跳转到主内容

节点加入现有集群后、登录到用户创建的SP管理员帐户失败、权限被拒绝

Views:
5
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

适用场景

ONTAP 9.9.1

问题描述

  • 用户在集群中创建了一个管理员角色SP帐户、该帐户可以从集群中的节点登录:

                      Vserver: cluster-01
      User Name or Group Name: fasadmin
                  Application: service-processor
        Authentication Method: password
     Remote Switch IP Address: -
                    Role Name: admin
               Account Locked: no
                 Comment Text: -
      Whether Ns-switch Group: no
Second Authentication Method2: none

  • 新节点加入当前集群后、即使在节点重新启动后、它们也无法登录到SP帐户:

[~]$ ssh fasadmin@10.xxx.xx.185
The authenticity of host '10.xxx.xx.185(10.xxx.xx.185)' can't be established.
ECDSA key fingerprint is SHA256:+xANMpHpDEQoLmhd0Kmi1AW2PwHeI5daI3znYbr+2eM.
ECDSA key fingerprint is MD5:8e:37:01:73:xx:xx:xx:xx:xx:xx:xx:7c:1c:bd:f7:5b.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/server-admins/.ssh/known_hosts).
admin@10.xxx.xx.185'>fasadmin@10.xxx.xx.185's password:

Permission denied, please try again.

  • 所有节点均可登录到默认SP管理员帐户:

[ ~]$ ssh admin@10.xxx.xx.185
The authenticity of host '10.xxx.xx.185(10.xxx.xx.185)' can't be established.
ECDSA key fingerprint is SHA256:+xANMpHpDEQoLmhd0Kmi1AW2PwHeI5daI3znYbr+2eM.
ECDSA key fingerprint is MD5:8e:37:01:73:xx:xx:xx:xx:xx:xx:xx:7c:1c:bd:f7:5b.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/server-admins/.ssh/known_hosts).
SP new-node-01>     

  • SP-LATEST-SYSLOGSP-DEBUG-MLOG-TXT.GZ 显示SP帐户配置文件同步失败:

cat /var/log/authlog.1 /var/log/authlog | tail -c 20480
========================================================
Aug  3 14:16:05 (none) sshd[2020]: Invalid user fasadmin from 10.xxx.xx.37 port 56708
Aug  3 14:16:07 (none) sshd[2020]: Failed none for invalid user fasadmin from 10.xxx.xx.37 port 56708 ssh2
Aug  3 14:16:22 (none) sshd[2020]: Failed password for invalid user fasadmin from 10.xxx.xx.37 port 56708 ssh2

2022-08-03 11:20:09.826 [sp_config_0] [rlm_push_config]: sending cluster user refresh command
2022-08-03 11:20:09.826 [sp_config_0] [sp_user_mgmt:info]: sp_cluster_user_update: op 3; action 7 6-update 7-refresh
2022-08-03 11:20:09.826 [sp_config_0] [sp_configd:info]: request queued: cmd 0xb
2022-08-03 11:20:09.826 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_cluster_usr_mgmt_process_msg: received SP_CLUSTER_USER_REFRESH
2022-08-03 11:20:09.826 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_get_cluster_usr_lst: userprofile_all_retry_cnt 10
2022-08-03 11:20:09.826 [sp_configd_pq] [sp_configd:info]: request sent: cmd 0xb
2022-08-03 11:20:09.829 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_get_cluster_usr_lst: Unable to get next [entry doesn't exist]; err 4; userCount 0
2022-08-03 11:20:09.829 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:error]: sp_get_cluster_usr_lst: rpc_error rtn; user count 0

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.