CentOS 6.8 + Samba4 + Kerberos: 자격 증명 캐시를 찾을 수 없습니다.

CentOS 6.8 + Samba4 + Kerberos: 자격 증명 캐시를 찾을 수 없습니다.

‍++ 게시 서버를 사용하려고 합니다 CentOS 6.8.Samba4 (Winbind - LDAP + Kerberos)NSS

도메인에 가입할 수 있지만 여전히 다음 경고/오류 메시지가 나타납니다.

[root@snfs2 ~]# net ads join -U myuser
Enter myuser's password:
***gss_init_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: No credentials cache found]***
Using short domain name -- MYDOMAIN
Joined 'SNFS2' to dns domain 'MYDOMAIN.com'

Kerberos는 일반적으로 티켓을 전달합니다.

[root@snfs2 ~]# kinit myuser
Password for [email protected]: 
[root@snfs2 ~]# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting     Expires            Service principal
07/13/16 12:44:49  07/13/16 22:44:51  krbtgt/[email protected]
    renew until 07/13/16 22:44:49

아래에서 내 구성 내용을 찾을 수 있습니다.

[root@snfs2 ~]# cat /etc/samba/smb.conf

#####################
## GLOBAL SETTINGS ##
#####################
[global]
   workgroup = MYDOMAIN
   realm = MYDOMAIN.COM
   security = ads
   server string = snfs2.MYDOMAIN.com
   server max protocol = SMB3
   encrypt passwords = true
   unix extensions = false
   client use spnego = true

   ## winbind
   winbind use default domain = true
   winbind offline logon = false
   winbind cache time = 300
   winbind nested groups = true
   winbind enum users = true
   winbind enum groups = true
   winbind refresh tickets = true
   winbind nss info = rfc2307
   winbind rpc only = false   

   idmap config * : range = 16777216-33554431
   ## idmap config MYDOMAIN ##
   idmap config MYDOMAIN : backend = nss
   idmap config MYDOMAIN : schema_mode = rfc2307
   idmap config MYDOMAIN : range = 1000-999999
   idmap config MYDOMAIN : readonly = true

   ## logging
   log file = /var/log/samba/log.%m
   max log size = 2000
   log level = 2
   syslog only = true

   ## printers
   load printers = no
   printcap = /dev/null
   disable spoolss = yes

[root@snfs2 ~]# net ads testjoin 
gss_init_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: No credentials cache found]
Join is OK

[root@snfs2 ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
# Note: Heimdal 1.3.1 deprecated DES encryption which is required for A`D authentication before Windows Server 2008.
allow_weak_crypto = true

[realms]
MYDOMAIN.COM = {
kdc = MYDOMAIN1.MYDOMAIN.com:88
kdc = MYDOMAIN2.MYDOMAIN.com:88
admin_server = MYDOMAIN1.MYDOMAIN.com:749
}

[domain_realm]
MYDOMAIN.com = MYDOMAIN.COM
.MYDOMAIN.com = MYDOMAIN.COM

nsswitch.conf 

passwd:     files ldap
shadow:     files ldap
group:      files ldap

이 메시지의 원인을 아는 사람이 있습니까?

관련 정보