報警信息:
今日同事反應,域賬號訪問CIFS共享報錯,經查看日誌報錯信息如下所示:
Mon Dec 7 07:53:12 CST [cifs.trace.GSSinfo:info] : AUTH: notice- CIFS - Cannot authenticate with server.Mon Dec 7 07:53:12 CST [cifs.trace.GSSinfo:info] : AUTH: notice- User or Service not found in Kerberos database.Mon Dec 7 07:53:12 CST [cifs.server.infoMsg:info] : CIFS: Warning for server \\DC2: Connection terminated.Mon Dec 7 07:53:12 CST [cifs.trace.GSSinfo:info] : AUTH: notice- CIFS - Cannot authenticate with server.Mon Dec 7 07:53:12 CST [cifs.trace.GSSinfo:info] : AUTH: notice- User or Service not found in Kerberos database.Mon Dec 7 07:53:12 CST [cifs.server.infoMsg:info] : CIFS: Warning for server \\DC1: Connection terminated.Mon Dec 7 07:53:17 CST [nbt.nbss.socketError:error] : NBT: Cannot connect to server 192.168.1.1 over NBSS socket for port 139. Unexpected reply type received: 112. Error 0x16: Invalid argument.Mon Dec 7 07:53:17 CST [auth.trace.authenticateUser.loginRejected:info] : AUTH: Login attempt by user rejected by the domain controller with error 0xc000005e: No Trusted Logon Servers Available - STATUS_NO_LOGON_SERVERS.Mon Dec 7 07:53:48 CST [auth.trace.authenticateUser.loginAccepted:info] : AUTH: Login by NULL user from 192.168.11.16 accepted.Mon Dec 7 07:53:48 CST [auth.trace.authenticateUser.loginTraceIP:info] : AUTH: Login attempt by user lidongni of domain lidongni.com from client machine IT-001 (192.168.11.96).
Cifs domaininfo查看,顯示各PDC連接狀態均爲Broken(壞掉)且沒有連接到任何DC:
原因分析:
系前一天域控制器升級至Windows2008模式造成;
解決方法:
顯然需要升級存儲的操作系統版本才能夠支持,怎麼樣升級了?是否有可升級版本?經查詢是可以升級的,只是不知道是否支持Windows2008域模式;
相關鏈接:
https://kb.netapp.com/index?page=content&id=3011909&pmv=print&impressions=false
FAS3020目前我們使用的版本爲7.0.1R即最低版本,它直接的最高版本系統爲7.3.7P3:
![wpsD5CC.tmp[4]](https://s3.51cto.com/wyfs02/M01/77/44/wKioL1ZmTsPAEkZsAAE3TJdj410474.png "wpsD5CC.tmp[4]")
爲了確認7.3.7P3是否支持Windows2008模式,我查看了關於Netapp的官方文檔說明:
打開NetAPP WEB管理平臺,可以看到對應的鏈接地址:
![wpsD5DD.tmp[4]](https://s3.51cto.com/wyfs02/M02/77/46/wKiom1ZmTlaBthHzAACAS3A0rjQ893.jpg "wpsD5DD.tmp[4]")
http://mysupport.netapp.com/documentation/productsatoz/index.html
![wpsD5ED.tmp[4]](https://s3.51cto.com/wyfs02/M00/77/46/wKiom1ZmTlfRUI0PAACr1LH80CA519.jpg "wpsD5ED.tmp[4]")
http://mysupport.netapp.com/documentation/productlibrary/index.html?productID=30094
![wpsD5FE.tmp[4]](https://s3.51cto.com/wyfs02/M01/77/46/wKiom1ZmTlnhSduGAADSuP-i81o155.jpg "wpsD5FE.tmp[4]")
因爲域服務器的配置與文件權限、共享訪問有關係,所以域控制器對應的文件如下圖所示:
![wpsD60F.tmp[4]](https://s3.51cto.com/wyfs02/M02/77/44/wKioL1ZmTsqR55_GAAHnCWf1l7M743.jpg "wpsD60F.tmp[4]")
【之所以寫得這麼細,是希望給讀者一個思路】支持Windows2008域控制器OK!
