EMS で sec.kerberos.clockskin が表示されるときに認証が失敗するため、 CIFS / SMB にアクセスできません
環境
ONTAP 9
問題
secd.kerberos.clockskewEMSに表示された場合に認証に失敗するためCIFS / SMBにアクセスできない- SECD.log
ERR : RESULT_ERROR_SECD_NO_SERVER_AVAILABLE:6940 in secd_rpc_auth_extended_1_svc() at authentication/secd_rpc_auth.cpp:749
debug: SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended { in secdSendRpcResponse() at server/secd_rpc_server.cpp:1405 }
ERR : Error: User authentication procedure failed
ERR : [ 0 ms] Login attempt by domain user 'CIFSLABAdministrator' using NTLMv1 style security
ERR : [ 0] No servers available for MS_NETLOGON, vserver: 3, domain: cifs.lab.netapp.com.
ERR : [ 22] Unable to connect to any of the provided DNS servers
ERR : [ 22] Connecting to NetLogon server a7-6.cifs.lab.netapp.com (172.17.192.24)
ERR : **[ 22] FAILURE: Unexpected state: Error 6810 at file:Common/ProtocolClientLibrary/Dns/DnsOps.cpp func:DnsNameLookup line:715
''' ERR : **[ 33] FAILURE: Cluster and Domain Controller times differ by more than the configured clock skew'''
ERR : [ 104] Unable to connect to a7-6.cifs.lab.netapp.com through the 10.53.21.46 interface
ERR : [ 104] No servers available for MS_NETLOGON, vserver: 3, domain: cifs.lab.netapp.com.
|------------------------------------------------------------------------------.
| RPC completed at Fri Oct 19 08:34:13 2012 |
| End of log for failed RPC secd_rpc_auth_extended |
'------------------------------------------------------------------------------'
- EMSメッセージ
10/18/2012 13:34:59 krbClus-01 ERROR secd.kerberos.clockskew: Kerberos client or node clock skew error (-1765328351).
- パケットトレースの表示
KRB5KRB_AP_ERR_TKT_NYV
A packet trace is only needed from the client to confirm this - we'd see a KRB5 packet:
1778 41.215954 172.17.193.122 10.53.21.46 SMB Session Setup AndX Request
1779 41.227968 10.53.21.46 172.17.193.122 SMB KRB Error: KRB5KRB_AP_ERR_TKT_NYV, Error: STATUS_MORE_PROCESSING_REQUIRED