由于 status_trusted_domain_failure ( 0xc000018c )而引发的 secd.nfsAuth.problem 事件
- Views:
- 14
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-9
- Specialty:
- nas<a>1150375</a><a>1266057</a>
- Last Updated:
适用场景
- ONTAP 9
- Active Directory 域和信任关系
问题描述
- 由于EMS中记录的瞬时错误、尝试从UNIX映射到Windows名称时出现NFS授权问题(secd.nfsAuth.problem)
Wed Aug 19 10:55:48 -0400 [CLUSTER-01: secd: secd.nfsAuth.problem:error]: vserver (SVM1) General NFS authorization problem. Error: Get user credentials procedure failed
[ 0 ms] Determined UNIX id 0 is UNIX user 'root'
[ 0] Trying to map 'root' to Windows user 'root' using implicit mapping
[ 1] Using a cached connection to dc01.domain.local
[ 11] Encountered unknown NT Error (0x103) for SMB command Read
[ 668] Could not find Windows name 'root'
**[ 668] FAILURE: Name mapping for UNIX user 'root' failed with transient errors.
- 域控制器返回status_trusted_domain_failure (0xc000018c)、从而导致SECD 日志出现瞬时情况
.------------------------------------------------------------------------------. | RPC FAILURE: | | secd_rpc_auth_get_creds has failed | | Result = 0, RPC Result = 7037 | | RPC received at Wed Aug 19 10:55:48 2020 | |------------------------------------------------------------------------------' Failure Summary: Error: Get user credentials procedure failed [ 0 ms] Determined UNIX id 0 is UNIX user 'root' [ 0] Trying to map 'root' to Windows user 'root' using implicit mapping [ 7] Using a cached connection to dc01.domain.local [ 15] Encountered unknown NT Error (0x103) for SMB command Read [ 259] Could not find Windows name 'root' **[ 259] FAILURE: Name mapping for UNIX user 'root' failed with transient errors. Details: | [000.000.013] debug: Worker Thread 34507218176 processing RPC 153:secd_rpc_auth_get_creds with request ID:8559 which sat in the queue for 0 seconds. { in run() at src/server/secd_rpc_server.cpp:2306 } | [000.000.025] debug: Client IP as found in the request: 10.1.2.100 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1443 } | [000.000.036] debug: Setting thread context. VServerId = 3 (name='SVM1'), Protocol = CIFS, lifId = 0 { in setThreadContext() at src/utils/secd_thread_data_manager.cpp:415 } | [000.000.043] debug: secd_rpc_auth_get_creds_1_svc called with vserverid = 3 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1448 } | [000.000.048] debug: Getting creds for VserverId: 3 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1450 } | [000.000.054] debug: Get creds for UserId= 0 { in getCredsFromUserIdViaLibc() at src/authorization/secd_unix_authorization.cpp:114 } | [000.000.321] debug: Mcached lookup return values for user, group and group membership are 0, 0, 0 { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:717 } | [000.000.327] debug: All the details found in cache { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:720 } | [000.000.338] info : Determined UNIX id 0 is UNIX user 'root' { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1488 } | [000.000.351] debug: Attempting to map name root using the cluster mapping store { in getAppropriateUnixToWindowsMapping() at src/name_mapping/secd_name_mapping.cpp:897 } | [000.000.357] info : Trying to map 'root' to Windows user 'root' using implicit mapping { in getAppropriateUnixToWindowsMapping() at src/name_mapping/secd_name_mapping.cpp:1011 } | [000.000.374] debug: No Domain part in the given Name. root can correspond to a Special NfsV4 sid. { in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:430 } | [000.000.379] debug: root doesn't correspond to a Special NfsV4 Sid. { in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:441 } | [000.000.384] ERR : RESULT_ERROR_SECD_ENTRY_NOT_FOUND:6915 in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:442 | [000.000.421] debug: Not an NfsV4 name { in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:489 } | [000.000.428] ERR : RESULT_ERROR_SECD_ENTRY_NOT_FOUND:6915 in handleNfsV4NameToSid() at src/authorization/secd_cifs_authorization.cpp:490 | [000.000.433] debug: Not an NFSv4 regular name. { in