跳转到主内容

CONTAP-155703:由于端口 389 上的套接字泄漏,SecD 变得无响应

Views:
2
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

问题描述

  • 在某些罕见情况下,由于系统中缺少用于 LDAP startTLS 端口 389 连接的文件描述符,安全后台程序 (SecD) 可能会变得无响应。
  • 仅当发现多个 CIFS 受信任域时,才会看到此问题。
  • 无法访问受信任域环境中的所有 CIFS 共享
    ::> cifs domain trusts show -vserver SVM

  • EMS 日志:

[node-01: secd: secd.cifsAuth.problem:error]: vserver (<vserver_name>) 常规 CIFS 身份验证问题。
错误:用户身份验证过程失败 CIFS SMB2 共享映射 - 客户端 Ip = 1.22.333.444
[ 0 ms] 域用户 'domain\user' 使用 NTLMv2 样式安全登录尝试
[ 0] 无法连接到 domain.com 上的 NetLogon 服务(错误:RESULT_ERROR_SPINCLIENT_SOCKET_CONNECT_ERROR)
[ 0] 没有可用于 MS_NETLOGON 的服务器,vserver:8,domain:dom.com **
[ 0] 失败:无法建立连接(NetLogon:DOMAIN.COM),
结果:RESULT_ERROR_SECD_NO_SERVER_AVAILABLE [ 0] CIFS 身份验证失败
  • SECD 日志:
    无法打开文件:/mroot/etc/cluster_config/vserver/.vserver_<number>/config/name_services//etc/resolv.conf错误:打开的文件太多

错误:错误!!!套接字错误:打开的文件太多 { in DisplayPerror() at src/Support/CustomErrors.cpp:56 }
错误:ldapSaslBindGssapi:Kerberos 错误:'打开的文件太多'
  • 其他症状在 EMS 中:

secd.dns.srv.lookup.failed: DNS 服务器无法为 vserver (<SVM>) 查找服务 (_ldap._tcp.dc._msdcs.ds.domain.com),出现错误(无此类进程)
secd.dns.srv.lookup.failed:error]: DNS 服务器无法为 vserver (SVM_ontap) 查找服务 (_ldap._tcp.domain._sites.corp.domain.com),出现错误(打开的文件太多)。
未能将 RPC 客户端句柄创建到 MGWD:127.0.0.1:RPC:远程地址未知
无法连接到 <domain controller> 上的 NetLogon 服务(错误:RESULT_ERROR_SECD_COULD_NOT_CREATE_RPC_HANDLE_TO_MGWD)

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.