使用域和非域Windows的NetApp系统上的CIFS访问问题
适用场景
- ONTAP 9
- CIFS
- Windows客户端(加入域和未加入域)
问题描述
- 加入域的Windows客户端可以同时使用FQDN和IP地址访问CIFS共享。
- 未加入域的Windows客户端只能使用FQDN (而不能通过IP地址)访问共享。
- 数据包跟踪显示NTLM身份验证失败、并显示错误:stats_NO_LOGON_SERVERS (0xc000005e)。
11011 2024-12-06 11:46:17.421342 0.022644 XXX XXX SMB2 648 1129 Session Setup Request, NTLMSSP_AUTH, User: XXX
11973 2024-12-06 11:46:39.498860 0.000507 XXX XXX SMB2 131 1129 Session Setup Response, Error: STATUS_NO_LOGON_SERVERS
- 指示无法连接到LDAP服务器的Secd日志记录。
0000001b.00112f35 00ecb63e Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.359.137] ERR : LDAP SASL bind failed using GSSAPI and channel binding. Error: -2 (Local error) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:671 }
0000001b.00112f36 00ecb63e Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.359.142] ERR : Additional Error Message: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:672 }
0000001b.00112f37 00ecb63e Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.359.146] debug: Retrying bind without channel binding { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:675 }
0000001b.00112fd3 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.172] info : [krb5 context 09364200] Received error from KDC: -1765328360/Preauthentication failed
0000001b.00112fd4 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.201] ERR : Could not authenticate as 'XXX': Invalid Credentials (KRB5KDC_ERR_PREAUTH_FAILED). { in getKerberosAdminCredentials() at src/utils/secd_krb_utils.cpp:426 }
0000001b.00112fd5 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.213] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in getKerberosAdminCredentials() at src/utils/secd_krb_utils.cpp:429
0000001b.00112fd6 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.219] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:595
0000001b.00112fd7 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.243] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in ldapSaslBind() at src/connection_manager/secd_connection.cpp:1131
0000001b.00112fd8 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.248] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in ldapConnectAD() at src/connection_manager/secd_connection.cpp:1276
0000001b.00112fd9 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.252] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in connect() at src/connection_manager/secd_connection.cpp:2535
0000001b.00112fda 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.258] ERR : Vserver 3 could not connect or authenticate to ldap server (XXX) at address XXX with error Local error. { in connect() at src/connection_manager/secd_connection.cpp:2655 }
0000001b.00112fdb 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.265] info : Unable to start LDAPS: Local error { in connect() at src/connection_manager/secd_connection.cpp:2665 }
0000001b.00112fdc 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.270] info : Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) { in connect() at src/connection_manager/secd_connection.cpp:2668 }
0000001b.00112fdd 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.311] debug: LDAP TLS Alert generated is 'warning:close notify'