Intermittent CIFS/SMB Share Access Failures Due to Temporary IP Block from Excessive Invalid Authentication Attempts

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 6,844

Visibility:: Public

Votes:: 4

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9.12.1 or later
CIFS/SMB
Environments using automation or test scripts for share access

Issue

Users are intermittently unable to access CIFS/SMB shares (e.g., using the net use command from Windows clients).
The issue is most frequently observed in environments with machine farms or automated testing.
Authentication failures resolve after about one minute, but the problem recurs and disrupts workflows.
ONTAP 9.12.1 or later EMS reports secd.rpc.authRequest.blocked

secd: secd.rpc.authRequest.blocked:alert]: Too many CIFS authentication attempts with wrong password from client "x.x.x.x" on Vserver "svm1"

secd: secd_rpc_authRequest_blocked_1:alert]: params: {'clientIP': '10.201.149.XXX', 'userName': 'i45260XX', 'domain': 'd-Domain', 'vserverName': 'svm_XXX'}

secd.rpc.authRequest.blocked:Too many CIFS authentication attempts with an invalid password from a client with IP "x.x.x.x", user name "User name" and domain "domain name" on SVM "SVM name".

After the above event occurs, a large number of secd.cifsAuth.problem are logged

secd: secd.cifsAuth.problem:error: vserver (svm1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = x.x.x.x **[ 0] FAILURE: CIFS authentication failed

The error "Client (IP: x.x.x.x) blocked due to continuous attempts with wrong password" is logged in secd.log