跳转到主内容

由于 status_trusted_domain_failure ( 0xc000018c )而引发的 secd.nfsAuth.problem 事件

Views:
14
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>1150375</a><a>1266057</a>
Last Updated:

适用场景

  • ONTAP 9
  • Active Directory 域和信任关系

问题描述

  • 由于EMS中记录的瞬时错误、尝试从UNIX映射到Windows名称时出现NFS授权问题(secd.nfsAuth.problem)
Wed Aug 19 10:55:48 -0400 [CLUSTER-01: secd: secd.nfsAuth.problem:error]: vserver (SVM1) General NFS authorization problem. Error: Get user credentials procedure failed 
  [  0 ms] Determined UNIX id 0 is UNIX user 'root'
  [     0] Trying to map 'root' to Windows user 'root' using implicit mapping
  [     1] Using a cached connection to dc01.domain.local
  [    11] Encountered unknown NT Error (0x103) for SMB command Read
  [   668] Could not find Windows name 'root'
**[   668] FAILURE: Name mapping for UNIX user 'root' failed with transient errors.
  • 域控制器返回status_trusted_domain_failure (0xc000018c)、从而导致SECD 日志出现瞬时情况 
 .------------------------------------------------------------------------------. | RPC FAILURE: | | secd_rpc_auth_get_creds has failed | | Result = 0, RPC Result = 7037 | | RPC received at Wed Aug 19 10:55:48 2020 | |------------------------------------------------------------------------------' Failure Summary: Error: Get user credentials procedure failed [ 0 ms] Determined UNIX id 0 is UNIX user 'root' [ 0] Trying to map 'root' to Windows user 'root' using implicit mapping [ 7] Using a cached connection to dc01.domain.local [ 15] Encountered unknown NT Error (0x103) for SMB command Read [ 259] Could not find Windows name 'root' **[ 259] FAILURE: Name mapping for UNIX user 'root' failed with transient errors. Details: | [000.000.013] debug: Worker Thread 34507218176 processing RPC 153:secd_rpc_auth_get_creds with request ID:8559 which sat in the queue for 0 seconds. { in run() at src/server/secd_rpc_server.cpp:2306 } | [000.000.025] debug: Client IP as found in the request: 10.1.2.100 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1443 } | [000.000.036] debug: Setting thread context. VServerId = 3 (name='SVM1'), Protocol = CIFS, lifId = 0 { in setThreadContext() at src/utils/secd_thread_data_manager.cpp:415 } | [000.000.043] debug: secd_rpc_auth_get_creds_1_svc called with vserverid = 3 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1448 } | [000.000.048] debug: Getting creds for VserverId: 3 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1450 } | [000.000.054] debug: Get creds for UserId= 0 { in getCredsFromUserIdViaLibc() at src/authorization/secd_unix_authorization.cpp:114 } | [000.000.321] debug: Mcached lookup return values for user, group and group membership are 0, 0, 0 { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:717 } | [000.000.327] debug: All the details found in cache { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:720 } | [000.000.338] info : Determined UNIX id 0 is UNIX user 'root' { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1488 } | [000.000.351] debug: Attempting to map name root using the cluster mapping store { in getAppropriateUnixToWindowsMapping() at src/name_mapping/secd_name_mapping.cpp:897 } | [000.000.357] info : Trying to map 'root' to Windows user 'root' using implicit mapping { in getAppropriateUnixToWindowsMapping() at src/name_mapping/secd_name_mapping.cpp:1011 } | [000.000.374] debug: No Domain part in the given Name. root can correspond to a Special NfsV4 sid. { in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:430 } | [000.000.379] debug: root doesn't correspond to a Special NfsV4 Sid. { in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:441 } | [000.000.384] ERR : RESULT_ERROR_SECD_ENTRY_NOT_FOUND:6915 in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:442 | [000.000.421] debug: Not an NfsV4 name { in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:489 } | [000.000.428] ERR : RESULT_ERROR_SECD_ENTRY_NOT_FOUND:6915 in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:490 | [000.000.433] debug: Not an NFSv4 regular name. { in getSidFromName() at