OnCommand Insight 正在向 Active Directory 服务器发出来自同一用户的身份验证请求
适用于
- OnCommand Insight 7.3.8 和 7.3.3 , Linux 安装( OCI ) /Windows 安装( OCI )
- 使用 OCI Java 客户端
- Active Directory 作为 OCI 用户的身份验证服务器
问题
许多身份验证请求从 OCI 服务器发送到 Active Directory 服务器。日志看起来像 Bellow 。
- 在
ldap.log
我们中,几乎每秒都会看到许多错误:
2020-05-13 11:00:40,633 ERROR [default task-5698] ldap (LdapUser.java:666) - Failed to find user:<domain>\<username> url:ldap://<domain>.local
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 ]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 ]
sanscreen-client.log
/.../users/<username>
位于 Windows 目录( OCI Java 客户端从该目录访问 OCI )中的相同时间戳:
2020-05-13 11:00:40,584 ERROR [pool-5-thread-2] com.onaro.sanscreen.client.view.refresh.RefreshManager (RefreshManager.java:294) - Error retrieving refresh data
javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "/compose/UpdateTimeBean", view is interface com.onaro.sanscreen.server.interfaces.remote.UpdateTimeRemote, affinity is URI<remote+https://<Active_Directory_ip>:443>
...
Suppressed: org.jboss.ejb.client.RequestSendFailedException
...
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: Failed to read challenge file [Caused by java.io.FileNotFoundException: \opt\netapp\oci\wildfly\standalone\tmp\auth\local1382964346588876633.challenge (Das System kann den angegebenen Pfad nicht finden)]
PLAIN: javax.security.sasl.SaslException: PLAIN: Server rejected authentication