EMSにsecd.kerberos.clockskewが表示されると認証に失敗し、CIFS/SMBにアクセスできません

最後の更新
PDFとして保存

Views:: 34

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

環境

ONTAP 9

問題

EMSでsecd.kerberos.clockskewが表示されると、認証に失敗するためCIFS/SMBにアクセスできない
一部のCIFS/SMBクライアントで遅延の兆候が見られるが、他のクライアントでは見られない
IPを介した共有へのアクセスは成功するが、ホスト名（\\hostname）またはFQDN（\\hostname.domain.com）を介したアクセスは失敗する
SECD.log

ERR : RESULT_ERROR_SECD_NO_SERVER_AVAILABLE:6940 in secd_rpc_auth_extended_1_svc() at authentication/secd_rpc_auth.cpp:749 debug: SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended { in secdSendRpcResponse() at server/secd_rpc_server.cpp:1405 } ERR : Error: User authentication procedure failed ERR : [ 0 ms] Login attempt by domain user 'CIFSLABAdministrator' using NTLMv1 style security ERR : [ 0] No servers available for MS_NETLOGON, vserver: 3, domain: cifs.lab.netapp.com. ERR : [ 22] Unable to connect to any of the provided DNS servers ERR : [ 22] Connecting to NetLogon server a7-6.cifs.lab.netapp.com (172.17.192.24) ERR : **[ 22] FAILURE: Unexpected state: Error 6810 at file:Common/ProtocolClientLibrary/Dns/DnsOps.cpp func:DnsNameLookup line:715 ''' ERR : **[ 33] FAILURE: Cluster and Domain Controller times differ by more than the configured clock skew''' ERR : [ 104] Unable to connect to a7-6.cifs.lab.netapp.com through the 10.53.21.46 interface ERR : [ 104] No servers available for MS_NETLOGON, vserver: 3, domain: cifs.lab.netapp.com. |------------------------------------------------------------------------------. | RPC completed at Fri Oct 19 08:34:13 2012 | | End of log for failed RPC secd_rpc_auth_extended | '------------------------------------------------------------------------------'

EMS メッセージ

10/18/2012 13:34:59 krbClus-01 ERROR secd.kerberos.clockskew: Kerberos client or node clock skew error (-1765328351).

パケットトレースは KRB5KRB_AP_ERR_TKT_NYV

A packet trace is only needed from the client to confirm this - we'd see a KRB5 packet: 1778 41.215954 172.17.193.122 10.53.21.46 SMB Session Setup AndX Request 1779 41.227968 10.53.21.46 172.17.193.122 SMB KRB Error: KRB5KRB_AP_ERR_TKT_NYV, Error: STATUS_MORE_PROCESSING_REQUIRED