ONTAP 升级后、如果SVM使用不正确的LIF连接到名称服务器(DNS/DC/LDAP)、则无法访问CIFS共享
适用场景
ONTAP 9.2及更高版本
问题描述
- 升级ONTAP 后、无法使用Windows客户端的IP地址访问CIFS共享、并且SVM上的DNS检查也会失败。
- SVM具有多个LIF (每个LIF位于不同网络上)、并且为两个LIF配置的默认路由具有相同的度量指标。
- 在SVM中存在的多个LIF中、仅允许一个LIF与网络中的DNS/LDAP/DC服务器进行通信。
- 事件日志指示连接到DNS和LDAP失败、并显示错误"Operational timed out "。
- 由于存储无法联系DNS来发现域控制器来对用户进行身份验证、因此CIFS身份验证失败。
- 日志
7/11/2022 10:20:26 node-02 ERROR secd.cifsAuth.problem: vserver (vserver1) General CIFS authentication problem. Error: User authentication procedure failedCIFS SMB1 Share mapping - Client Ip = 10.1.10.x[ 0 ms] Login attempt by domain user 'Domain/user1' using NTLMv2 style security[ 2003] TCP connection to ip 10.1.2.x, port 389 failed: Operation timed out.[ 2003] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server[ 4004] TCP connection to ip 10.1.2.x, port 389 failed: Operation timed out.[ 4004] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server[ 6005] TCP connection to ip 10.1.2.x, port 389 failed: Operation timed out.[ 6005] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server[ 8009] Failed to connect to 10.1.2.x for DNS via Source Address 10.1.1.x: Operation timed out[ 9010] Failed to connect to 10.1.2.x for DNS via Source Address 10.1.1.x: Operation timed out**[ 9012] FAILURE: Unable to contact DNS to discover domain controllers.[ 9013] Unable to make a connection (NetLogon:DOMAIN.COM), result: 6812[ 9015] CIFS authentication failed[ 9015] Retry requested, but the retry window (7000 ms) has expired; giving up.