迁移后 XCP SMB 验证返回无法获取安全描述符错误
适用于
- XCP SMB
- ONTAP 9
问题描述
- 使用 XCP SMB 工具在 CIFS 共享之间复制数据后,运行
xcp verify命令对所有文件产生failed to get security descriptor错误
示例:
C:\xcp\windows>xcp verify -loglevel debug \\storage_ip\cifs01 \\storage_ip\des01
XCP SMB 1.9.4P1; (c) 2025 NetApp, Inc.
57 scanned, 0 compared, 0 same, 0 different, 0 missing, 0 errors, 7s
failed to get security descriptor for "\\storage_ip\cifs01\all_source_files
failed to get security descriptor for "\\storage_ip\cifs01\all_target_files
57 scanned, 56 compared, 56 same, 0 different, 0 missing, 0 errors, 43s
xcp verify -loglevel debug \\storage_ip\cifs01 \\storage_ip\des01
57 scanned, 56 compared, 56 same, 0 different, 0 missing, 0 errors
Total Time : 43s
STATUS : PASSED
- 仅 Everyone 组应用于源卷及其基础数据
- 源卷的安全样式设置为 ntfs
xcp copy已完成,没有任何问题- 在
xcp copy之后,目标数据还继承了 Everyone 组的 ACL。 - 为 XCP 配置的 CIFS 用户具有足够的权限
cluster::*>vserver cifs users-and-groups local-group show-members -vserver svm01Vserver Group Name Members-------------- ---------------------------- ------------------------svm01 BUILTIN\Administrators CIFS\AdministratorCIFS\cifs_usercluster::*>diag secd authentication show-creds -vserver svm01 -win-name cifs_userUNIX UID: pcuser <> Windows User: CIFS\cifs_user (Windows Local User)GID: pcuserSupplementary GIDs:pcuserPrimary Group SID: CIFS\None (Windows Domain group)Windows Membership:User is also a member of Everyone, Authenticated Users, and Network UsersPrivileges (0x201f):SeTcbPrivilegeSeBackupPrivilegeSeRestorePrivilegeSeTakeOwnershipPrivilegeSeSecurityPrivilegeSeChangeNotifyPrivilegecluster::*> vserver cifs users-and-groups privilege show -vserver svm01Vserver User or Group Name Privileges-------------- ---------------------------- -------------------svm01 CIFS\cifs_user SeBackupPrivilegeSeChangeNotifyPrivilegeSeRestorePrivilegeSeSecurityPrivilegeSeTakeOwnershipPrivilegeSeTcbPrivilege