跳转到主内容

FPolicy 服务器同步响应写入时拒绝访问

  1. 最后更新
  2. 另存为PDF
Views:
36
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用于

  • ONTAP 9
  • CIFS/SMB
  • FPolicy
  • Symphony

问题

  • 在多个文件操作期间,例如当 Fpolicy 存档解决方案必须调用每个文件时,将目录从 CIFS 共享复制到本地磁盘,文件会成功复制,直到某个文件返回"访问被拒绝"错误。如果重试该操作,它将成功,直到进一步的一些文件返回下一个错误。
  • vserver security trace  显示 Fpolicy 服务器拒绝访问

示例

vserver security trace trace-result show 

Vserver: svm1 
Node       Index Filter Details        Reason

--------------- ----- -------------------------- ------------------------------ 
node01         1    Security Style:  -
                                               Access is denied by the 
                         FPolicy server or due to 

                                         mandatory attribute of the 
                         FPolicy policy. 

 Protocol: cifs 
            Volume: - 
            Share: share1 
            Path: - 

      Win-User: Domain\user1 
            UNIX-User: root 
            Session-ID: xxxxxxxxxxxxxxxxxxx 

  • ONTAP 中的 Fpolicy 日志可能包含 DENY 响应:
示例
 
[kern_fpolicy:nfo:6553] [enum clnt_stat FSMNbladeRespTask::shmSendRespToNblade(std::list<nbladeRespQueueElement_t>&, int, char *, CLIENT *)] reqId = XXXXXXXXXX respCode 2 : DENY 
 
  • 无法复制某些特定文件类型。
  • 数据包跟踪显示某些文件的访问被拒绝,此示例专门显示备用数据流 (ADS) 被拒绝。

clipboard_39804b64-cd85-4ac6-85be-0f61dfddeea8.png

  • 捕获 Fpolicy 外部服务器之间流量的网络跟踪将显示文件打开被 FPolicy 外部引擎拒绝:
示例
 
Screen Request (18226441) SMB_OPEN: \path\to\file.ext
Screen Response (18226441) SMB_OPEN: Denied

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.