在向CIFS共享添加安全组时、无法解析名为"域/组"的帐户的SID
适用场景
ONTAP 9
问题描述
添加域组/用户以共享存储上的ACL时观察到错误:
::*> cifs share access-control create -share cifstest -user-or-group Test\group1234 -user-group-type windows -permission Full_Control
Error: command failed: Failed to resolve the security identifier (SID) for the account named "Test\group1234". Reason: Object name either does not exist or could not be resolved using the available servers. Check the event log for additional information.
EMS
可能会指出 无法访问域名服务(DNS)来发现域控制器或域控制器未响应请求等问题。
Wed Jan 08 01:05:20 -0100 [hostname: secd: secd.unexpectedFailure:debug]: vserver (vserver) Unexpected failure.
Error: Lookup of CIFS account name procedure failed
[ 5 ms] Failed to connect to 10.1.1.2 for DNS via Source Address 10.3.3.3: No route to host
[ 5] Failed to connect to 10.2.3.4 for DNS via Source Address 10.3.3.3: No route to host
[ 5] Failed to connect to 10.1.3.5 for DNS via Source Address 10.3.3.3: No route to host
**[ 5] FAILURE: Unable to contact DNS to discover domain controllers.
[ 5] Unable to make a connection (LSA:DOMAIN.COM), result: 6812
[ 5] Could not find Windows name 'DOMAIN\GROUP NAME'
[ 5] CIFS name lookup failed
4/5/2022 06:59:02 hostname: 02 ERROR secd.cifsAuth.problem: vserver (svm_euw4asv001clu) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.120.1.1
[ 0 ms] Login attempt by domain user 'EU\user1' using NTLMv2 style security
[ 2011] TCP connection to ip 10.5.38.39, port 445 failed: Operation timed out.
[ 2011] Unable to connect to NetLogon service on euiadvs01.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
[ 4019] TCP connection to ip 10.30.0.217, port 445 failed: Operation timed out.
[ 4019] Unable to connect to NetLogon service on grcorvs101.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
[ 6030] TCP connection to ip 10.30.0.220, port 445 failed: Operation timed out.
[ 6030] Unable to connect to NetLogon service on grcorvs001.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
[ 8041] TCP connection to ip 10.31.1.43, port 445 failed: Operation timed out.
[ 8041] Unable to connect to NetLogon service on nlrtmvs001.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
**[ 8041] FAILURE: Unable to make a connection (NetLogon:EU.BM.NET), result: 6942
[ 8041] CIFS authentication failed
[ 8041] Retry requested, but the retry window (7000 ms) has expired; giving up.
- 当存储发送组名称查找时、数据包跟踪显示DC响应为status_none_mapped。
No Source Destination Protocol String Info
2310 10.216.41.154 10.216.41.30 LSARPC naslab\group1234 lsa_LookupNames2 request
2314 10.216.41.30 10.216.41.154 LSARPC NASLAB lsa_LookupNames2 response, STATUS_NONE_MAPPED, Error: STATUS_NONE_MAPPED