由于ONTAP和DC之间存在时间差异、无法使用主机名访问CIFS共享
适用场景
- ONTAP 9
- CIFS/SMB
- Kerberos
- Linux客户端
- Windows 客户端
问题描述
- 无法使用主机名或 FQDN 访问 CIFS 共享
- CIFS 共享频繁断开连接,卷变得无法访问
- 在Linux系统上,命令(例如
df
) 可能会失败Input/output Error
- 无法 使用主机名映射SMB (通过带有Samba的UNIX/Linux客户端)共享
示例:
\\server1 is not accessible. You might not have permission to use this network resource.
Contact the administrator of this server to find out if you have access permissions.
- Windows 错误:
Windows can't access this disc. The disc might be corrupt. Make sure that the disc uses a format that Windows recognizes. If the disc is unformatted, you need to format it before using it.
- 已发现的域控制器列表 在SVM设置/域选项卡中为空
- 默认情况下、ONTAP会尝试使用Kerberos进行身份验证。
SECD 和/或EMS日志:
示例:
Mon Jan 01 18:00:30 -0700 [CLUSTER-XX: secd: secd.cifsAuth.problem:error]: vserver (SVM1) General CIFS authentication problem.
Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 10.11.XX.XX
[ 0 ms] Login attempt by domain user 'Domain\user' using NTLMv2 style security
[ 0] Successfully connected to ip 10.1.XX.XX, port 445 using TCP
[ 3] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup
[ 3] Cluster, Domain Controller or Client time differs by more than the configured clock skew with respect to the others (KRB5KRB_AP_ERR_SKEW)
[ 3] Kerberos authentication failed with result: 7537.
[ 4] Unable to connect to NetLogon service on dc01.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
[ 4] Successfully connected to ip 10.1.XX.XX, port 445 using TCP
[ 7] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup
[ 7] Cluster, Domain Controller or Client time differs by more than the configured clock skew with respect to the others (KRB5KRB_AP_ERR_SKEW)
[ 7] Kerberos authentication failed with result: 7537.
[ 7] Unable to connect to NetLogon service on dc02.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
[ 7] No servers available for MS_NETLOGON, vserver: 3, domain: domain.com.
[ 7] FAILURE: Unable to make a connection (NetLogon:DOMAIN.COM), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE
[ 8] CIFS authentication failed