跳转到主内容

与从不支持的单标签域查找用户相关的多个 Secd 紧急事件

Views:
18
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用于

  • ONTAP 9.3P1 和 9.4 之前的 ONTAP 9.x 版本
  • 单标签域

问题

由于 ONTAP 中存在软件缺陷、当从不受支持的单标签域中为用户执行 CIFS 查找时、 Secd 会出现紧急情况、但可以恢复。  如果在一个小时内发生 SED 紧急情况 10 次、则会导致 SED 进程进入可重新启动的慢模式、这意味着它只会在发生最后一个紧急事件 10 分钟后重新启动。  在这种情况下、由于此时间段内没有 SECD 进程而需要在该节点上处理的身份验证和 / 或授权请求可能超时或失败。

执行任务(例如将数据从一个位置迁移到另一个位置)时、目标是从 ONTAP 9.x 集群中的 CIFS 共享时、 当从不受支持的单标签域中尝试将文件的所有权修改为用户时、托管客户端请求所在节点上的 secd 可能会出现以下错误:

CLUSTER::> event log show -messagename ucore.panicString
1/1/2017 01:01:01 CLUSTER-01   ERROR         ucore.panicString: 'secd: Received SIGSEGV (Signal 11) at RIP 0x801234567 accessing address 0x6a12345678 (pid 12345, uid 0, timestamp 1483250461)'


在查看该节点的 SED 时、 您将看到一个类似下面的错误,显示在 SetInfo 请求中为用户传递了对 SID 的查找后、试图将用户观察到的 NetBIOS 域名映射到其等效 Active Directory 域名。 在遇到紧急情况之前:

debug:  Calling LsaLookupSids2...  { in lookupSid() at src/utils/secd_cifs_utils.cpp:412 }
debug:  LsarLookupSids2 returned Result 0 with lsa result: 0x0  { in lookupSid() at src/utils/secd_cifs_utils.cpp:429 }
debug:  domainName from lookupSid: SLD  { in lookupSid() at src/utils/secd_cifs_utils.cpp:450 }
debug:  accountName from lookupSid: TESTUSER  { in lookupSid() at src/utils/secd_cifs_utils.cpp:458 }
info :  DC translates S-1-5-21-123456789-123456789-123456789-123456 to 'SLD\TESTUSER' { in getNameFromSid() at src/authorization/secd_cifs_authorization.cpp:567 }
debug:  Netbios domain 'SLD' is not an AD domain. Probably NT4  { in secdMapNetbiosDomainToADDomain() at src/domain_services/secd_domain_services.cpp:409 }

 

ERR  :  Cannot determine AD domain name for 'SLD' { in getCredentials() at src/authorization/secd_cifs_authorization.cpp:1085 }
ERR  :  RESULT_ERROR_SECD_CANNOT_FIND_DOMAIN_MAPPING:6948 in getCredentials() at src/authorization/secd_cifs_authorization.cpp:1086

 

ERR  :  Could not get credentials for Windows user 'TESTUSER' or SID 'S-1-5-21-123456789-123456789-123456789-123456' { in getCredentials() at src/authorization/secd_cifs_authorization.cpp:1129 }
ERR  :  RESULT_ERROR_SECD_CANNOT_FIND_DOMAIN_MAPPING:6948 in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd_rpc_authorization.cpp:1648

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device