跳转到主内容

集群模式 Data ONTAP 8.3.x 中无法访问 CIFS 共享

Views:
19
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
cifs
Last Updated:

状态信息

适用于

  • 集群模式 Data ONTAP 8.3
  • OnCommand System Manager ( OCSM )

问题

在以下情形中,存储虚拟机( SVM )上的 CIFS 共享可能无法访问:
  • 在集群模式 Data ONTAP 8.3RC1 上新建 SVM
  • 升级到集群模式 Data ONTAP 8.3 或更高版本

客户端尝试挂载集群模式 Data ONTAP NFS SVM ;但是,运行mount该命令后,客户端控制台挂起。Ctrl+C 可以退出挂起状态,但挂载将失败。如果用户等待一段时间(超过 2 分钟)、则会显示客户端Connection timed out

secd 日志中报告了以下错误信息:

ERR : Error: Acquire UNIX credentials procedure failed
ERR : [ 0 ms] Entry found for group-membership: pcuser using source: FILES
ERR : [ 29] Connecting to NIS server 172.16.29.220
ERR : **[ 31] FAILURE: nscc_conn_connect function returned error: Could not
connect to server
ERR : [ 32] No servers available for NIS, vserver: 3, domain: .
ERR : [ 32] Failed finding entry for group-membership: pcuser using source: NIS.
Returning failure
debug: Logged secd.nfsAuth.noUnixCreds to EMS { in
logEmsEventWithJournalForNfsAuthError()

在这种情况下,可能会报告以下提到的所有三种症状:
  1. SVM NIS 服务器 IP 与 Windows Active Directory 域控制器 IP 匹配。

    Microsoft "Server for NIS" services are NOT being used.

    ::> vserver services nis-domain show
    NIS
    Vserver Domain Active Server
    ------------- ------------------- ------ ------------------------------------
    SVM2 my.company true 172.16.29.220
    ::> vserver cifs domain discovered-servers show
    Node: node-01
    Vserver: SVM2
    Domain Name Type Preference DC-Name DC-Address Status
    --------------- -------- ---------- --------------- --------------- ---------
    my.company
    KERBEROS favored w2k12r2dc1 172.16.29.220 OK
    my.company
    MS-LDAP favored w2k12r2dc1 172.16.29.220 OK
    my.company

  2. SVM 的 NS-Switch 将在组数据库中包含 NIS 。
    ::> vserver services name-service ns-switch show
    Source
    Vserver Database Order
    --------------- ------------ ---------
    SVM2 hosts dns, files
    SVM2 group files, nis
    SVM2 passwd files, nis
    SVM2 netgroup files, nis
    SVM2 namemap files

     
  3. 使用支持 8.3GA 之前的 Data ONTAP 的 OnCommand System Manager 版本创建的任何 SVM ,在 SVM 创建期间仅选择 NFS 协议或 CIFS 和 NFS 协议、默认 NIS 设置不变、 将导致“ ns-switch ”(包括 NIS )作为组、密码和 netgroup 检查的源。SVM 还将使用 Microsoft Windows Active Directory 域控制器 IP 地址配置为 Active NIS 服务器 IP 。因此,升级到集群模式 Data ONTAP 8.3RC1 或更高版本后、可能无法访问所有 CIFS 共享。

事件日志报告以下错误消息:
12/19/2015 13:51:02 cm2552a-cn-01    WARNING       exports.anoncred.anonToCred: Cannot retrieve credentials for "-anon" of "0" on Vserver "vs1" on node cm2552a-cn-01.
12/19/2015 13:51:02 cm2552a-cn-01    WARNING       exports.anoncred.userToCred: Cannot retrieve credentials for user ID "0" on Vserver "vs1" on node cm2552a-cn-01.
12/19/2015 13:51:02 cm2552a-cn-01    WARNING       secd.nfsAuth.noUnixCreds: Vserver "vs1" cannot determine UNIX identity. Error: Acquire UNIX credentials procedure failed
  [  2 ms] Entry found for group-membership: root using source: FILES
  [     3] Connecting to NIS server 10.128.239.164
**[  3007] FAILURE: nscc_conn_connect function returned error: Could not connect to server
  [  3008] No servers available for NIS, vserver: 7, domain: .
  [  3008] Failed finding entry for group-membership: root using source: NIS. Returning failure
12/19/2015 13:51:02 cm2552a-cn-01    ERROR         secd.nis.connectFailure: vserver (vs1) could not make a connection over the network to NIS server (10.128.239.164) at address (10.128.239.164) and received error (Could not connect to server)

数据包跟踪还将确认 NIS 服务器没有响应控制器的查询。

10148691-1.jpg

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device