在Windows上使用kinit失败Kerberos身份验证(错误:网络不可访问)

Question

我在WindowsServer2019VM上运行Active Directory，并且登录到一个Windows 10 VM中，这是域的一部分。

我想使用kinit.exe生成一个Kerberos (由JDK 16提供)

enabled

• Windows
• KDC配置为端口88
• ，UDP和

端口均为服务器，域防火墙关闭

• ，Windows 10域防火墙关闭，
• 认证采用相同的原理工作细

<代码>F 211

问题：

命令提示符

C:\Users\eugen>kinit
Password for eugen@EXAMPLE.COM:
Exception: java.net.SocketException: Network is unreachable: connect
java.io.UncheckedIOException: java.net.SocketException: Network is unreachable: connect
        at java.base/sun.nio.ch.DatagramSocketAdaptor.connect(DatagramSocketAdaptor.java:120)
        at java.base/java.net.DatagramSocket.connect(DatagramSocket.java:341)
        at jdk.naming.dns/com.sun.jndi.dns.DnsClient.doUdpQuery(DnsClient.java:408)
        at jdk.naming.dns/com.sun.jndi.dns.DnsClient.query(DnsClient.java:214)
        at jdk.naming.dns/com.sun.jndi.dns.Resolver.query(Resolver.java:81)
        at jdk.naming.dns/com.sun.jndi.dns.DnsContext.c_getAttributes(DnsContext.java:434)
        at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235)
        at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141)
        at java.naming/com.sun.jndi.toolkit.url.GenericURLDirContext.getAttributes(GenericURLDirContext.java:103)
        at java.security.jgss/sun.security.krb5.KrbServiceLocator.lambda$getKerberosService$1(KrbServiceLocator.java:166)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:865)
        at java.security.jgss/sun.security.krb5.KrbServiceLocator.getKerberosService(KrbServiceLocator.java:164)
        at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1344)
        at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1230)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:216)
        at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:198)
        at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:345)
        at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:498)
        at java.security.jgss/sun.security.krb5.internal.tools.Kinit.acquire(Kinit.java:248)
        at java.security.jgss/sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:134)
        at java.security.jgss/sun.security.krb5.internal.tools.Kinit.main(Kinit.java:96)
Caused by: java.net.SocketException: Network is unreachable: connect
        at java.base/sun.nio.ch.Net.connect0(Native Method)
        at java.base/sun.nio.ch.Net.connect(Net.java:576)
        at java.base/sun.nio.ch.DatagramChannelImpl.connect(DatagramChannelImpl.java:1243)
        at java.base/sun.nio.ch.DatagramSocketAdaptor.connectInternal(DatagramSocketAdaptor.java:91)
        at java.base/sun.nio.ch.DatagramSocketAdaptor.connect(DatagramSocketAdaptor.java:118)
        ... 21 more

我认为问题是请求没有到达服务器。我有什么办法找出这个问题吗？

非常感谢!

Answer 1

我找到了解决问题的办法。

如何确定病因：

运行"ping example.com“将返回以下内容

C:\Users\eugen>ping example.com
       Pinging example.com [12.0.12.200] with 32 bytes of data:    Reply from 12.0.12.200: bytes=32 time<1ms TTL=128 Reply from
   10.0.10.185: bytes=32 time<1ms TTL=128 Reply from 12.0.12.200: bytes=32 time<1ms TTL=128 Reply from 12.0.12.200: bytes=32 time<1ms    TTL=128
       Ping statistics for 12.0.12.200:    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms

但是运行"nslookup example.com“将返回以下内容：

C:\Users\eugen>nslookup example.com
Server:  UnKnown
Address:  2001:477:1a02:1:64ff:fe63:41a9:5600

*** UnKnown can't find example.com: No response from server

^我认为这意味着DNS服务器知道如何将域解析为IPv4地址，而不是它喜欢解析为IPv6的IPv6 和(可能存在一个使其行为像这样的设置)。请指出我逻辑上的任何缺陷。

如何解决这个问题：

转到控制面板->查看网络状态和任务->单击active connection -> Properties ->未选中"Internet版本6(TCP/IPv6 6)“

在此之后，再次运行kinit，我成功地收到了一个TGT。