跳转到主内容

无法为与的 CIFS 共享设置 ACL 错误 " 无法确定计算机是否已加入 域 "

Views:
67
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>ACL</a><a>AD LDAP</a><a>Start_TLS</a>
Last Updated:

适用场景

  • ONTAP 9
  • CIFS
  • START_TLS或LDAPS
  • Windows Active Directory 集成 LDAP

问题描述

  • 无法使用 Windows 客户端上的 " 安全 " 选项卡为 CIFS 共享设置 ACL,并显示错误消息:
示例:
"The program cannot open the required dialog box because it cannot determine whether the computer named “cifs -server” is joined to a domain. Close this message, and try again."
  • SecD 日志显示以下 "LDAP TLS" 身份验证错误。
示例 1
00000013.0076d13a 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.250] debug: LDAP TLS Alert generated is 'fatal:unknown CA'
00000013.0076d13b 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.371] info : Unable to start TLS: Connect error { in ldapInitialize() at src/connection_manager/secd_connection.cpp:2030 }
00000013.0076d13c 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.377] info : Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed { in ldapInitialize() at src/connection_manager/secd_connection.cpp:2033 }
00000013.0076d13d 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.384] ERR : RESULT_ERROR_LDAPSERVER_CONNECT_ERROR:7652 in ldapInitialize() at src/connection_manager/secd_connection.cpp:2042
00000013.0076d13e 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.390] ERR : ldapInitialize: LDAP Error: (-11): 'Connect error':
 
示例 2​​​
00000024.0001e327 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345] Failure Summary:
00000024.0001e328 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345] Error: Get DC Info procedure failed
00000024.0001e329 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345] CIFS Domain Query via LSAR_DS_ROLE_GET_DOMAIN_INFO - Client Ip = XXX.XXX.XXX.XXX User = YYYY\ZZZZZZ
00000024.0001e32a 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345]   ...
00000024.0001e32b 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345]   [   13] Unable to connect to LDAP (Active Directory) service on AAAA.BBBB.CCC.com
00000024.0001e32c 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345]   [   13] Successfully connected to ip XXX.XXX.XXX.XXX, port 389 using TCP
00000024.0001e32d 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345]   [   17] Required certificate with CA DDDDDD is not installed
00000024.0001e32e 02a31434 Thu Feb 04 2021 00:00:00  00:00 [kern_secd:info:12345]   [   17] Unable to start TLS: Connect error​​​​

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.