第三方防火墙正在阻止 Active Directory 上的端口 389 和 445
适用于
- ONTAP 9
- SMB/CIFS
- Microsoft Active Directory (AD)
问题描述
- 当尝试联系 AD 服务器时,AD 会在尝试连接到端口 389 或 445 时关闭连接。
- 设置 prefdc 失败:
Cluster1::*> vserver cifs domain preferred-dc add -vserver svm -domain demo.netapp.com -preferred-dc 192.1xx.1x.x2 Error: command failed: Invalid domain controller 192.1xx.1x.x2
- 这可以通过跟踪看到:
- 在日志中也观察到:
[Node1: secd: secd.conn.auth.failure:debug]: Vserver (svm1) could not make a connection over the network to server (ip 10.1.2.123, port 445). Error: Operation timed out ().
[Node1: secd: secd.lsa.noServers:debug]: None of the LSA servers configured for Vserver (svm1) are currently accessible via the network.
[Cluster01-01: secd: secd.cifsAuth.problem:error]: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 10.1.1.2
[ 0 ms] Login attempt by domain user 'NetApp\bob' using NTLMv2 style security
[ 0] Using a cached connection to DC1.NetApp.com
[ 26] Authentication failed with DC DC1. Not retriable. (Status: 0xc0000064)
[ 27] Unable to find the NetBIOS domain name for Active Directory '.' **
[ 27] FAILURE: CIFS authentication failed
[ 2125] TCP connection to ip 10.10.10.10, port 389 via interface 10.10.10.2 failed: Operation timed out.
[ 4159] Unable to connect to LDAP (Active Directory) service on DC2.NetApp.com (Error: Can't contact LDAP server [ 8007] TCP connection to ip 172.24.100.5, port 445 via interface 10.101.7.41 failed: Operation timed out.
[ 8007] Could not open a socket to 'dc002cd.netapp.cn'
[ 8007] Unable to connect to NetLogon service on dc002cd.netapp.cn (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
**[ 8007] FAILURE: Unable to make a connection (NetLogon:netapp.CN), result: 6942
[ 8007] CIFS authentication failed
[ 8007] Retry requested, but the retry window (7000 ms) has expired; giving up.