SSH login to cluster using Trusted domain user times out
Applies to
- ONTAP 9.9.1P9 onwards
- SSH
- Domain-tunnel Authentication
- System Manager
Issue
- When a user from CIFS server trusted domain tries to SSH to ONTAP cluster it times out or takes long time to authenticate.
NOTE : This SSH login timout issue is not seen for users from same domain as the CIFS server domain
- Post upgrade of Ontap, users are not able to login to cluster using domain accounts.
- EMS log shows below error messages being reported :
cluster-01 ALERT security.invalid.login: Failed to authenticate login attempt to Vserver: cluster, username: <trusted_domain>\<user>, application: http.
cluster-01 ERROR secd.dns.server.timed.out: DNS server 1x.xx.x.x did not respond to vserver = svm01 within timeout interval.
cluster-01 ERROR sshd.loginGraceTime.expired: Timeout before password authentication for remote host 10.xx.xx.xx.
::> cifs domain trust show -vserver <svm>
for the data SVM which is used for domain-tunnel fails to show the trusted domain.::> cifs domain trust rediscover -vserver <svm>
fails to discover the trusted domain.-
When authenticating in System Manager, using a Trusted Domain account, System Manager pages are responding slowly and load slowly