メインコンテンツまでスキップ

既存のクラスタにノードを追加したあと、権限を拒否して、ユーザが作成したSP管理者アカウントにログインできませんでした

Views:
12
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

環境

ONTAP 9.9.1

問題

  • ユーザがクラスタ内で作成したadminロールSPアカウントは、クラスタ内のノードからログインできます。

                      Vserver: cluster-01
      User Name or Group Name: fasadmin
                  Application: service-processor
        Authentication Method: password
     Remote Switch IP Address: -
                    Role Name: admin
               Account Locked: no
                 Comment Text: -
      Whether Ns-switch Group: no
Second Authentication Method2: none

  • 現在のクラスタに新しいノードを追加すると、ノードがリブートしたあともSPアカウントにログインできなくなります。

[~]$ ssh fasadmin@10.xxx.xx.185
The authenticity of host '10.xxx.xx.185(10.xxx.xx.185)' can't be established.
ECDSA key fingerprint is SHA256:+xANMpHpDEQoLmhd0Kmi1AW2PwHeI5daI3znYbr+2eM.
ECDSA key fingerprint is MD5:8e:37:01:73:xx:xx:xx:xx:xx:xx:xx:7c:1c:bd:f7:5b.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/server-admins/.ssh/known_hosts).
admin@10.xxx.xx.185'>fasadmin@10.xxx.xx.185's password:

Permission denied, please try again.

  • すべてのノードがデフォルトのSP管理者アカウントにログインできます。

[ ~]$ ssh admin@10.xxx.xx.185
The authenticity of host '10.xxx.xx.185(10.xxx.xx.185)' can't be established.
ECDSA key fingerprint is SHA256:+xANMpHpDEQoLmhd0Kmi1AW2PwHeI5daI3znYbr+2eM.
ECDSA key fingerprint is MD5:8e:37:01:73:xx:xx:xx:xx:xx:xx:xx:7c:1c:bd:f7:5b.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/server-admins/.ssh/known_hosts).
SP new-node-01>     

  • SP-LATEST-SYSLOG SP-DEBUG-MLOG-TXT.GZ とに、SPアカウントプロファイルの同期に失敗したことを示します。

cat /var/log/authlog.1 /var/log/authlog | tail -c 20480
========================================================
Aug  3 14:16:05 (none) sshd[2020]: Invalid user fasadmin from 10.xxx.xx.37 port 56708
Aug  3 14:16:07 (none) sshd[2020]: Failed none for invalid user fasadmin from 10.xxx.xx.37 port 56708 ssh2
Aug  3 14:16:22 (none) sshd[2020]: Failed password for invalid user fasadmin from 10.xxx.xx.37 port 56708 ssh2

2022-08-03 11:20:09.826 [sp_config_0] [rlm_push_config]: sending cluster user refresh command
2022-08-03 11:20:09.826 [sp_config_0] [sp_user_mgmt:info]: sp_cluster_user_update: op 3; action 7 6-update 7-refresh
2022-08-03 11:20:09.826 [sp_config_0] [sp_configd:info]: request queued: cmd 0xb
2022-08-03 11:20:09.826 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_cluster_usr_mgmt_process_msg: received SP_CLUSTER_USER_REFRESH
2022-08-03 11:20:09.826 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_get_cluster_usr_lst: userprofile_all_retry_cnt 10
2022-08-03 11:20:09.826 [sp_configd_pq] [sp_configd:info]: request sent: cmd 0xb
2022-08-03 11:20:09.829 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_get_cluster_usr_lst: Unable to get next [entry doesn't exist]; err 4; userCount 0
2022-08-03 11:20:09.829 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:error]: sp_get_cluster_usr_lst: rpc_error rtn; user count 0

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.