跳转到主内容

在向CIFS共享添加安全组时、无法解析名为"域/组"的帐户的SID

Views:
63
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用场景

ONTAP 9

问题描述

添加域组/用户以共享存储上的ACL时观察到错误:

::*> cifs share access-control create -share cifstest -user-or-group Test\group1234 -user-group-type windows -permission Full_Control

Error: command failed: Failed to resolve the security identifier (SID) for the account named "Test\group1234". Reason: Object name either does not exist or could not be resolved using the available servers. Check the event log for additional information.

  • EMS 可能会指出 无法访问域名服务(DNS)来发现域控制器或域控制器未响应请求等问题。

​​​Wed Jan 08 01:05:20 -0100 [hostname: secd: secd.unexpectedFailure:debug]: vserver (vserver) Unexpected failure. 
Error: Lookup of CIFS account name procedure failed   
[  5 ms] Failed to connect to 10.1.1.2 for DNS via Source Address 10.3.3.3: No route to host   
[    5] Failed to connect to 10.2.3.4 for DNS via Source Address 10.3.3.3: No route to host   
[    5] Failed to connect to 10.1.3.5 for DNS via Source Address 10.3.3.3: No route to host 
**[    5] FAILURE: Unable to contact DNS to discover domain controllers.   
[    5] Unable to make a connection (LSA:DOMAIN.COM), result: 6812    
[    5] Could not find Windows name 'DOMAIN\GROUP NAME'   
[    5] CIFS name lookup failed 

4/5/2022 06:59:02   hostname: 02 ERROR      secd.cifsAuth.problem: vserver (svm_euw4asv001clu) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.120.1.1
  [  0 ms] Login attempt by domain user 'EU\user1' using NTLMv2 style security
  [  2011] TCP connection to ip 10.5.38.39, port 445 failed: Operation timed out.
  [  2011] Unable to connect to NetLogon service on euiadvs01.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  4019] TCP connection to ip 10.30.0.217, port 445 failed: Operation timed out.
  [  4019] Unable to connect to NetLogon service on grcorvs101.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  6030] TCP connection to ip 10.30.0.220, port 445 failed: Operation timed out.
  [  6030] Unable to connect to NetLogon service on grcorvs001.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  8041] TCP connection to ip 10.31.1.43, port 445 failed: Operation timed out.
  [  8041] Unable to connect to NetLogon service on nlrtmvs001.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
**[  8041] FAILURE: Unable to make a connection (NetLogon:EU.BM.NET), result: 6942
  [  8041] CIFS authentication failed
  [  8041] Retry requested, but the retry window (7000 ms) has expired; giving up.

  • 当存储发送组名称查找时、数据包跟踪显示DC响应为status_none_mapped。

No        Source         Destination    Protocol  String            Info
2310    10.216.41.154   10.216.41.30    LSARPC    naslab\group1234    lsa_LookupNames2 request
2314    10.216.41.30    10.216.41.154   LSARPC    NASLAB              lsa_LookupNames2 response, STATUS_NONE_MAPPED, Error: STATUS_NONE_MAPPED

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.