src/authorization/secd_cifs_authorization.cpp:291 } | [000.000.447] debug: Looking for LSA cache (key: "domain.local") in vserver 3 { in getConnectionCache() at src/connection_manager/secd_connection_cache.cpp:642 } | [000.000.495] debug: Looking for a connection to LSA for DOMAIN.LOCAL { in getConnection() at src/connection_manager/secd_connection_manager.cpp:606 } | [000.000.500] debug: Acquiring a new LSA connection; favoring cache { in getBestConnection() at src/connection_manager/secd_connection_manager.cpp:808 } | [000.000.523] debug: Looking up SID for Everyone { in lookupName() at src/utils/secd_cifs_utils.cpp:310 } | [000.000.537] debug: Calling LsaLookupNames2... { in lookupName() at src/utils/secd_cifs_utils.cpp:326 } | [000.007.029] debug: LsaLookupNames2 returned NtStatus code: 0x0 { in lookupName() at src/utils/secd_cifs_utils.cpp:346 } | [000.007.036] debug: Found an available connection in the cache { in getBestCachedConnection() at src/connection_manager/secd_connection_cache.cpp:352 } | [000.007.045] info : Using a cached connection to dc01.domain.local { in getBestConnection() at src/connection_manager/secd_connection_manager.cpp:916 } | [000.007.090] debug: Looking up SID for root { in lookupName() at src/utils/secd_cifs_utils.cpp:310 } | [000.007.104] debug: Calling LsaLookupNames2... { in lookupName() at src/utils/secd_cifs_utils.cpp:326 } | [000.015.494] ERR : Encountered unknown NT Error (0x103) for SMB command Read { in LogNtStatusCode() at src/Commands/Commands.cpp:648 } | [000.015.502] ERR : SMB2 response has NT error 0x103 { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:478 } | [000.015.506] debug: SIGNING: The response from the DC is async. NOTE: async responses are not signed. { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:517 } | [000.015.511] info : Async Read response received { in Smb2Read() at src/Smb2/Smb2Read.cpp:281 } | [000.259.769] debug: LsaLookupNames2 returned NtStatus code: 0xc000018c { in lookupName() at src/utils/secd_cifs_utils.cpp:346 } | [000.259.775] debug: LSA returned NT status 0xC000018C, which was converted to result 3 { in convertLsaErrorToResult() at src/include/secd_connection_utils.h:44 } | [000.259.783] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in lookupName() at src/utils/secd_cifs_utils.cpp:422 | [000.259.792] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in getSidFromName() at src/authorization/secd_cifs_authorization.cpp:325 | [000.259.800] info : Could not find Windows name 'root' { in getSidFromName() at src/authorization/secd_cifs_authorization.cpp:354 } | [000.259.849] ERR : Name mapping for UNIX user 'root' failed with transient errors. { in mapUnknownUnixNameToDefaultWindowsUser() at src/name_mapping/secd_name_mapping.cpp:1375 } | [000.259.853] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in mapUnknownUnixNameToDefaultWindowsUser() at src/name_mapping/secd_name_mapping.cpp:1376 | [000.259.859] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in mapNameUnixToWindows() at src/name_mapping/secd_name_mapping.cpp:1549 | [000.259.865] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in mapName() at src/name_mapping/secd_name_mapping.cpp:1617 | [000.259.872] ERR : RESULT_ERROR_SECD_TRANSIENT_MAPPING_FAILURE:7037 in mapName() at src/name_mapping/secd_name_mapping.cpp:1630 | [000.259.879] ERR : RESULT_ERROR_SECD_TRANSIENT_MAPPING_FAILURE:7037 in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1511 | [000.259.905] debug: SecD RPC Server sending reply to RPC 153: secd_rpc_auth_get_creds { in secdSendRpcResponse() at src/server/secd_rpc_server.cpp:2127 } | [000.259.957] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in getFailureCode() at src/utils/secd_thread_task_journal.cpp:348 |------------------------------------------------------------------------------. | RPC completed at Wed Aug 19 10:55:48 2020 | | End of log for failed RPC secd_rpc_auth_get_creds | '------------------------------------------------------------------------------' 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
  • 这篇文章对您有帮助吗?