跳转到主内容

无法在CIFS服务器上配置AES加密

  1. 最后更新
  2. 另存为PDF
Views:
21
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>2009年385045</a>
Last Updated:

适用场景

  • ONTAP 9
  • CIFS
  • 高级加密标准(Advanced Encryption Standard、AES)

问题描述

  • 在CIFS SVM上启用AES加密时:
Cluster::> cifs security modify -vserver vserver_name -is-aes-encryption-enabled true
Info: In order to enable CIFS AES encryption, the password for the CIFS server machine account must be reset. Enter the username and password for the CIFS domain "DC_Name".
Enter your user ID: administrator
Enter your password:
Error: command failed: Password update failed. Reason: SecD Error: no server available.
  • 要验证:
Cluster::> event log show -message-name *secd*
Time         Node       Severity    Event
------------------- ---------------- ------------- ---------------------------
12/9/2022 10:43:08  node_01      DEBUG     secd.unexpectedFailure: vserver (vserver_name) Unexpected failure.
Error: CIFS server password reset procedure failed
...
[   59] Successfully connected to ip xx.xx.20.69, port 389 using TCP
[   80] Hostname found in Name Service Cache
[   81] Successfully connected to ip xx.xx.20.71, port 389 using TCP
[   86] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[   86] Unable to start TLS: Connect error
[   86]  Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[   86] Unable to connect to LDAP (Active Directory) service on DC_Name
[   87] Successfully connected to ip xx.xx.20.69, port 389 using TCP
[   92] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[   93] Unable to start TLS: Connect error
[   93]  Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[   93] Unable to connect to LDAP (Active Directory) service on DC_Name
[   93] Successfully connected to ip xx.xx.20.72, port 389 using TCP
[   98] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[   98] Unable to start TLS: Connect error
[   98]  Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[   98] Unable to connect to LDAP (Active Directory) service on DC_Name
[   99] Successfully connected to ip xx.xx.20.67, port 389 using TCP
[  104] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[  104] Unable to start TLS: Connect error
[  104]  Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[  105] Unable to connect to LDAP (Active Directory) service on DC_Name
[  105] N...[Please refer to secd log for more detail!]
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.