getSidFromName() at src/authorization/secd_cifs_authorization.cpp:291 } | [000.000.447] debug: Looking for LSA cache (key: "domain.local") in vserver 3 { in getConnectionCache() at src/connection_manager/secd_connection_cache.cpp:642 } | [000.000.495] debug: Looking for a connection to LSA for DOMAIN.LOCAL { in getConnection() at src/connection_manager/secd_connection_manager.cpp:606 } | [000.000.500] debug: Acquiring a new LSA connection; favoring cache { in getBestConnection() at src/connection_manager/secd_connection_manager.cpp:808 } | [000.000.523] debug: Looking up SID for Everyone { in lookupName() at src/utils/secd_cifs_utils.cpp:310 } | [000.000.537] debug: Calling LsaLookupNames2... { in lookupName() at src/utils/secd_cifs_utils.cpp:326 } | [000.007.029] debug: LsaLookupNames2 returned NtStatus code: 0x0 { in lookupName() at src/utils/secd_cifs_utils.cpp:346 } | [000.007.036] debug: Found an available connection in the cache { in getBestCachedConnection() at src/connection_manager/secd_connection_cache.cpp:352 } | [000.007.045] info : Using a cached connection to dc01.domain.local { in getBestConnection() at src/connection_manager/secd_connection_manager.cpp:916 } | [000.007.090] debug: Looking up SID for root { in lookupName() at src/utils/secd_cifs_utils.cpp:310 } | [000.007.104] debug: Calling LsaLookupNames2... { in lookupName() at src/utils/secd_cifs_utils.cpp:326 } | [000.015.494] ERR : Encountered unknown NT Error (0x103) for SMB command Read { in LogNtStatusCode() at src/Commands/Commands.cpp:648 } | [000.015.502] ERR : SMB2 response has NT error 0x103 { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:478 } | [000.015.506] debug: SIGNING: The response from the DC is async. NOTE: async responses are not signed. { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:517 } | [000.015.511] info : Async Read response received { in Smb2Read() at src/Smb2/Smb2Read.cpp:281 } | [000.259.769] debug: LsaLookupNames2 returned NtStatus code: 0xc000018c { in lookupName() at src/utils/secd_cifs_utils.cpp:346 } | [000.259.775] debug: LSA returned NT status 0xC000018C, which was converted to result 3 { in convertLsaErrorToResult() at src/include/secd_connection_utils.h:44 } | [000.259.783] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in lookupName() at src/utils/secd_cifs_utils.cpp:422 | [000.259.792] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in getSidFromName() at src/authorization/secd_cifs_authorization.cpp:325 | [000.259.800] info : Could not find Windows name 'root' { in getSidFromName() at src/authorization/secd_cifs_authorization.cpp:354 } | [000.259.849] ERR : Name mapping for UNIX user 'root' failed with transient errors. { in mapUnknownUnixNameToDefaultWindowsUser() at src/name_mapping/secd_name_mapping.cpp:1375 } | [000.259.853] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in mapUnknownUnixNameToDefaultWindowsUser() at src/name_mapping/secd_name_mapping.cpp:1376 | [000.259.859] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in mapNameUnixToWindows() at src/name_mapping/secd_name_mapping.cpp:1549 | [000.259.865] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in mapName() at src/name_mapping/secd_name_mapping.cpp:1617 | [000.259.872] ERR : RESULT_ERROR_SECD_TRANSIENT_MAPPING_FAILURE:7037 in mapName() at src/name_mapping/secd_name_mapping.cpp:1630 | [000.259.879] ERR : RESULT_ERROR_SECD_TRANSIENT_MAPPING_FAILURE:7037 in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1511 | [000.259.905] debug: SecD RPC Server sending reply to RPC 153: secd_rpc_auth_get_creds { in secdSendRpcResponse() at src/server/secd_rpc_server.cpp:2127 } | [000.259.957] ERR : RESULT_ERROR_GENERAL_FAILURE:3 in getFailureCode() at src/utils/secd_thread_task_journal.cpp:348 |------------------------------------------------------------------------------. | RPC completed at Wed Aug 19 10:55:48 2020 | | End of log for failed RPC secd_rpc_auth_get_creds | '------------------------------------------------------------------------------'