Samba

cifs mount 交替發送錯誤的密碼

  • July 10, 2017

簡潔版本:

NETAPP 日誌顯示,從我們的客戶端(debian 8.7,cifs=2:6.4-1)機器登錄失敗。也就是說,它就像一次發送好的密碼,然後是一些錯誤的密碼,然後是好的密碼,然後又是錯誤的密碼,等等(參見詳細描述末尾的日誌)。

這可能與有 2 個 IP 解析到我們的份額有關嗎?

長版:

我們的 IT 設置了一個使用 AD passwd 身份驗證的 netapp CIFS 共享(例如//storage.example.domain/share/sub/directory.

要將其安裝在 debian 8 機器上,我們必須使用nodfs選項使其辨識子目錄中的共享,這是我在這裡找到的解決方法

所以安裝選項/etc/fstab是這樣的:

//storage.example.domain/share/sub/directory /local/path cifs auto,username=user,password=pass,domain=EXAMPLE.DOMAIN,uid=localUserId,gid=localUserGid,nodfs,rw

我們必須設置一個本地組/使用者uidgid因為我們想給 linux 使用者(與 AD 使用者不同)一個組對資源的 RW 訪問權限(我們應該以其他方式執行此操作嗎?)。

現在共享在 2 台機器上執行(因此storage.example.domain解析為 2 個 ip,例如10.0.0.x10.0.0.y)。

在我們的/etc/fstab配置中使用 FQDN 安裝共享時,已經存在問題:

如果輪詢 DNS 在掛載期間切換 IP,則會導致no such file or directory問題。我注意到 cifs 首先解析 IP,然後將其設置為附加掛載選項,然後嘗試再次使用 FQDN 掛載它。此時,如果 rr-dns 已切換,它將崩潰,因為它嘗試使案例如選項訪問-o addr=10.0.0.x但 fqdnstorage.example.domain指向addr=10.0.0.y.

所以在實際掛載它時,我們必須希望在掛載過程中 DNS 不會切換。如果沒有發生這種情況,它會起作用並安裝共享。

現在的新問題是,當我們嘗試將大文件寫入共享(>1GB)時,掛載點會崩潰並出現以下錯誤:

root@client.example.domain kernel~# cat /var/log/syslog    
[...]
Apr 13 06:39:42 client.example.domain kernel: [85341.844209] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Apr 13 06:39:42 client.example.domain kernel: [85341.844219] CIFS VFS: Send error in SessSetup = -13
Apr 13 06:39:42 client.example.domain kernel: [85341.844728] CIFS VFS: cifs_mount failed w/return code = -13
Apr 13 07:09:42 client.example.domain kernel: [87140.888509] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Apr 13 07:09:42 client.example.domain kernel: [87140.888515] CIFS VFS: Send error in SessSetup = -13
Apr 13 07:09:42 client.example.domain kernel: [87140.888833] CIFS VFS: cifs_mount failed w/return code = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.897198] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.897583] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.897887] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.898176] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.898881] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.899642] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.899945] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.900294] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.901437] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.901962] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.897772] cifs_vfs_err: 19718 callbacks suppressed
Apr 13 07:17:57 client.example.domain kernel: [87634.897776] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898019] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898201] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898414] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898597] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898762] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898929] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.899115] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.899309] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.899474] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.528425] cifs_vfs_err: 15111 callbacks suppressed
Apr 13 07:18:03 client.example.domain kernel: [87641.528428] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529016] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529310] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529591] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529926] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.530197] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.530469] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.530741] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.531038] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.531295] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:09 client.example.domain kernel: [87646.632693] cifs_vfs_err: 128 callbacks suppressed
[...]

在 netapp 端登錄:

10:53:00               Login successful
10:51:02               Login failed (user name correct but the password is wrong)
10:50:31               Login successful
10:50:12               Login failed (user name correct but the password is wrong)
10:49:34               Login successful
10:48:15               Login failed (user name correct but the password is wrong)

我真的不知道如何解決這個問題,而且由於我無法訪問 AD 或 Netapp,它實際上是一個黑盒。有沒有人知道我可以做什麼,或者我可以要求我們的 IT 做什麼?

我終於找到了問題所在。

就是在 ontap 配置中有以下內容option cifs.smb2.signing.required on:我們不得不把它變成option cifs.smb2.signing.required off.

正如我們在ontap 官方文件中找到的那樣。

就我而言,我的 Ubuntu 預設使用 SMB1,但我的 Netapp 正在使用 SMB2。我在 fstab 中添加:vers=2.0(或 2.1)

引用自:https://serverfault.com/questions/844319