ADグループの名前を使用しているときに「Failed to resolve the security identifier(SID;セキュリティ識別子)for the account named」というメッセージが表示される
環境
- ONTAP 9
- SMB / CIFS
- Active Directory
問題
USofA
という名前のActive DirectoryグループをCIFS共有ACLに追加しようとすると、ONTAPがADグループのSIDを解決できない::*> cifs share access-control create -share cifstest -user-or-group USofA -user-group-type windows -permission Full_Control Error: command failed: Failed to resolve the security identifier (SID) for the account named "USofA". Reason: Object name either does not exist or could not be resolved using the available servers. Check the event log for additional information.
- SecDログによると、ドメインコントローラは
USofA
Failure Summary: Error: Lookup of CIFS account name procedure failed [ 9 ms] Successfully connected to ip x.x.x.x, port 445 using TCP [ 32] Successfully authenticated with DC hostname.domainname.local [ 50] Encountered NT error (NT_STATUS_PIPE_NOT_AVAILABLE) for SMB command Create [ 136] Successfully retried Smb2NtCreateAndXFile for pipe \lsarpc 9 times within 95201 usecs to overcome STATUS_PIPE_NOT_AVAILABLE error from DC hostname.domainname.local [ 191] Could not find Windows name 'USofA' **[ 50] FAILURE: Unexpected state: Error 6763 at file:src/Commands/Commands.cpp func:CheckSmbStatusWrapper line:1129 **[ 191] FAILURE: Error case not correctly journaled
- ONTAPとドメインコントローラ間のトラフィックのパケットトレースにより、DCのLSARPC応答が
lsa_LookupNames2 response, STATUS_NONE_MAPPED, Error: STATUS_NONE_MAPPED