我在Windows Server 2019虚拟机上运行Active Directory,并登录到作为域一部分的Windows 10虚拟机。
我想使用kinit.exe(JDK16提供(生成Kerberos TGT
- KDC配置为端口88
- UDP和TCP端口都已启用
- Windows Server域防火墙已关闭
- Windows 10域防火墙已关闭
- 使用相同主体的LDAP身份验证工作正常
问题:
【命令提示】
C:Userseugen>kinit
Password for eugen@EXAMPLE.COM:
Exception: java.net.SocketException: Network is unreachable: connect
java.io.UncheckedIOException: java.net.SocketException: Network is unreachable: connect
at java.base/sun.nio.ch.DatagramSocketAdaptor.connect(DatagramSocketAdaptor.java:120)
at java.base/java.net.DatagramSocket.connect(DatagramSocket.java:341)
at jdk.naming.dns/com.sun.jndi.dns.DnsClient.doUdpQuery(DnsClient.java:408)
at jdk.naming.dns/com.sun.jndi.dns.DnsClient.query(DnsClient.java:214)
at jdk.naming.dns/com.sun.jndi.dns.Resolver.query(Resolver.java:81)
at jdk.naming.dns/com.sun.jndi.dns.DnsContext.c_getAttributes(DnsContext.java:434)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141)
at java.naming/com.sun.jndi.toolkit.url.GenericURLDirContext.getAttributes(GenericURLDirContext.java:103)
at java.security.jgss/sun.security.krb5.KrbServiceLocator.lambda$getKerberosService$1(KrbServiceLocator.java:166)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:865)
at java.security.jgss/sun.security.krb5.KrbServiceLocator.getKerberosService(KrbServiceLocator.java:164)
at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1344)
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1230)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:216)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:198)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:345)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:498)
at java.security.jgss/sun.security.krb5.internal.tools.Kinit.acquire(Kinit.java:248)
at java.security.jgss/sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:134)
at java.security.jgss/sun.security.krb5.internal.tools.Kinit.main(Kinit.java:96)
Caused by: java.net.SocketException: Network is unreachable: connect
at java.base/sun.nio.ch.Net.connect0(Native Method)
at java.base/sun.nio.ch.Net.connect(Net.java:576)
at java.base/sun.nio.ch.DatagramChannelImpl.connect(DatagramChannelImpl.java:1243)
at java.base/sun.nio.ch.DatagramSocketAdaptor.connectInternal(DatagramSocketAdaptor.java:91)
at java.base/sun.nio.ch.DatagramSocketAdaptor.connect(DatagramSocketAdaptor.java:118)
... 21 more
我认为问题是请求没有到达服务器。有什么关于我如何识别问题的想法吗?
非常感谢!
我找到了问题的解决方案。
如何确定原因:
正在运行";ping example.com";会退回这个
C:Userseugen>ping example.com
Pinging example.com [12.0.12.200] with 32 bytes of data: Reply from 12.0.12.200: bytes=32 time<1ms TTL=128 Reply from
10.0.10.185: bytes=32 time<1ms TTL=128 Reply from 12.0.12.200: bytes=32 time<1ms TTL=128 Reply from 12.0.12.200: bytes=32 time<1ms TTL=128
Ping statistics for 12.0.12.200: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
但是运行";nslookup example.com";会返回这个:
C:Userseugen>nslookup example.com
Server: UnKnown
Address: 2001:477:1a02:1:64ff:fe63:41a9:5600
*** UnKnown can't find example.com: No response from server
^我认为这意味着DNS服务器知道如何将域解析为IPv4地址,而不是它更喜欢解析为IPv6的IPv6and(也许有一个设置可以使其表现为这样(。请指出我逻辑上的任何缺陷。
问题是如何解决的:
转到控制面板->查看网络状态和任务->单击活动连接->属性->未选中";互联网协议版本6(TCP/IPv6(
在这之后,再次运行激肽,我成功地接受了TGT。