![wpsD610.tmp[4]](https://s3.51cto.com/wyfs02/M00/77/44/wKioL1ZmTsyyjXYGAACS6nl3yQ0852.jpg "wpsD610.tmp[4]")
開始升級:
FAS3020 支持的更新文件類型,通過不同版本操作系統更新文件類型不同,Windows的更新文件爲.exe,UNIX爲.tar,也可以通過網絡進行引導修復.e:
![wpsD620.tmp[4]](https://s3.51cto.com/wyfs02/M02/77/46/wKiom1ZmTl6BHPZiAAD4Osa8a5k358.png "wpsD620.tmp[4]")
系統更新可以通過cifs或http等方式進行,我這裏設置一個簡單的HTTP服務器,確保用戶端可以正常訪問HTTP目錄中的文件:
![wpsD631.tmp[4]](https://s3.51cto.com/wyfs02/M00/77/44/wKioL1ZmTtChCn_eAADNF2riQbw464.png "wpsD631.tmp[4]")
F3020> software install http://192.168.1.52/737P3_setup_i.exe software: copying to /etc/software/737P3_setup_i.exe software: 100% file read from location. software: /etc/software/737P3_setup_i.exe has been copied. software: installing software, this could take a few minutes... software: installation completed. Please type download to load the new software and reboot subsequently for changes to take effect. F3020> Mon Dec 7 14:40:13 CST [rc:info]: software: installation completed. F3020> download download: You can cancel this operation by hitting Ctrl-C in the next 6 seconds. download: Depending on system load, it may take many minutes download: to complete this operation. Until it finishes, you will download: not be able to use the console. Mon Dec 7 14:40:30 CST [download.request:notice]: Operator requested download initiated download: Downloading boot device download: Could not verify file checksum. download: Failed to complete download instruction at line number 6 of download download: script file /etc/boot/x86_elf/kernel_256.cmds. F3020> Mon Dec 7 14:40:31 CST [download.requestDoneError:error]: Operator requested download failed.
由於我們沒有NETAPP的官方賬號,讓朋友幫忙下載了一個,結果是:737P3_setup_i.exe,而我們存儲支持的是737P3_setup_e.exe,故在進行更新boot引導的時候出現錯誤警告checksum失敗,因無法從NETAPP官網下載對應的系統版本,故從IBM官網下載了最新版本軟件(google是萬能的);
下載地址:
http://delivery04.dhe.ibm.com/sar/CMA/NAA/059d3/1/
更新操作:
![wpsD632.tmp[4]](https://s3.51cto.com/wyfs02/M01/77/46/wKiom1ZmTmPyLy7GAALnR3uwbrU907.png "wpsD632.tmp[4]")
更新系統版本成功,重新下載boot引導也OK;
![wpsD642.tmp[4]](https://s3.51cto.com/wyfs02/M02/77/46/wKiom1ZmTmuiWHWaAAaHO5-9opk684.png "wpsD642.tmp[4]")
查看域服務器連接正常:
F3020> cifs domaininfo NetBios Domain: lidongni Windows 2003 Domain Name: lidongni.com Type: Windows 2003 Filer AD Site: default-first-site-name Not currently connected to any DCs Preferred Addresses: None Favored Addresses: None Other Addresses: None Connected AD LDAP Server: \\dc2.lidongni.com Preferred Addresses: 192.168.1.1 dc2.lidongni.com Favored Addresses: 192.168.1.2 dc1.lidongni.com
重新CIFS共享服務協議,訪問共享正常,查看對應日誌信息,通過域賬號可以正常訪問!
F3020> cifs restart CIFS local server is running. F3020> Mon Dec 7 17:42:22 CST [nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server. F3020> F3020> Mon Dec 7 17:42:29 CST [auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user lidongni of domain lidongnifrom client machine 192.168.1.99. Mon Dec 7 17:42:30 CST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\DC2. Mon Dec 7 17:42:30 CST [auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: User from 192.168.1.99 authenticated by DC. Mon Dec 7 17:42:30 CST [auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user lidongni to Unix user lidongni. Mon Dec 7 17:42:30 CST [auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user lidongni to Unix user pcuser. Mon Dec 7 17:42:30 CST [auth.trace.authenticateUser.loginAccepted:info]: AUTH: Login by lidongni from 192.168.1.99 accepted. F3020> cifs terminate CIFS local server is shutting down... CIFS local server has shut down...
至此FAS3020修復完成!