を使用して CIFS 共有の ACL を設定できません エラー " コンピュータがに接続されているかどうかを判断できません ドメイン "
環境
- ONTAP 9
- CIFS
- Start_TLSまたはLDAPS
- Windows Active Directory 統合 LDAP
問題
- Windows クライアントで Security タブを使用して CIFS 共有の ACL を設定できません。エラーメッセージ:
例:
"The program cannot open the required dialog box because it cannot determine whether the computer named “cifs -server” is joined to a domain. Close this message, and try again."
- SecD のログに「 LDAP TLS」認証エラーが記録される。
例1:
00000013.0076d13a 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.250] debug: LDAP TLS Alert generated is 'fatal:unknown CA'
00000013.0076d13b 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.371] info : Unable to start TLS: Connect error { in ldapInitialize() at src/connection_manager/secd_connection.cpp:2030 }
00000013.0076d13c 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.377] info : Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed { in ldapInitialize() at src/connection_manager/secd_connection.cpp:2033 }
00000013.0076d13d 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.384] ERR : RESULT_ERROR_LDAPSERVER_CONNECT_ERROR:7652 in ldapInitialize() at src/connection_manager/secd_connection.cpp:2042
00000013.0076d13e 094b3eb1 Thu Sep 03 2020 21:57:50 +01:00 [kern_secd:info:14298] | [005.348.390] ERR : ldapInitialize: LDAP Error: (-11): 'Connect error':
例2
00000024.0001e327 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] Failure Summary:
00000024.0001e328 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] Error: Get DC Info procedure failed
00000024.0001e329 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] CIFS Domain Query via LSAR_DS_ROLE_GET_DOMAIN_INFO - Client Ip = XXX.XXX.XXX.XXX User = YYYY\ZZZZZZ
00000024.0001e32a 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] ...
00000024.0001e32b 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] [ 13] Unable to connect to LDAP (Active Directory) service on AAAA.BBBB.CCC.com
00000024.0001e32c 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] [ 13] Successfully connected to ip XXX.XXX.XXX.XXX, port 389 using TCP
00000024.0001e32d 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] [ 17] Required certificate with CA DDDDDD is not installed
00000024.0001e32e 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] [ 17] Unable to start TLS: Connect error