跳转到主内容

NetApp_Insight_2020.png 

集群模式 Data ONTAP 8.3.x 中无法访问 CIFS 共享

Views:
5
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
cifs
Last Updated:

状态信息

适用于

  • 集群模式 Data ONTAP 8.3
  • OnCommand System Manager ( OCSM )

问题

在以下情形中,存储虚拟机( SVM )上的 CIFS 共享可能无法访问:
  • 在集群模式 Data ONTAP 8.3RC1 上新建 SVM
  • 升级到集群模式 Data ONTAP 8.3 或更高版本

客户端尝试挂载集群模式 Data ONTAP NFS SVM ;但是,运行mount该命令后,客户端控制台挂起。Ctrl+C 可以退出挂起状态,但挂载将失败。如果用户等待一段时间(超过 2 分钟)、则会显示客户端Connection timed out

secd 日志中报告了以下错误信息:

ERR : Error: Acquire UNIX credentials procedure failed
ERR : [ 0 ms] Entry found for group-membership: pcuser using source: FILES
ERR : [ 29] Connecting to NIS server 172.16.29.220
ERR : **[ 31] FAILURE: nscc_conn_connect function returned error: Could not
connect to server
ERR : [ 32] No servers available for NIS, vserver: 3, domain: .
ERR : [ 32] Failed finding entry for group-membership: pcuser using source: NIS.
Returning failure
debug: Logged secd.nfsAuth.noUnixCreds to EMS { in
logEmsEventWithJournalForNfsAuthError()

在这种情况下,可能会报告以下提到的所有三种症状:
  1. SVM NIS 服务器 IP 与 Windows Active Directory 域控制器 IP 匹配。

    Microsoft "Server for NIS" services are NOT being used.

    ::> vserver services nis-domain show
    NIS
    Vserver Domain Active Server
    ------------- ------------------- ------ ------------------------------------
    SVM2 my.company true 172.16.29.220
    ::> vserver cifs domain discovered-servers show
    Node: node-01
    Vserver: SVM2
    Domain Name Type Preference DC-Name DC-Address Status
    --------------- -------- ---------- --------------- --------------- ---------
    my.company
    KERBEROS favored w2k12r2dc1 172.16.29.220 OK
    my.company
    MS-LDAP favored w2k12r2dc1 172.16.29.220 OK
    my.company

  2. SVM 的 NS-Switch 将在组数据库中包含 NIS 。
    ::> vserver services name-service ns-switch show
    Source
    Vserver Database Order
    --------------- ------------ ---------
    SVM2 hosts dns, files
    SVM2 group files, nis
    SVM2 passwd files, nis
    SVM2 netgroup files, nis
    SVM2 namemap files

     
  3. 使用支持 8.3GA 之前的 Data ONTAP 的 OnCommand System Manager 版本创建的任何 SVM ,在 SVM 创建期间仅选择 NFS 协议或 CIFS 和 NFS 协议、默认 NIS 设置不变、 将导致“ ns-switch ”(包括 NIS )作为组、密码和 netgroup 检查的源。SVM 还将使用 Microsoft Windows Active Directory 域控制器 IP 地址配置为 Active NIS 服务器 IP 。因此,升级到集群模式 Data ONTAP 8.3RC1 或更高版本后、可能无法访问所有 CIFS 共享。

事件日志报告以下错误消息:
12/19/2015 13:51:02 cm2552a-cn-01    WARNING       exports.anoncred.anonToCred: Cannot retrieve credentials for "-anon" of "0" on Vserver "vs1" on node cm2552a-cn-01.
12/19/2015 13:51:02 cm2552a-cn-01    WARNING       exports.anoncred.userToCred: Cannot retrieve credentials for user ID "0" on Vserver "vs1" on node cm2552a-cn-01.
12/19/2015 13:51:02 cm2552a-cn-01    WARNING       secd.nfsAuth.noUnixCreds: Vserver "vs1" cannot determine UNIX identity. Error: Acquire UNIX credentials procedure failed
  [  2 ms] Entry found for group-membership: root using source: FILES
  [     3] Connecting to NIS server 10.128.239.164
**[  3007] FAILURE: nscc_conn_connect function returned error: Could not connect to server
  [  3008] No servers available for NIS, vserver: 7, domain: .
  [  3008] Failed finding entry for group-membership: root using source: NIS. Returning failure
12/19/2015 13:51:02 cm2552a-cn-01    ERROR         secd.nis.connectFailure: vserver (vs1) could not make a connection over the network to NIS server (10.128.239.164) at address (10.128.239.164) and received error (Could not connect to server)

数据包跟踪还将确认 NIS 服务器没有响应控制器的查询。

10148691-1.jpg

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support