由于映射的Windows用户无法进行身份验证、NFS客户端收到权限被拒绝错误
适用场景
- ONTAP 9及更高版本
- NFS
- 用户 名映射
问题描述
- 用户可以使用NFSv3在Linux客户端上挂载卷/qtree。
- 但是、当他们运行"cd"或"ls"命令时、此命令失败、并显示权限被拒绝错误:
ls -al /mnt/folder/ls: cannot open directory /mnt/folder/: Permission denied- 这是NTFS安全模式卷。
- UNIX用户存在名称映射:
vserver name-mapping show -vserver svm1Vserver: svm1Direction: unix-winPosition Hostname IP Address/Mask-------- ---------------- ----------------1 - - Pattern: user1 Replacement: domain\\user1- 映射的Windows用户无法进行身份验证并失败、并显示以下错误:
cluster::*> diag secd authentication show-creds -node node1 -vserver svm1 -win-name domain\user1Vserver: svm1 (internal ID: 3)Error: Get user credentials procedure failed ... [ 11817] Unable to SASL bind to LDAP server using GSSAPI: Local error [ 11877] Could not authenticate as 'svm1$@domain.com': Invalid Credentials (KRB5KDC_ERR_PREAUTH_FAILED). [ 11880] Unable to connect to LDAP (Active Directory) service on dc1.domain.com (Error: Local error) ..... ......... [ 12003] Unable to SASL bind to LDAP server using GSSAPI: Local error .... ........ [ 12051] No servers available for MS_LDAP_AD, vserver: 3, domain: domain.com. [ 12051] Could not get credentials via LDAP for Windows user 'user1' based on SID 'S-x-x-xx-xxxxxxx-xxxxxxxx-xxxxxxxx-xxxxx' [ 12051] Could not get credentials for Windows user 'user1' or SID 'S-x-x-xx-xxxxxxx-xxxxxxxx-xxxxxxxx-xxxxx'Error: command failed: Failed to get user credentials. Reason: "SecD Error: no server available".- secd日志显示以下错误:
0000002c.000f83fe 004d0118 Fri May 31 2024 09:36:12 +00:00 [kern_secd:info:10882] | [006.038.331] debug: Connection timed out after 2 second(s) { in _connect() at src/connection_manager/secd_connection_shim.cpp:494 }
0000002c.000f83ff 004d0118 Fri May 31 2024 09:36:12 +00:00 [kern_secd:info:10882] | [006.038.357] info : TCP connection to ip 10.xx.xx.10, port 88 failed: Operation timed out. { in _connect() at src/connection_manager/secd_connection_shim.cp
- 这也适用于受信任域