cifs mount 交替發送錯誤的密碼
簡潔版本:
NETAPP 日誌顯示,從我們的客戶端(debian 8.7,
cifs=2:6.4-1
)機器登錄失敗。也就是說,它就像一次發送好的密碼,然後是一些錯誤的密碼,然後是好的密碼,然後又是錯誤的密碼,等等(參見詳細描述末尾的日誌)。這可能與有 2 個 IP 解析到我們的份額有關嗎?
長版:
我們的 IT 設置了一個使用 AD passwd 身份驗證的 netapp CIFS 共享(例如
//storage.example.domain/share/sub/directory
.要將其安裝在 debian 8 機器上,我們必須使用
nodfs
選項使其辨識子目錄中的共享,這是我在這裡找到的解決方法所以安裝選項
/etc/fstab
是這樣的:
//storage.example.domain/share/sub/directory /local/path cifs auto,username=user,password=pass,domain=EXAMPLE.DOMAIN,uid=localUserId,gid=localUserGid,nodfs,rw
我們必須設置一個本地組/使用者
uid
,gid
因為我們想給 linux 使用者(與 AD 使用者不同)一個組對資源的 RW 訪問權限(我們應該以其他方式執行此操作嗎?)。現在共享在 2 台機器上執行(因此
storage.example.domain
解析為 2 個 ip,例如10.0.0.x
和10.0.0.y
)。在我們的
/etc/fstab
配置中使用 FQDN 安裝共享時,已經存在問題:如果輪詢 DNS 在掛載期間切換 IP,則會導致
no such file or directory
問題。我注意到 cifs 首先解析 IP,然後將其設置為附加掛載選項,然後嘗試再次使用 FQDN 掛載它。此時,如果 rr-dns 已切換,它將崩潰,因為它嘗試使案例如選項訪問-o addr=10.0.0.x
但 fqdnstorage.example.domain
指向addr=10.0.0.y
.所以在實際掛載它時,我們必須希望在掛載過程中 DNS 不會切換。如果沒有發生這種情況,它會起作用並安裝共享。
現在的新問題是,當我們嘗試將大文件寫入共享(>1GB)時,掛載點會崩潰並出現以下錯誤:
root@client.example.domain kernel~# cat /var/log/syslog [...] Apr 13 06:39:42 client.example.domain kernel: [85341.844209] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE Apr 13 06:39:42 client.example.domain kernel: [85341.844219] CIFS VFS: Send error in SessSetup = -13 Apr 13 06:39:42 client.example.domain kernel: [85341.844728] CIFS VFS: cifs_mount failed w/return code = -13 Apr 13 07:09:42 client.example.domain kernel: [87140.888509] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE Apr 13 07:09:42 client.example.domain kernel: [87140.888515] CIFS VFS: Send error in SessSetup = -13 Apr 13 07:09:42 client.example.domain kernel: [87140.888833] CIFS VFS: cifs_mount failed w/return code = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.897198] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.897583] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.897887] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.898176] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.898881] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.899642] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.899945] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.900294] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.901437] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:52 client.example.domain kernel: [87629.901962] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.897772] cifs_vfs_err: 19718 callbacks suppressed Apr 13 07:17:57 client.example.domain kernel: [87634.897776] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.898019] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.898201] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.898414] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.898597] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.898762] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.898929] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.899115] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.899309] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:17:57 client.example.domain kernel: [87634.899474] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.528425] cifs_vfs_err: 15111 callbacks suppressed Apr 13 07:18:03 client.example.domain kernel: [87641.528428] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.529016] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.529310] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.529591] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.529926] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.530197] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.530469] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.530741] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.531038] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:03 client.example.domain kernel: [87641.531295] CIFS VFS: SMB signature verification returned error = -13 Apr 13 07:18:09 client.example.domain kernel: [87646.632693] cifs_vfs_err: 128 callbacks suppressed [...]
在 netapp 端登錄:
10:53:00 Login successful 10:51:02 Login failed (user name correct but the password is wrong) 10:50:31 Login successful 10:50:12 Login failed (user name correct but the password is wrong) 10:49:34 Login successful 10:48:15 Login failed (user name correct but the password is wrong)
我真的不知道如何解決這個問題,而且由於我無法訪問 AD 或 Netapp,它實際上是一個黑盒。有沒有人知道我可以做什麼,或者我可以要求我們的 IT 做什麼?
我終於找到了問題所在。
就是在 ontap 配置中有以下內容
option cifs.smb2.signing.required on
:我們不得不把它變成option cifs.smb2.signing.required off
.正如我們在ontap 官方文件中找到的那樣。
就我而言,我的 Ubuntu 預設使用 SMB1,但我的 Netapp 正在使用 SMB2。我在 fstab 中添加:vers=2.0(或 2.1)