跳转到主内容

使用CIFS服务器的受信任域中的用户通过SSH连接到集群命令行界面失败

Views:
2
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs<a>2009年299124</a>
Last Updated:

适用场景

  • ONTAP 9 
  • CIFS域通道
  • SSH

问题描述

  • CIFS服务器属于NASLAB.local域 

::> cifs show -instance
                     Vserver: vs1
             CIFS Server NetBIOS Name: VS1
           NetBIOS Domain/Workgroup Name: NASLAB
           Fully Qualified Domain Name: NASLAB.LOCAL
                Organizational Unit: CN=Computers
               Authentication Style: domain
         CIFS Server Administrative Status: up

  • 域通道是使用SVM vs1创建的

::> security login domain-tunnel show
Tunnel Vserver: vs1

  • 受信任域(BLRlB)中的用户无法通过SSH连接到集群命令行界面。
  • 从受信任域提取用户的创建失败

::> set adv

Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y


::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -win-name blrlab\user1
Vserver: vs1 (internal ID: 6)
Error: Get user credentials procedure failed
  ...
      (KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
  [  5725] Failed to initiate Kerberos authentication. Trying NTLM.
 [  7726] TCP connection to ip 10.1.1.1, port 389 failed:
      Operation timed out.
  [ 10032] TCP connection to ip 10.2.2.2, port 389 failed:
      Operation timed out.
  [ 12439] TCP connection to ip 10.3.3.3, port 389 failed:
      Operation timed out.
  [ 15005] TCP connection to ip 10.4.4.4, port 389 failed:
      Operation timed out.

**[ 15006] FAILURE: Unable to make a connection (LDAP (Active
**      Directory):blrlab.local), result: 6942
  [ 15006] Could not get credentials via LDAP for Windows user
      '435970-a' based on SID
      'S-1-5-21-2573208799-187067640-1722879566-575467'
  [ 15006] Could not get credentials for Windows user 'user1' or
      '435970-a' based on SID
      'S-1-5-21-2573208799-187067640-1722879566-575467'
  [ 15006] Could not get credentials for Windows user 'user1' or
      SID 'S-1-5-21-2573208799-187067640-1722879566-575467'

注意: 来自同一域(NASL)的用户可以通过SSH连接到集群命令行界面、而不会出现任何问题。 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.