メインコンテンツまでスキップ

NetApp_Insight_2020.png 

SVM と DC 間で観察された誤った時間スキューエラー「クラスタとドメインコントローラの時間が、設定されているクロックスキュー( krb5krb_ap_err_skew )よりも大きく異なる」

Views:
21
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

のしんだ

に適用されます

clustered Data ONTAP 9.3+

SMB 2

SMB 3

問題

  • EMS ログには、 SVM と DC の間にタイムスキューが発生したことが表示されます。

cluster::*> event log show -event secd*
Time                Node             Severity      Event
------------------- ---------------- ------------- ---------------------------
4/29/2019 11:09:01  cdot-vsim10-01   ERROR         secd.cifsAuth.problem: vserver (svm) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.216.yy.xx
  [  5 ms] Error accepting security context for Vserver identifier (3). Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW).
**[     7] FAILURE: CIFS authentication failed

  • Secd ログには次の情報が表示

00000018.000079a0 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] .------------------------------------------------------------------------------.
00000018.000079a1 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] |                                 RPC FAILURE:                                 |
00000018.000079a2 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] |                      secd_rpc_auth_extended has failed                       |
00000018.000079a3 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] |                          Result = 0, RPC Result = 4                          |
00000018.000079a4 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] |                   RPC received at Mon Apr 29 11:09:01 2019                   |
00000018.000079a5 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] |------------------------------------------------------------------------------'
00000018.000079a6 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] Failure Summary:
00000018.000079a7 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] Error: User authentication procedure failed
00000018.000079a8 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] CIFS SMB2 Share mapping - Client Ip = 10.216.yy.xx
00000018.000079a9 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459]   [  5 ms] Error accepting security context for Vserver identifier (3). Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW).
00000018.000079aa 00fcae75 Mon Apr 29 2019 11:09:01 +05:30 [kern_secd:info:8459] **[     7] FAILURE: CIFS authentication failed

  • SVM に DC へのアクティブな接続があります

cluster::*> vserver  cifs domain  discovered-servers  show -vserver  svm
Node: cdot-01
Vserver: svm
Domain Name     Type     Preference DC-Name         DC-Address      Status
--------------- -------- ---------- --------------- --------------- ---------
naslab.local    KERBEROS adequate   WIN-OBK6KRHGRH5 xx.yy.zz.30    undetermined
naslab.local    KERBEROS adequate   WIN-RH1QTMQCSIK xx.yy.zz.42    undetermined
naslab.local    KERBEROS preferred  win-aesid9bf636 xx.yy.zz.191   undetermined
naslab.local    KERBEROS preferred  win-k8f679t5rhm xx.yy.zz.190   undetermined
naslab.local    MS-LDAP  preferred  win-aesid9bf636 xx.yy.zz.191   OK
naslab.local    MS-LDAP  preferred  win-k8f679t5rhm xx.yy.zz.190   OK

naslab.local    MS-LDAP  adequate   win-obk6krhgrh5 xx.yy.zz.30    undetermined
naslab.local    MS-LDAP  adequate   win-rh1qtmqcsik xx.yy.zz.42    undetermined
naslab.local    MS-DC    adequate   WIN-OBK6KRHGRH5 xx.yy.zz.30    undetermined
naslab.local    MS-DC    preferred  win-aesid9bf636 xx.yy.zz.191   undetermined
naslab.local    MS-DC    preferred  win-k8f679t5rhm xx.yy.zz.190   OK
naslab.local    MS-DC    adequate   win-rh1qtmqcsik xx.yy.zz.42    undetermined
12 entries were displayed.


SVM と DC の日付と時刻を確認すると、スキューは発生せず、同期されます。 
また、どのユーザからも影響は報告されません。

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support