简洁版本:
NETAPP 日志显示,从我们的客户端 (debian 8.7, cifs=2:6.4-1
) 机器登录时会交替失败。例如,它就像是一次发送好密码,然后发送一些错误密码,然后再次发送好密码,然后再次发送错误密码,等等(请参阅详细描述末尾的日志)。
这可能与有 2 个 IP 解析我们的共享有关吗?
长版本:
我们的 IT 部门已设置了一个使用 AD 密码验证的 netapp CIFS 共享(例如//storage.example.domain/share/sub/directory
。
要将其安装到 Debian 8 机器上,我们必须使用nodfs
选项使其识别子目录中的共享,这是我找到的一种解决方法这里
因此挂载选项/etc/fstab
如下:
//storage.example.domain/share/sub/directory /local/path cifs auto,username=user,password=pass,domain=EXAMPLE.DOMAIN,uid=localUserId,gid=localUserGid,nodfs,rw
我们必须设置uid
并gid
设置为本地组/用户,因为我们想授予 Linux 用户(与 AD 用户不同)对资源的组 RW 访问权限(我们应该以其他方式执行此操作吗?)。
现在共享在 2 台机器上运行(因此storage.example.domain
解析为 2 个 ips,例如10.0.0.x
和10.0.0.y
)。
当使用我们的配置中的 FQDN 挂载共享时/etc/fstab
,已经出现了一个问题:
如果循环 DNS 在挂载期间切换 IP,则会导致问题no such file or directory
。我注意到 cifs 首先解析 IP,然后将其设置为附加挂载选项,然后尝试再次使用 FQDN 挂载它。此时,如果 rr-dns 已切换,它将崩溃,因为它尝试使用选项进行访问,-o addr=10.0.0.x
但 fqdnstorage.example.domain
指向addr=10.0.0.y
。
因此,在实际安装时,我们必须希望DNS 不会在挂载期间切换。如果没有发生这种情况,则表示它可以正常工作并且共享已挂载。
现在的新问题是,当我们尝试将大文件写入共享(> 1GB)时,挂载点崩溃并出现以下错误:
[email protected] kernel~# cat /var/log/syslog
[...]
Apr 13 06:39:42 client.example.domain kernel: [85341.844209] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Apr 13 06:39:42 client.example.domain kernel: [85341.844219] CIFS VFS: Send error in SessSetup = -13
Apr 13 06:39:42 client.example.domain kernel: [85341.844728] CIFS VFS: cifs_mount failed w/return code = -13
Apr 13 07:09:42 client.example.domain kernel: [87140.888509] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Apr 13 07:09:42 client.example.domain kernel: [87140.888515] CIFS VFS: Send error in SessSetup = -13
Apr 13 07:09:42 client.example.domain kernel: [87140.888833] CIFS VFS: cifs_mount failed w/return code = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.897198] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.897583] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.897887] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.898176] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.898881] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.899642] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.899945] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.900294] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.901437] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:52 client.example.domain kernel: [87629.901962] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.897772] cifs_vfs_err: 19718 callbacks suppressed
Apr 13 07:17:57 client.example.domain kernel: [87634.897776] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898019] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898201] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898414] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898597] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898762] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.898929] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.899115] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.899309] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:17:57 client.example.domain kernel: [87634.899474] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.528425] cifs_vfs_err: 15111 callbacks suppressed
Apr 13 07:18:03 client.example.domain kernel: [87641.528428] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529016] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529310] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529591] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.529926] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.530197] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.530469] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.530741] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.531038] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:03 client.example.domain kernel: [87641.531295] CIFS VFS: SMB signature verification returned error = -13
Apr 13 07:18:09 client.example.domain kernel: [87646.632693] cifs_vfs_err: 128 callbacks suppressed
[...]
登录netapp端:
10:53:00 Login successful
10:51:02 Login failed (user name correct but the password is wrong)
10:50:31 Login successful
10:50:12 Login failed (user name correct but the password is wrong)
10:49:34 Login successful
10:48:15 Login failed (user name correct but the password is wrong)
我真的不知道该如何解决这个问题,而且由于我无法访问 AD 或 Netapp,所以这真的是一个黑匣子。有人知道我可以做什么,或者我可以要求我们的 IT 部门做什么吗?
答案1
我终于找到了问题所在。
那是在 ontap 配置中有以下内容:option cifs.smb2.signing.required on
。我们必须将其转变为option cifs.smb2.signing.required off
。
正如我们发现的ontap 官方文档。
答案2
就我而言,我的 Ubuntu 默认使用 SMB1,但我的 Netapp 使用 SMB2。我在 fstab 中添加:vers=2.0(或 2.1)