安装错误（126）：在基于 RedHat 的系统上使用 autofs 时，所需的密钥不可用 CIFS 和 Kerberos 的 autofs

Question

我已使用领域将 RHEL8 系统加入到 Windows 2019 AD。
现在我尝试使用 autofs 从 dfs 共享自动挂载主目录，我的 autofs 文件如下所示：

# cat /etc/auto.master
+auto.master
/mnt/home /etc/auto.home

# cat /etc/auto.home
* -fstype=cifs,vers=3.0,user=$USER,cruid=${UID},sec=krb5,file_mode=0700,dir_mode=0700,uid=${UID},gid="domain users" ://avmdfs01.saas.local/profiles/&

但是当我尝试使用我的 AD 帐户登录时，大多数情况下都没有安装主目录。
我已启用调试日志记录，我可以看到这些日志：
在失败的挂载中，可以清楚地看到 root 用户用于 cruid 和 uid，因此它寻找名为 KEYRING:persistent:0:0 的缓存文件，因此出现错误 Required key not available
但成功挂载后，会使用尝试登录的实际用户。

有什么想法哪里出了问题吗？但同样的配置在 Ubuntu22 上完美运行


Logs from a failed mount
========================
Aug 10 09:15:24 adm-00000399 automount[503920]: handle_packet_missing_indirect: token 8064, name yogendra.mummaneni, request pid 503963  
Aug 10 09:15:24 adm-00000399 automount[503920]: attempting to mount entry /mnt/home/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: lookup_mount: lookup(file): looking up yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: lookup_mount: lookup(file): yogendra.mummaneni -> -fstype=cifs,user=$USER,cruid=${UID},sec=krb5i,file_mode=0700,dir_mode=0700,uid=${UID},gid="domain users" ://avmdfs01.saas.local/profiles/&  
Aug 10 09:15:24 adm-00000399 automount[503920]: parse_mount: parse(sun): expanded entry: -fstype=cifs,user=root,cruid=0,sec=krb5i,file_mode=0700,dir_mode=0700,uid=0,gid="domain users" ://avmdfs01.saas.local/profiles/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: parse_mount: parse(sun): gathered options: fstype=cifs,user=root,cruid=0,sec=krb5i,file_mode=0700,dir_mode=0700,uid=0,gid=domain users
Aug 10 09:15:24 adm-00000399 automount[503920]: parse_mount: parse(sun): dequote("://avmdfs01.saas.local/profiles/yogendra.mummaneni") -> ://avmdfs01.saas.local/profiles/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: parse_mount: parse(sun): core of entry: options=fstype=cifs,user=root,cruid=0,sec=krb5i,file_mode=0700,dir_mode=0700,uid=0,gid=domain users, loc=://avmdfs01.saas.local/profiles/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: sun_mount: parse(sun): mounting root /mnt/home, mountpoint yogendra.mummaneni, what //avmdfs01.saas.local/profiles/yogendra.mummaneni, fstype cifs, options user=root,cruid=0,sec=krb5i,file_mode=0700,dir_mode=0700,uid=0,gid=domain users  
Aug 10 09:15:24 adm-00000399 automount[503920]: do_mount: //avmdfs01.saas.local/profiles/yogendra.mummaneni /mnt/home/yogendra.mummaneni type cifs options user=root,cruid=0,sec=krb5i,file_mode=0700,dir_mode=0700,uid=0,gid=domain users using module generic
Aug 10 09:15:24 adm-00000399 automount[503920]: mount_mount: mount(generic): calling mkdir_path /mnt/home/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: mount(generic): calling mount -t cifs -o user=root,cruid=0,sec=krb5i,file_mode=0700,dir_mode=0700,uid=0,gid=domain users //avmdfs01.saas.local/profiles/yogendra.mummaneni /mnt/home/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=avmdfs01.saas.local;ip4=10.49.10.171;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x7b09f  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: ver=2  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: host=avmdfs01.saas.local  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: ip=10.49.10.171  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: sec=1  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: uid=0  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: creduid=0  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: user=root  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503975]: pid=503967  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: get_cachename_from_process_env: pid == 0  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: get_existing_cc: default ccache is KEYRING:persistent:0:0  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: get_tgt_time: unable to get principal  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: krb5_get_init_creds_keytab: -1765328203  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: handle_krb5_mech: getting service ticket for avmdfs01.saas.local  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: handle_krb5_mech: using GSS-API  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: GSS-API error init_sec_context: Unspecified GSS failure.  Minor code may provide more information  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: GSS-API error init_sec_context: No Kerberos credentials available (default cache: KEYRING:persistent:0)  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: handle_krb5_mech: failed to obtain service ticket via GSS (851968)  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: Unable to obtain service ticket  
Aug 10 09:15:24 adm-00000399 cifs.upcall[503973]: Exit status 851968  
Aug 10 09:15:24 adm-00000399 automount[503920]: >> mount error(126): Required key not available  
Aug 10 09:15:24 adm-00000399 automount[503920]: >> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)  
Aug 10 09:15:24 adm-00000399 automount[503920]: mount(generic): failed to mount   //avmdfs01.saas.local/profiles/yogendra.mummaneni (type cifs) on /mnt/home/yogendra.mummaneni  
Aug 10 09:15:24 adm-00000399 automount[503920]: dev_ioctl_send_fail: token = 8064  
Aug 10 09:15:24 adm-00000399 automount[503920]: failed to mount /mnt/home/yogendra.mummaneni  

