跳转到主内容

尽管对于CVE-2022-38023、DC上的ResquieSeal:1存在、但NTLM仍会失败

Views:
167
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

适用场景

  • ONTAP 9
  • CIFS/SMB
  • Netlogon
  • ntlm
  • CVE-2022-38023

问题描述

  • 无法 使用IP通过NTLM身份验证访问CIFS共享

注意: 可以通过FQDN或主机名称进行访问

  • 域控制器(DC) Windows事件日志 显示 ERROR 受影响SVM的事件ID 5838、并引用 Windows操作系统:

示例

Log Name: System
Source: NETLOGON
Date: 4/21/2023 8:06:11 AM
Event ID: 5838
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: demodomadc1.demo.domaina.local
Description:
The Netlogon service encountered a client using RPC signing instead of RPC sealing.

Machine SamAccountName: CIFSSERVERNAME
Domain: demo.domaina.local.
Account Type: Domain Member
Machine Operating System: Windows 10 Enterprise
Machine Operating System Build: 10.0 (19044)
Machine Operating System Service Pack: N/A
Client IP Address: Unknown IP

注意:  SVM CIFS 服务器的AD计算机对象已 将"计算机操作系统"属性设置为Windows

  • 使用 Netlogon服务时CIFS访问失败:
4/16/2023 23:13:02  NODE1   ERROR     secd.cifsAuth.problem: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed (Retries: 2)
CIFS SMB2 Share mapping - Client Ip = 10.227.140.172
**[   22] Attempt 1 FAILURE: Unexpected state: Error 6756 at file:src/FrameWork/ClientInfo.cpp func:RemoveAllSharesFromGlobalSession line:4034
**[   22] Attempt 1 FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
**[   36] Attempt 2 FAILURE: Unexpected state: Error 6756 at file:src/FrameWork/ClientInfo.cpp func:RemoveAllSharesFromGlobalSession line:4034
**[   36] Attempt 2 FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
[ 36 ms] Login attempt by domain user 'Netapp\user' using NTLMv2 style security
[   37] Successfully connected to ip 192.168.1.1, port 445 using TCP
[   44] Successfully authenticated with DC netapp.domain.com
**[   59] FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
[   59] CIFS authentication failed
[   59] Retry requested, but maximum attempts (3) reached; giving up.

注意: 0xc000005e 是一个一般性错误,因此所有症状都需要匹配

  • 自4月11日起 、在DC上安装适用于CVE-2022-38023的2023 Microsoft Windows修补程序、并且 RequireSeal 注册表值设置为1 (兼容模式)
  • 验证SVM的CIFS服务器名称:

::*> cifs show -vserver SVM1

Vserver: SVM1
CIFS Server NetBIOS Name: CIFSSERVERNAME
NetBIOS Domain/Workgroup Name: DEMO
Fully Qualified Domain Name: DEMO.DOMAINA.LOCAL
Organizational Unit: CN=Computers
Default Site Used by LIFs Without Site Membership:
Workgroup Name: -
Kerberos Realm: -
Authentication Style: domain
CIFS Server Administrative Status: up
CIFS Server Description:
List of NetBIOS Aliases: -

  •  DC上通过PowerShell确认OperatingSystem属性:

PS C:\Users\Administrator> Get-ADComputer CIFSSERVERNAME -Properties OperatingSystem,OperatingSystemVersion
DistinguishedName      : CN=CIFSSERVERNAME,CN=Computers,DC=demo,DC=domaina,DC=local
DNSHostName            : cifsservername.demo.domaina.local
Enabled                : True
Name                   : CIFSSERVERNAME
ObjectClass            : computer
ObjectGUID             : 39c55236-7d8d-4c7d-a24b-aee1899e6053
OperatingSystem        : Windows 10 Enterprise
OperatingSystemVersion : 10.0 (194044)
SamAccountName         : CIFSSERVERNAME$
SID                    : S-1-5-21-441962528-1452217077-79953549-1312
UserPrincipalName      :

可将其用在一个新的系统中

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.