Sep 6 14:21:36 anis-VM cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=XXX.com;ip4=10.130.0.16;sec=krb5;uid=0x4eba0253;creduid=0x4eba0253;[email protected];pid=0x1658
Sep 6 14:21:36 anis-VM cifs.upcall: ver=2
Sep 6 14:21:36 anis-VM cifs.upcall: host=xxxx.com
Sep 6 14:21:36 anis-VM cifs.upcall: ip=10.130.0.16
Sep 6 14:21:36 anis-VM cifs.upcall: sec=1
Sep 6 14:21:36 anis-VM cifs.upcall: uid=1320813139
Sep 6 14:21:36 anis-VM cifs.upcall: creduid=1320813139
Sep 6 14:21:36 anis-VM cifs.upcall: [email protected]
Sep 6 14:21:36 anis-VM cifs.upcall: pid=5720
Sep 6 14:21:36 anis-VM cifs.upcall: get_cachename_from_process_env: pathname=/proc/5720/environ
Sep 6 14:21:36 anis-VM cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc_1320813139_Ipmgx6
Sep 6 14:21:36 anis-VM cifs.upcall: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1320813139_Ipmgx6
Sep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: getting service ticket for xxxx.com
Sep 6 14:21:36 anis-VM cifs.upcall: cifs_krb5_get_req: unable to get credentials for xxxx.com
Sep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Sep 6 14:21:36 anis-VM cifs.upcall: ip_to_fqdn: resolved 10.130.0.16 to xxxx.com
Sep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: getting service ticket for xxx.com
Sep 6 14:21:36 anis-VM cifs.upcall: cifs_krb5_get_req: unable to get credentials for xxx.com
Sep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Sep 6 14:21:36 anis-VM cifs.upcall: Unable to obtain service ticket
Sep 6 14:21:36 anis-VM cifs.upcall: Exit status -1765328377
Sep 6 14:21:36 anis-VM kernel: [ 8682.430729] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed
Sep 6 14:21:36 anis-VM kernel: [ 8682.430771] CIFS: VFS: \\xxx.com Send error in SessSetup = -126
Sep 6 14:21:36 anis-VM kernel: [ 8682.430864] CIFS: VFS: cifs_mount failed w/return code = -126
我尝试了所有方法,但似乎没有任何方法可以解决这个问题,有人能帮我提出一个想法吗?