CIFS Access Denied When Clients Access CIFS Share through Azure Load Balancer

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 389

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
Azure load balancer
Cloud volumes ONTAP

Issue

Mount CIFS shares over Azure Load Balancer can sometimes result in frequent access denial issues.

If attempts to mount CIFS share from Linux client:

mount error(13): Permission denied

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Packet trace shows:

huge amount of session setup requests are failing due to the wrong password

13347 2023-09-28 15:18:25.445511 10.x.x.xxx 10.y.y.yyy SMB2 442 0 Session Setup Request, NTLMSSP_AUTH, User: \xxxyy 13353 2023-09-28 15:18:25.486377 10.y.y.yyy 10.x.x.xxx SMB2 143 0 Session Setup Response, Error: STATUS_WRONG_PASSWORD

After a while, all the CIFS session setup requests are fused by ONTAP directly.

15251 2023-09-28 15:18:57.021952 10.x.x.xxx 10.y.y.yyy SMB2 202 0 Session Setup Request, NTLMSSP_NEGOTIATE 15252 2023-09-28 15:18:57.022256 10.y.y.yyy 10.x.x.xxx SMB2 143 0 Session Setup Response, Error: STATUS_LOGON_FAILURE

The Secd log records error:

ERR  :  Client (IP: 10.x.x.yyy) blocked due to continuous attempts with wrong password.  { in preventBogusAuthRequest() at src/authentication/secd_rpc_auth.cpp:1401 }

...

ERR  :  CIFS authentication failed { in secd_rpc_auth_extended_1_svc_secd() at src/authentication/secd_rpc_auth.cpp:1538 }