我有一个脚本尝试在cifs连接 VPN 时安装共享(在我已经登录到桌面之后 - 因此发出了 kerberos 票证)。在里面 :
/etc/NetworkManager/dispatcher.d/
#!/bin/bash
INTERFACE="$1"
STATUS="$2"
if [ "$STATUS" = "up" ]; then
if [ "$INTERFACE" = "vpn0" -o "$INTERFACE" = "cscotun0" ]; then
mount /home/eekfonky/homeDrive
fi
fi
它失败并出现以下错误/var/syslog:
dispatcher: (82) zz-mount-dfs failed (failed): Script '/etc/NetworkManager/dispatcher.d/zz-mount-dfs' exited with error status 32.
脚本是 root:root 具有 755 权限
然而,如果我运行命令:
mount /home/eekfonky/homeDrive
从我的用户或作为根用户它工作正常。
/etc/fstab以供参考:
# Active Directory Home Folder
//ant/home/ad-dir/eekfonky /home/eekfonky/homeDrive cifs x-systemd.device-timeout=15,cruid=eekfonky,sec=krb5,noauto,users,noserverino,vers=2.1,rw 0 0
编辑:启用日志记录后,我发现了这个;
$ sudo dmesg
[ 576.237469] audit: type=1400 audit(1575188953.283:35): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/sys/devices/virtual/net/vpn0/type" pid=1600 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 576.239247] audit: type=1400 audit(1575188953.287:36): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/sys/devices/virtual/net/vpn0/type" pid=1600 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 576.916780] /build/linux-WKYm23/linux-4.15.0/fs/cifs/cifsfs.c: Devname: //ant/home/ad-dir/eekfonky flags: 0
[ 576.916803] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: Username: root
[ 576.919659] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: file mode: 0x1ed dir mode: 0x1ed
[ 576.919662] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
[ 576.919663] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: UNC: \\ant\home
[ 576.919677] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: Socket created
[ 576.919679] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
[ 577.116792] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: Demultiplex PID: 10008
[ 577.116794] /build/linux-WKYm23/linux-4.15.0/fs/cifs/fscache.c: cifs_fscache_get_client_cookie: (0x00000000ddc65715/0x00000000371ab3e3)
[ 577.116797] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
[ 577.116798] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: Existing smb sess not found
[ 577.116803] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2pdu.c: Negotiate protocol
[ 577.116808] /build/linux-WKYm23/linux-4.15.0/fs/cifs/transport.c: Sending smb: smb_len=102
[ 577.314065] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: RFC1002 header 0xf8
[ 577.314072] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2misc.c: smb2_check_message length: 0xfc, smb_buf_length: 0xf8
[ 577.314074] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2misc.c: SMB2 data length 120 offset 128
[ 577.314076] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2misc.c: SMB2 len 252
[ 577.314087] /build/linux-WKYm23/linux-4.15.0/fs/cifs/transport.c: cifs_sync_mid_result: cmd=0 mid=0 state=4
[ 577.314089] /build/linux-WKYm23/linux-4.15.0/fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
[ 577.314091] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2pdu.c: mode 0x1
[ 577.314092] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2pdu.c: negotiated smb2.1 dialect
[ 577.314095] /build/linux-WKYm23/linux-4.15.0/fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[ 577.314096] /build/linux-WKYm23/linux-4.15.0/fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[ 577.314097] /build/linux-WKYm23/linux-4.15.0/fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
[ 577.314097] /build/linux-WKYm23/linux-4.15.0/fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
[ 577.314098] /build/linux-WKYm23/linux-4.15.0/fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[ 577.314100] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: Security Mode: 0x1 Capabilities: 0x300007 TimeAdjust: 0
[ 577.314100] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2pdu.c: Session Setup
[ 577.314101] /build/linux-WKYm23/linux-4.15.0/fs/cifs/smb2pdu.c: sess setup type 5
[ 577.314105] /build/linux-WKYm23/linux-4.15.0/fs/cifs/cifs_spnego.c: key description = ver=0x2;host=ant;ip4=10.1.103.201;sec=krb5;uid=0x0;creduid=0x25a9dede;user=root;pid=0x26fe
[ 577.342612] CIFS VFS: Send error in SessSetup = -126
[ 577.342617] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -126
[ 577.342620] /build/linux-WKYm23/linux-4.15.0/fs/cifs/fscache.c: cifs_fscache_release_client_cookie: (0x00000000ddc65715/0x00000000371ab3e3)
[ 577.342625] /build/linux-WKYm23/linux-4.15.0/fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -126
[ 577.342625] CIFS VFS: cifs_mount failed w/return code = -126
[ 577.412402] audit: type=1400 audit(1575188954.459:37): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/run/systemd/users/631889630" pid=10027 comm="krb5_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 577.582719] audit: type=1400 audit(1575188954.631:38): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/krb5/plugins/authdata/sssd_pac_plugin.so" pid=10027 comm="krb5_child" requested_mask="m" denied_mask="m" fsuid=631889630 ouid=0
[ 577.614868] audit: type=1400 audit(1575188954.663:39): apparmor="ALLOWED" operation="exec" profile="/usr/sbin/sssd" name="/usr/sbin/adcli" pid=10043 comm="sssd_be" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/sssd//null-/usr/sbin/adcli"
[ 577.615669] audit: type=1400 audit(1575188954.663:40): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/sssd//null-/usr/sbin/adcli" name="/var/log/sssd/ldap_child.log" pid=10043 comm="adcli" requested_mask="a" denied_mask="a" fsuid=0 ouid=0
[ 577.615672] audit: type=1400 audit(1575188954.663:41): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/sssd//null-/usr/sbin/adcli" name="/var/log/sssd/krb5_child.log" pid=10043 comm="adcli" requested_mask="a" denied_mask="a" fsuid=0 ouid=0
[ 577.615673] audit: type=1400 audit(1575188954.663:42): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/sssd//null-/usr/sbin/adcli" name="/var/log/sssd/gpo_child.log" pid=10043 comm="adcli" requested_mask="a" denied_mask="a" fsuid=0 ouid=0
[ 577.615969] audit: type=1400 audit(1575188954.663:43): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/sbin/adcli" name="/usr/sbin/adcli" pid=10043 comm="adcli" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
[ 577.615972] audit: type=1400 audit(1575188954.663:44): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/sbin/adcli" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=10043 comm="adcli" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
一种可能性是挂载发生得太快,因此您可以尝试以下操作:
然而,网络管理器可能会杀死一个运行时间过长的脚本,这样您就可以分离一个正在睡觉的孩子并让父母立即退出:
内容
sleepmount:如果任一方案适用于睡眠 30 秒,则开始将睡眠时间减半,直到它再次中断。然后从那里增加睡眠时间,直到它再次起作用。
编辑:
_netdev需要/etc/fstab来自Amazon Elastic File System 用户指南:
问题是 Kerberos 票证的所有权。当您
cifs通过命令行以 user 身份安装驱动程序时eekfonky,它可以工作,因为 Kerberos 票证与用户匹配。如果您尝试在root失败时安装它。对于root用户,我的意思是不是sudo!/etc/NetworkManager/dispatcher.d/使用正确的用户调整脚本,它应该可以工作:好的,事实证明调度程序不携带 kerberos 凭据,因此我必须
KRB5CCNAME在脚本中导出环境变量。所以现在看起来像;这就像一个魅力:-)