Logs from a successful mount  
============================  
Aug 10 09:27:17 adm-00000399 automount[503920]: handle_packet_missing_indirect: token 8146, name yogendra.mummaneni, request pid 504056  
Aug 10 09:27:17 adm-00000399 automount[503920]: attempting to mount entry /mnt/home/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: lookup_mount: lookup(file): looking up yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: lookup_mount: lookup(file): yogendra.mummaneni -> -fstype=cifs,user=$USER,cruid=${UID},sec=krb5i,file_mode=0700,dir_mode=0700,uid=${UID},gid="domain users" ://avmdfs01.saas.local/profiles/&  
Aug 10 09:27:17 adm-00000399 automount[503920]: parse_mount: parse(sun): expanded entry: -fstype=cifs,user=yogendra.mummaneni,cruid=332218943,sec=krb5i,file_mode=0700,dir_mode=0700,uid=332218943,gid="domain users" ://avmdfs01.saas.local/profiles/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: parse_mount: parse(sun): gathered options: fstype=cifs,user=yogendra.mummaneni,cruid=332218943,sec=krb5i,file_mode=0700,dir_mode=0700,uid=332218943,gid=domain users  
Aug 10 09:27:17 adm-00000399 automount[503920]: parse_mount: parse(sun): dequote("://avmdfs01.saas.local/profiles/yogendra.mummaneni") -> ://avmdfs01.saas.local/profiles/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: parse_mount: parse(sun): core of entry: options=fstype=cifs,user=yogendra.mummaneni,cruid=332218943,sec=krb5i,file_mode=0700,dir_mode=0700,uid=332218943,gid=domain users, loc=://avmdfs01.saas.local/profiles/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: sun_mount: parse(sun): mounting root /mnt/home, mountpoint yogendra.mummaneni, what //avmdfs01.saas.local/profiles/yogendra.mummaneni, fstype cifs, options user=yogendra.mummaneni,cruid=332218943,sec=krb5i,file_mode=0700,dir_mode=0700,uid=332218943,gid=domain users  
Aug 10 09:27:17 adm-00000399 automount[503920]: do_mount: //avmdfs01.saas.local/profiles/yogendra.mummaneni /mnt/home/yogendra.mummaneni type cifs options user=yogendra.mummaneni,cruid=332218943,sec=krb5i,file_mode=0700,dir_mode=0700,uid=332218943,gid=domain users using module generic  
Aug 10 09:27:17 adm-00000399 automount[503920]: mount_mount: mount(generic): calling mkdir_path /mnt/home/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: mount(generic): calling mount -t cifs -o user=yogendra.mummaneni,cruid=332218943,sec=krb5i,file_mode=0700,dir_mode=0700,uid=332218943,gid=domain users //avmdfs01.saas.local/profiles/yogendra.mummaneni /mnt/home/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=avmdfs01.saas.local;ip4=10.49.10.171;sec=krb5;uid=0x13cd423f;creduid=0x13cd423f;user=yogendra.mummaneni;pid=0x7b806  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: ver=2  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: host=avmdfs01.saas.local  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: ip=10.49.10.171  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: sec=1  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: uid=332218943  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: creduid=332218943  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: user=yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505866]: pid=505862  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: get_cachename_from_process_env: pathname=/proc/505862/environ  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: get_existing_cc: default ccache is KEYRING:persistent:332218943:krb_ccache_ujV1VaQ  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: handle_krb5_mech: getting service ticket for avmdfs01.saas.local  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: handle_krb5_mech: using native krb5  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: handle_krb5_mech: obtained service ticket  
Aug 10 09:27:17 adm-00000399 cifs.upcall[505865]: Exit status 0  
Aug 10 09:27:17 adm-00000399 automount[503920]: mount_mount: mount(generic): mounted //avmdfs01.saas.local/profiles/yogendra.mummaneni type cifs on /mnt/home/yogendra.mummaneni  
Aug 10 09:27:17 adm-00000399 automount[503920]: dev_ioctl_send_ready: token = 8146  
Aug 10 09:27:17 adm-00000399 automount[503920]: mounted /mnt/home/yogendra.mummaneni

详情如上。

Answer 1

0
投票

可以手动解决吗

kinit

？

安装错误（126）：在基于 RedHat 的系统上使用 autofs 时，所需的密钥不可用 CIFS 和 Kerberos 的 autofs

问题描述投票：0回答：1

1个回答

最新问题

安装错误（126）：在基于 RedHat 的系统上使用 autofs 时，所需的密钥不可用 CIFS 和 Kerberos 的 autofs

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1