CentOS 6.8 + Samba4 + Kerberos: nenhum cache de credenciais encontrado

1

Estou tentando liberar um servidor usando CentOS 6.8 + Samba4 (Winbind - LDAP + Kerberos) + NSS .

Consegui ingressar no domínio, mas ainda recebo esta mensagem de aviso / erro:

[root@snfs2 ~]# net ads join -U myuser
Enter myuser's password:
***gss_init_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: No credentials cache found]***
Using short domain name -- MYDOMAIN
Joined 'SNFS2' to dns domain 'MYDOMAIN.com'

O Kerberos entrega o ticket normalmente:

[root@snfs2 ~]# kinit myuser
Password for [email protected]: 
[root@snfs2 ~]# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting     Expires            Service principal
07/13/16 12:44:49  07/13/16 22:44:51  krbtgt/[email protected]
    renew until 07/13/16 22:44:49

Abaixo, você pode encontrar meu conteúdo de configuração:

[root@snfs2 ~]# cat /etc/samba/smb.conf

#####################
## GLOBAL SETTINGS ##
#####################
[global]
   workgroup = MYDOMAIN
   realm = MYDOMAIN.COM
   security = ads
   server string = snfs2.MYDOMAIN.com
   server max protocol = SMB3
   encrypt passwords = true
   unix extensions = false
   client use spnego = true

   ## winbind
   winbind use default domain = true
   winbind offline logon = false
   winbind cache time = 300
   winbind nested groups = true
   winbind enum users = true
   winbind enum groups = true
   winbind refresh tickets = true
   winbind nss info = rfc2307
   winbind rpc only = false   

   idmap config * : range = 16777216-33554431
   ## idmap config MYDOMAIN ##
   idmap config MYDOMAIN : backend = nss
   idmap config MYDOMAIN : schema_mode = rfc2307
   idmap config MYDOMAIN : range = 1000-999999
   idmap config MYDOMAIN : readonly = true

   ## logging
   log file = /var/log/samba/log.%m
   max log size = 2000
   log level = 2
   syslog only = true

   ## printers
   load printers = no
   printcap = /dev/null
   disable spoolss = yes

[root@snfs2 ~]# net ads testjoin 
gss_init_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: No credentials cache found]
Join is OK

[root@snfs2 ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
# Note: Heimdal 1.3.1 deprecated DES encryption which is required for A'D authentication before Windows Server 2008.
allow_weak_crypto = true

[realms]
MYDOMAIN.COM = {
kdc = MYDOMAIN1.MYDOMAIN.com:88
kdc = MYDOMAIN2.MYDOMAIN.com:88
admin_server = MYDOMAIN1.MYDOMAIN.com:749
}

[domain_realm]
MYDOMAIN.com = MYDOMAIN.COM
.MYDOMAIN.com = MYDOMAIN.COM

nsswitch.conf 

passwd:     files ldap
shadow:     files ldap
group:      files ldap

Alguém tem alguma idéia do que está causando esta mensagem?

    
por Ygor Thomaz 13.07.2016 / 19:01

0 respostas