linux – 来自AD PDC的kerberos cifs多用户安装

我可以在服务器上以root身份获取用户kerberos票证,并使用kerberos安装目录而不会出现任何问题.但我不希望以用户身份挂载目录,它应该作为多用户挂载,并且可供服务器上的所有用户访问.

也许这只是一个关于理解的一般性问题,也许你可以纠正我这里的错误.

>多用户安装服务器需要来自DC的密钥表(cts / samba.domain的ktpass导出)
> Samba使用此密钥表安装DC共享多用户
> Winbind / kerberos针对DC对用户进行身份验证并发出票证
>用户可以使用他的票证访问共享

我在DC上导出了一个keytab文件,并将其作为全局keytab文件/etc/krb5.keytab

root@remote:/etc# klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 cifs/remote.mbeya.domain@MBEYA.domain (des-cbc-md5)

但我仍然无法挂载目录,因为密钥不可用
mount error(126)：必需的密钥不可用

syslog告诉我这个：

May 17 11:37:22 remote cifs.upcall: key description: cifs.spnego;0;0;3f000000;ver=0x2;host=nina.mbeya.domain.org;ip4=10.10.10.17;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x599b
May 17 11:37:22 remote cifs.upcall: ver=2
May 17 11:37:22 remote cifs.upcall: host=nina.mbeya.domain.org
May 17 11:37:22 remote cifs.upcall: ip=10.10.10.17
May 17 11:37:22 remote cifs.upcall: sec=1
May 17 11:37:22 remote cifs.upcall: uid=0
May 17 11:37:22 remote cifs.upcall: creduid=0
May 17 11:37:22 remote cifs.upcall: user=root
May 17 11:37:22 remote cifs.upcall: pid=22939
May 17 11:37:22 remote cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_1000
May 17 11:37:22 remote cifs.upcall: find_krb5_cc: /tmp/krb5cc_1000 is owned by 1000,not 0
May 17 11:37:22 remote cifs.upcall: krb5_get_init_creds_keytab: -1765328378
May 17 11:37:22 remote cifs.upcall: handle_krb5_mech: getting service ticket for cifs/nina.mbeya.domain.org
May 17 11:37:22 remote cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
May 17 11:37:22 remote cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)
May 17 11:37:22 remote cifs.upcall: handle_krb5_mech: getting service ticket for host/nina.mbeya.domain.org
May 17 11:37:22 remote cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
May 17 11:37:22 remote cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)

我很感激对此的任何意见.

谢谢