由于映射的Windows用户无法进行身份验证、NFS客户端收到权限被拒绝错误
适用场景
- ONTAP 9及更高版本
- NFS
- 用户 名映射
问题描述
- 用户可以使用NFSv3在Linux客户端上挂载卷/qtree。
- 但是、当他们运行"cd"或"ls"命令时、此命令失败、并显示权限被拒绝错误:
ls -al /mnt/folder/
ls: cannot open directory /mnt/folder/: Permission denied
- 这是NTFS安全模式卷。
- UNIX用户存在名称映射:
vserver name-mapping show -vserver svm1
Vserver: svm1
Direction: unix-win
Position Hostname IP Address/Mask
-------- ---------------- ----------------
1 - - Pattern: user1
Replacement: domain\\user1
- 映射的Windows用户无法进行身份验证并失败、并显示以下错误:
cluster::*> diag secd authentication show-creds -node node1 -vserver svm1 -win-name domain\user1
Vserver: svm1 (internal ID: 3)
Error: Get user credentials procedure failed
...
[ 11817] Unable to SASL bind to LDAP server using GSSAPI: Local
error
[ 11877] Could not authenticate as
'svm1$@domain.com': Invalid Credentials
(KRB5KDC_ERR_PREAUTH_FAILED).
[ 11880] Unable to connect to LDAP (Active Directory) service on
dc1.domain.com (Error: Local error)
.....
.........
[ 12003] Unable to SASL bind to LDAP server using GSSAPI: Local
error
....
........
[ 12051] No servers available for MS_LDAP_AD, vserver: 3, domain:
domain.com.
[ 12051] Could not get credentials via LDAP for Windows user
'user1' based on SID
'S-x-x-xx-xxxxxxx-xxxxxxxx-xxxxxxxx-xxxxx'
[ 12051] Could not get credentials for Windows user
'user1' or SID
'S-x-x-xx-xxxxxxx-xxxxxxxx-xxxxxxxx-xxxxx'
Error: command failed: Failed to get user credentials. Reason: "SecD Error: no server available".
- secd日志显示以下错误:
0000002c.000f83fe 004d0118 Fri May 31 2024 09:36:12 +00:00 [kern_secd:info:10882] | [006.038.331] debug: Connection timed out after 2 second(s) { in _connect() at src/connection_manager/secd_connection_shim.cpp:494 }
0000002c.000f83ff 004d0118 Fri May 31 2024 09:36:12 +00:00 [kern_secd:info:10882] | [006.038.357] info : TCP connection to ip 10.xx.xx.10, port 88 failed: Operation timed out. { in _connect() at src/connection_manager/secd_connection_shim.cp
- 这也适用于受信任域