ONTAP 9.12.1以降にアップグレードした後に多数のsecd.rpc.authRequest.blockedアラートが発生
環境
- ONTAP 9.12.1以降
- CIFS / SMB
問題
- ONTAP 9.12.1以降のEMSレポート
secd.rpc.authRequest.blocked
secd: secd.rpc.authRequest.blocked:alert]: Too many CIFS authentication attempts with wrong password from client "x.x.x.x" on Vserver "svm1"
secd: secd_rpc_authRequest_blocked_1:alert]: params: {'clientIP': '10.201.149.XXX', 'userName': 'i45260XX', 'domain': 'd-Domain', 'vserverName': 'svm_XXX'}
- 上記のイベントが発生すると、大量の
secd.cifsAuth.problemがログに記録されます
secd: secd.cifsAuth.problem:error: vserver (svm1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = x.x.x.x **[ 0] FAILURE: CIFS authentication failed
- エラー「
Client (IP: x.x.x.x) blocked due to continuous attempts with wrong password」がsecd.logに記録されました