CONTP-155703：由于端口389发生套接字泄漏、SecD变得无响应

问题描述

In certain rare conditions, Security Daemon (SecD) might become unresponsive due to shortage of file descriptors in the system for LDAP startTLS port 389 connections.
This issue will be seen only if multiple CIFS trusted domains are being discovered.
Cannot access all CIFS shares in a Trusted Domain environment
::> cifs domain trusts show -vserver SVM
EMS logs:
[node-01: secd: secd.cifsAuth.problem:error]: vserver (<vserver_name>) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 1.22.333.444 [ 0 ms] Login attempt by domain user 'domain\user' using NTLMv2 style security [ 0] Unable to connect to NetLogon service on domain.com (Error: RESULT_ERROR_SPINCLIENT_SOCKET_CONNECT_ERROR) [ 0] No servers available for MS_NETLOGON, vserver: 8, domain: dom.com ** [ 0] FAILURE: Unable to make a connection (NetLogon:DOMAIN.COM), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE [ 0] CIFS authentication failed
SECD logs:
Failed to open file: /mroot/etc/cluster_config/vserver/.vserver_<number>/config/name_services//etc/resolv.conf. Error: Too many open files ERR : Error!!! Socket Error: Too many open files { in DisplayPerror() at src/Support/CustomErrors.cpp:56 } ERR : ldapSaslBindGssapi: Kerberos Error: 'Too many open files'
Other symptoms are in EMS:
secd.dns.srv.lookup.failed: DNS server failed to look up service (_ldap._tcp.dc._msdcs.ds.domain.com) for vserver (<SVM>) with error (No such process) secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.domain._sites.corp.domain.com) for vserver (SVM_ontap) with error (Too many open files). Failed to create RPC client handle to MGWD: 127.0.0.1: RPC: Remote address unknown Unable to connect to NetLogon service on <domain controller> (Error: RESULT_ERROR_SECD_COULD_NOT_CREATE_RPC_HANDLE_TO_MGWD)