在Arch Linux上安装带有远程共享的DFS文件系统
在Arch Linux上安装带有远程共享的DFS文件系统
提问于 2019-03-20 07:38:10
我的笔记本电脑加入了AAA领域。有两个DFS命名空间服务器,它们也是带有Win Server 2012 R2的AD DC。NAS是启用CIFS /域连接的Synology服务器。
服务器:
- dc1.domain1.local - ip 10.8.0.3
- dc2.domain1.local - ip 10.8.0.27
- nas1.domain1.local - ip 10.8.0.7
- 本地- 10.91.0.2
直到最近所有的设置都是有效的。(不知道发生了什么,内核升级?或Windows更新)。
[sssd]
domains = domain1.local
config_file_version = 2
services = nss, pam
[domain/domain1.local]
ad_domain = domain1.local
krb5_realm = DOMAIN1.LOCAL
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
enumerate = True
id_provider = ad
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
krb5_lifetime = 1h
krb5_renewable_lifetime = 1d
krb5_renew_interval = 60s
ldap_id_mapping = True
krb5_store_password_if_offline = Trueincludedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
clockskew = 300
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}/etc/请求-key.d/cifs.spnego.conf
create cifs.spnego * * /usr/bin/cifs.upcall -t %k我正在尝试使用
mount -t cifs -o sec=krb5,user=$USER,cruid=$USER,uid=$USER //dc1.domain1.local/namespace1 /mnt/mp1我可以去/mnt/mp1。但是我不能访问//dc1.domain1.local/Nampace1/share1这样的东西,它位于Synology服务器(/mnt/mp1/share1)上。
在安装期间登录膝上型计算机:
[ 54.894236] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[ 55.036042] CIFS VFS: Autodisabling the use of server inode numbers on new server.
[ 55.036046] CIFS VFS: The server doesn't seem to support them properly or the files might be on different servers (DFS).
[ 55.036049] CIFS VFS: Hardlinks will not be recognized on this mount. Consider mounting with the "noserverino" option to silence this message.当输入/mnt/mp1/share1时,我得到:
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=DC1.domain.local;ip4=10.8.0.7;sec=krb5;uid=0x460c22f4;creduid=0x460c22f4;user=admin;pid=0x923
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: ver=2
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: host=DC1.domain1.local
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: ip=10.8.0.7
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: sec=1
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: uid=1175200500
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: creduid=1175200500
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: user=admin
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: pid=2339
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: get_cachename_from_process_env: pathname=/proc/2339/environ
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: get_cachename_from_process_env: cachename = KEYRING:persistent:1175200500
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: get_existing_cc: default ccache is KEYRING:persistent:1175200500:krb_ccache_s3dU4cx
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: handle_krb5_mech: getting service ticket for server.poznan.tbhydro.net
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: handle_krb5_mech: obtained service ticket
mar 20 08:05:57 LAPTOP.DOMAIN1.LOCAL cifs.upcall[14414]: Exit status 0请注意,它正在为不同的主机要求票证,它是为IP地址解析的。(10.8.0.7为宿主nas1.domain1.local)。
在nas1.domain1.localsamba日志上:
../source3/lib/access.c:338: [2019/03/20 08:08:50.530826, all 3, pid=26839] allow_access
Allowed connection from 10.91.0.2 (10.91.0.2)
../source3/smbd/oplock.c:1323: [2019/03/20 08:08:50.530929, locking 3, pid=26839] init_oplocks
init_oplocks: initializing messages.
../source3/smbd/process.c:1975: [2019/03/20 08:08:50.530968, all 3, pid=26839] process_smb
Transaction 0 of length 196 (0 toread)
../source3/smbd/smb2_negprot.c:281: [2019/03/20 08:08:50.531044, all 3, pid=26839] smbd_smb2_request_process_negprot
Selected protocol SMB3_11
../source3/auth/auth_generic.c:246: [2019/03/20 08:08:50.531084, all 3, pid=26839] auth_generic_prepare
make_auth_context_subsystem [NT_STATUS_OK]
../source3/auth/auth_generic.c:377: [2019/03/20 08:08:50.531400, all 3, pid=26839] auth_generic_prepare
gensec_set_remote_address: [NT_STATUS_OK]
../source3/smbd/smb2_server.c:2687: [2019/03/20 08:08:50.558318, all 3, pid=26839] smbd_smb2_request_dispatch
SMB2: cmd=SMB2_OP_NEGPROT [NT_STATUS_OK]
../source3/smbd/smb2_sesssetup.c:811: [2019/03/20 08:08:50.572723, all 3, pid=26839] smbd_smb2_session_setup_send
in_session_id 0
../source3/auth/auth_generic.c:246: [2019/03/20 08:08:50.572850, all 3, pid=26839] auth_generic_prepare
make_auth_context_subsystem [NT_STATUS_OK]
../source3/auth/auth_generic.c:377: [2019/03/20 08:08:50.572870, all 3, pid=26839] auth_generic_prepare
gensec_set_remote_address: [NT_STATUS_OK]
../source3/smbd/smb2_sesssetup.c:866: [2019/03/20 08:08:50.572877, all 3, pid=26839] smbd_smb2_session_setup_send
auth_generic_prepare [NT_STATUS_OK]
../source3/smbd/smb2_server.c:2687: [2019/03/20 08:08:50.572918, all 3, pid=26839] smbd_smb2_request_dispatch
SMB2: cmd=SMB2_OP_SESSSETUP [NT_STATUS_OK]
../source3/librpc/crypto/gse.c:503: [2019/03/20 08:08:50.599304, all 1, pid=26839] gse_get_server_auth_token
gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/dc1.domain1.local@DOMAIN1.LOCAL(kvno 76) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
../auth/gensec/spnego.c:544: [2019/03/20 08:08:50.599342, all 1, pid=26839] gensec_spnego_parse_negTokenInit
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
../auth/gensec/spnego.c:719: [2019/03/20 08:08:50.599360, all 2, pid=26839] gensec_spnego_server_negTokenTarg
SPNEGO login failed: NT_STATUS_LOGON_FAILURE
../auth/gensec/gensec.c:476: [2019/03/20 08:08:50.599370, all 3, pid=26839] gensec_update_async_trigger
gensec_update [NT_STATUS_LOGON_FAILURE]
../source3/smbd/smb2_server.c:3111: [2019/03/20 08:08:50.599393, all 3, pid=26839] smbd_smb2_request_error_ex
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:136知道在哪里找答案吗?
回答 1
Server Fault用户
发布于 2019-05-08 07:19:01
上次我在Ubuntu16.04.6文件服务器上看到这个错误,Samba包在4月自动更新到4.3.11+dfsg-0ubuntu0.16.04.19。Win10客户端停止使用服务器进行身份验证,并停止使用类似的错误消息(未能在Samba服务器日志中的keytab MEMORY:cifs_srv_keytab中找到cifs/nas.mydomain.local@MYDOMAIN.LOCAL(kvno x) )。我的设置与你的有很多共同之处,一个服务器2016 AD DC,Ubuntu16.04.6 Samba NAS,Windows客户端。错误的不同之处在于,在我的例子中,列出了我的文件服务器,而不是在您的情况下的DC。通过将NAS上的Samba包降级为以前的版本(4.3.11+dfsg-0ubuntu0.16.04.17)解决了问题。
似乎您至少必须尝试检查Samba组件的更新日志,首先在NAS上,然后在膝上型计算机上,然后检查是否将其降级到以前的版本中才能解决问题。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/959073
复制相关文章
相似问题
腾讯云开发者
