linux sssd加入AD域 Key table file ‘/etc/krb5.keytab‘ not found

行吟诗人

已于 2023-03-24 14:19:18 修改

阅读量1k

点赞数

分类专栏： Linux开发 Ad域文章标签： linux 服务器

于 2023-03-24 14:15:48 首次发布

本文链接：https://blog.csdn.net/qq331565760/article/details/129749608

版权

Linux开发同时被 2 个专栏收录

4 篇文章 0 订阅

订阅专栏

Ad域

1 篇文章 0 订阅

订阅专栏

参考这篇通过sssd 和realm 加入ad域

ubuntu加入Windows的AD域(使用SSSD和Realm的方式)_realm: 无法加入领域: necessary packages are not installe_「已注销」的博客-CSDN博客

linux 通过sssd加入AD域，相关教程都很多，但是启动sssd进程都报错

Key table file '/etc/krb5.keytab' not found

error reading keytab file krb5.keytab

或者

(2023-03-24 0:27:43): [be[ug-ads.local]] [server_setup] (0x0040): Starting with debug level = 0x0070
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed: Key table file '/etc/krb5.keytab' not found
(2023-03-24 0:27:43): [be[ug-ads.local]] [select_principal_from_keytab] (0x0010): Failed to read keytab [FILE:/etc/krb5.keytab]: No suitable principal found in keytab
(2023-03-24 0:27:43): [be[ug-ads.local]] [ad_set_sdap_options] (0x0040): Cannot set the SASL-related options
(2023-03-24 0:27:43): [be[ug-ads.local]] [sssm_ad_init] (0x0020): Unable to init AD id options
(2023-03-24 0:27:43): [be[ug-ads.local]] [dp_module_run_constructor] (0x0010): Module [ad] constructor failed [1432158217]: No suitable principal found in keytab
(2023-03-24 0:27:43): [be[ug-ads.local]] [dp_load_module] (0x0020): Unable to create DP module.
(2023-03-24 0:27:43): [be[ug-ads.local]] [dp_target_init] (0x0010): Unable to load module ad
(2023-03-24 0:27:43): [be[ug-ads.local]] [dp_load_targets] (0x0020): Unable to load target [id] [80]: Accessing a corrupted shared library.
(2023-03-24 0:27:43): [be[ug-ads.local]] [dp_init_done] (0x0020): Unable to initialize DP targets [1432158209]: Internal Error

类似的错误，基本没有解答

看到一个正确答案：这是没有 /etc/krb5.keytab 导致

linux - error reading keytab file krb5.keytab - Server Fault

需要生成这个文件

net ads keytab create -U administrator

Samba的配置加入如下配置

security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind nss info = rfc2307
winbind trusted domains only = no
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes

重启sssd服务和samba服务即可