ONTAP 9 の AD で SMB1 が無効な場合、 Active Directory マシンアカウントの理由:ソケット受信エラーが作成されませんでした
- Views:
- 137
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-9
- Specialty:
- nas<a>1007041</a><a>1081261</a>
- Last Updated:
環境
- ONTAP 9
- CIFSの作成
問題
- ONTAP内にCIFS Vserverを作成しようとすると、次のエラーが発生します。
- cluster出力
Cluster1::> vserver cifs create -vserver SMV1 -cifs-server SVM1 -domain company.com
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the "company.net" domain.
Enter the user name: win_user
Enter the password:***
- この問題では、次の3つのエラーが記録されています。
Machine account creation procedure failed
[ 153] Loaded the preliminary configuration.
[ 185] Created a machine account in the domain
[ 188] Successfully connected to 10.0.0.1:445 using TCP
[ 189] to connect to LSA service on SVM1.company.com (: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR)
[ 191] Successfully connected to 10.0.0.1:445 using TCP
[ 193] to connect to LSA service on SVM1.company.com (: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR)
[ 193] No servers available for MS_LSA, vserver: 5, domain: company.com.**
[ 193] : to make a connection** (LSA:COMPANY.COM), result: 6940
[ 193] Could not find Windows SID 'S-1-5-21-2755096389-2719828064-xxxxxxx-512'
[ 197] Deleted existing account 'CN=svm1,CN=Computers,DC=company,DC=com': command failed: Failed to create the Active Directory machine account "SVM1". Reason: SecD : no server available.
Error: Machine account creation procedure failed
[ 85] Loaded the preliminary configuration.
[ 130] Created a machine account in the domain
[ 131] SID to name translations of Domain Users and Admins
completed successfully
[ 134] Successfully connected to ip 10.0.0.1, port 88 using
TCP
[ 137] Successfully connected to ip 10.0.0.1, port 464 using
TCP
[ 163] Kerberos password set for 'SVM1.company.LOCAL' succeeded
[ 163] Set initial account password
[ 171] Successfully connected to ip 10.0.0.1, port 445 using
TCP
[ 172] Unable to connect to NetLogon service on
SVM1.company.local (Error:
RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR)
**[ 172] FAILURE: Unable to make a connection
** (NetLogon:COMPANY.LOCAL), result: 6754
[ 172] Unable to make a NetLogon connection to SMV1.company.local
using the new machine account
[ 202] Deleted existing account
'CN=SVM1,CN=Computers,DC=company,DC=local'
Error: command failed: Failed to create the Active Directory machine account "SVM1". Reason: Socket receive error.
Cause.
secd.conn.auth.failure: Vserver (na06) could not make a connection over the network to server (10.2.251.198) via interface 10.1.251.77. Error: Connection reset by peer.
Failure Summary:
Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.1.191.54
[ 0 ms] Login attempt by domain user 'OFFICE01\Administrator' using NTLMv1 style security
[ 1] Successfully connected to ip 10.2.251.198, port 445 using TCP
[ 2] Unable to connect to NetLogon service on server.com. (Error: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR)
[ 5] Successfully connected to ip 10.1.251.195, port 445 using TCP
[ 15] Successfully authenticated with DC server.com
[ 18] Authentication failed with DC VISAD5. Not retriable. (Status: 0xc0000064)
[ 18] Login attempt by local user 'OFFICE01\Administrator' using NTLMv1 style security
**[ 18] FAILURE: CIFS authentication failed
- DC接続用に設定されたSMBバージョン:
::> cifs security show -vserver SMV1 Vserver: svm1 FINDME
Kerberos Clock Skew: - minutes
Kerberos Ticket Age: - hours
Kerberos Renewal Age: - days
Kerberos KDC Timeout: - seconds
Is Signing Required: -
Is Password Complexity Required: -
Use start_tls for AD LDAP connection: false
Is AES Encryption Enabled: false
LM Compatibility Level: lm-ntlm-ntlmv2-krb
Is SMB Encryption Required: -
Client Session Security: none
SMB1 Enabled for DC Connections: system-default
SMB2 Enabled for DC Connections: system-default
注:system-default は、ONTAPリリースのデフォルトを設定します。ONTAP 9.1以前のリリースでは、SMB2はデフォルトで無効になっています。ONTAP 9.2以降ではSMB2が有効