尽管对于CVE-2022-38023、DC上的ResquieSeal：1存在、但NTLM仍会失败

最后更新
另存为PDF

Views:: 180

Visibility:: Public

Votes:: 1

Category:: ontap-9

Specialty:: nas

Last Updated:

适用场景

ONTAP 9
CIFS/SMB
Netlogon
ntlm
CVE-2022-38023

问题描述

无法使用IP通过NTLM身份验证访问CIFS共享

注意： 可以通过FQDN或主机名称进行访问

域控制器(DC) Windows事件日志 显示 ERROR 受影响SVM的事件ID 5838、并引用 Windows操作系统：

示例：

Log Name: System Source: NETLOGON Date: 4/21/2023 8:06:11 AM Event ID: 5838 Task Category: None Level: Error Keywords: Classic User: N/A Computer: demodomadc1.demo.domaina.local Description: The Netlogon service encountered a client using RPC signing instead of RPC sealing. Machine SamAccountName: CIFSSERVERNAME Domain: demo.domaina.local. Account Type: Domain Member Machine Operating System: Windows 10 Enterprise Machine Operating System Build: 10.0 (19044) Machine Operating System Service Pack: N/A Client IP Address: Unknown IP

注意： SVM CIFS 服务器的AD计算机对象已将"计算机操作系统"属性设置为Windows

使用 Netlogon服务时CIFS访问失败：

4/16/2023 23:13:02  NODE1   ERROR     secd.cifsAuth.problem: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed (Retries: 2)

CIFS SMB2 Share mapping - Client Ip = 10.227.140.172

**[   22] Attempt 1 FAILURE: Unexpected state: Error 6756 at file:src/FrameWork/ClientInfo.cpp func:RemoveAllSharesFromGlobalSession line:4034

**[ 22] Attempt 1 FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))

**[   36] Attempt 2 FAILURE: Unexpected state: Error 6756 at file:src/FrameWork/ClientInfo.cpp func:RemoveAllSharesFromGlobalSession line:4034

**[ 36] Attempt 2 FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))

[ 36 ms] Login attempt by domain user 'Netapp\user' using NTLMv2 style security

[ 37] Successfully connected to ip 192.168.1.1, port 445 using TCP

[ 44] Successfully authenticated with DC netapp.domain.com

**[ 59] FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))

[ 59] CIFS authentication failed

[ 59] Retry requested, but maximum attempts (3) reached; giving up.

注意： 0xc000005e 是一个一般性错误，因此所有症状都需要匹配

自4月11日起、在DC上安装适用于CVE-2022-38023的2023 Microsoft Windows修补程序、并且 RequireSeal 注册表值设置为1 (兼容模式)
验证SVM的CIFS服务器名称：

::*> cifs show -vserver SVM1

Vserver: SVM1 CIFS Server NetBIOS Name: CIFSSERVERNAME NetBIOS Domain/Workgroup Name: DEMO Fully Qualified Domain Name: DEMO.DOMAINA.LOCAL Organizational Unit: CN=Computers Default Site Used by LIFs Without Site Membership: Workgroup Name: - Kerberos Realm: - Authentication Style: domain CIFS Server Administrative Status: up CIFS Server Description: List of NetBIOS Aliases: -

在 DC上通过PowerShell确认OperatingSystem属性：

PS C:\Users\Administrator> Get-ADComputer CIFSSERVERNAME -Properties OperatingSystem,OperatingSystemVersion DistinguishedName : CN=CIFSSERVERNAME,CN=Computers,DC=demo,DC=domaina,DC=local DNSHostName : cifsservername.demo.domaina.local Enabled : True Name : CIFSSERVERNAME ObjectClass : computer ObjectGUID : 39c55236-7d8d-4c7d-a24b-aee1899e6053 OperatingSystem : Windows 10 Enterprise OperatingSystemVersion : 10.0 (194044) SamAccountName : CIFSSERVERNAME$ SID : S-1-5-21-441962528-1452217077-79953549-1312 UserPrincipalName :

可将其用在一个新的系统中