[英]Kerberos CLIENT_NOT_FOUND while logon from WinXP to Ubuntu16.04 Samba Domain
由于Samba完全有能力替代Active Directory,因此我计划为学校网络进行设置(使用旧的XP和Win7客户端)。 我从Ubuntu 16.04 LTS存储库安装了所有软件包。
设置服务器效果很好,但是通过WinXP加入域后,我无法登录:“找不到用户名或域”。
/var/log/auth.log
Mar 26 14:41:39 server krb5kdc[967]: AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.0.103: CLIENT_NOT_FOUND: chrglo@FSG for krbtgt/FSG@FSG, Client not found in Kerberos database
Mar 26 14:41:39 server krb5kdc[967]: DISPATCH: repeated (retransmitted?) request from 192.168.0.103, resending previous response
但是帐户chrglo存在于Kerberos中:
fsgadmin@server:~$ kinit chrglo
Password for chrglo@FSG.LAN:
fsgadmin@server:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: chrglo@FSG.LAN
Valid starting Expires Service principal
26.03.2018 14:43:42 27.03.2018 00:43:42 krbtgt/FSG.LAN@FSG.LAN
renew until 27.03.2018 14:43:39`
我尝试了几种(!)Google搜索结果来处理各种(但不完全相同)此类问题。 但是他们都没有帮助。
这是我的Kerberos配置:
/etc/krb5.conf
[libdefaults]
default_realm = FSG.LAN
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FSG.LAN = {
kdc = server.fsg:88
admin_server = server.fsg:749
default_domain = FSG
}
[domain_realm]
.fsg.lan = FSG.LAN
fsg.lan = FSG.LAN
[logging]
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmin.log
default = FILE:/var/log/kerberos/krb5lib.log
和我的Samba配置:
/etc/samba/smb.conf
[global]
workgroup = FSG
realm = FSG.LAN
netbios name = SERVER
server role = active directory domain controller
dns forwarder = 192.168.0.254
idmap_ldb:use rfc2307 = yes
这是XP客户端(服务器和客户端都在VirtualBox中运行)的一些屏幕截图:客户端已添加到域中,并提供使用该域的登录名,但是在(先前注意到的)错误消息后停止。
有谁知道我在哪里搞砸配置?
格洛克
/ EDIT:为了提供更多信息:DHCP是通过外部设备完成的。
/ etc / hosts
127.0.0.1 localhost localhost.fsg
192.168.0.250 server.fsg server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
/ EDIT2:请求的ipconfig / ifconfig:
在服务器上:
fsgadmin@server:~$ ifconfig
enp0s3 Link encap:Ethernet Hardware Adresse 08:00:27:ef:bc:56
inet Adresse:192.168.0.250 Bcast:192.168.0.255 Maske:255.255.255.0
inet6-Adresse: fe80::a00:27ff:feef:bc56/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:154 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:82 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX-Bytes:18341 (18.3 KB) TX-Bytes:11263 (11.2 KB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX-Pakete:650 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:650 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1
RX-Bytes:52072 (52.0 KB) TX-Bytes:52072 (52.0 KB)
此外 :当客户端加入域时,服务器上正在发生一些auth.log(加入时我使用了Samba内置的Administrator帐户信息):
Apr 10 16:11:54 server krb5kdc[1037]: AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.0.235: CLIENT_NOT_FOUND: Administrator@fsg.lan for krbtgt/fsg.lan@fsg.lan, Client not found in Kerberos database
Apr 10 16:11:54 server krb5kdc[1037]: DISPATCH: repeated (retransmitted?) request from 192.168.0.235, resending previous response
Apr 10 16:11:54 server krb5kdc[1037]: AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.0.235: CLIENT_NOT_FOUND: Administrator@fsg.lan for krbtgt/fsg.lan@fsg.lan, Client not found in Kerberos database
Apr 10 16:11:54 server krb5kdc[1037]: DISPATCH: repeated (retransmitted?) request from 192.168.0.235, resending previous response
Apr 10 16:11:54 server krb5kdc[1037]: AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.0.235: CLIENT_NOT_FOUND: Administrator@fsg.lan for krbtgt/fsg.lan@fsg.lan, Client not found in Kerberos database
Apr 10 16:11:54 server krb5kdc[1037]: DISPATCH: repeated (retransmitted?) request from 192.168.0.235, resending previous response
Apr 10 16:11:54 server krb5kdc[1037]: AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.0.235: CLIENT_NOT_FOUND: Administrator@fsg.lan for krbtgt/fsg.lan@fsg.lan, Client not found in Kerberos database
Apr 10 16:11:54 server krb5kdc[1037]: DISPATCH: repeated (retransmitted?) request from 192.168.0.235, resending previous response
同样,将东西记录到samba / log.samba
[2018/04/10 16:13:45.999444, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
[2018/04/10 16:13:46.002791, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 621, in <module>
[2018/04/10 16:13:46.006441, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: get_credentials(lp)
[2018/04/10 16:13:46.006826, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials
[2018/04/10 16:13:46.006930, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: raise e
[2018/04/10 16:13:46.007037, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: RuntimeError: kinit for SERVER$@FSG.LAN failed (Cannot contact any KDC for requested realm)
[2018/04/10 16:13:46.007099, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate:
[2018/04/10 16:13:46.021901, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED
解决的问题:samba提供了自己的kerberos管理服务器-无需自己安装:S
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.