PowerScale:OneFS: 選擇性驗證:ERROR_AUTHENTICATION_FIREWALL_FAILED

Summary: 由於選擇性驗證,驗證失敗,並顯示錯誤:ERROR_AUTHENTICATION_FIREWALL_FAILED

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

嘗試從受信任網域查詢 Active Directory 物件時,信任網域中的 PowerScale 叢集會產生錯誤。這可能會導致無法將使用者物件新增至共用權限、ACL 等。

下列項目會顯示在 lsass 記錄中:

lsass[85427]: [lsass] Ignoring failure enumerating trusts for forest , <CustomerDomain.com> Error was ERROR_AUTHENTICATION_FIREWALL_FAILED (1935)



執行命令時,可能會出現此錯誤,此錯誤為受信任網域中的使用者物件提供 isi auth 對應權杖:

# isi auth mapping token --user="CustomerDomain.com\\TestUserAccount"
Failed to map user 'CustomerDomain.com\TestUserAccount': No such user



在新增使用者物件以共享權限的範例中出現此錯誤:
 

# isi smb shares permission create --share=ShareName --zone=ZoneName "CustomerDomain.com\\TestUserAccount"
Failed to create persona 'USER:CustomerDomain.com\TestUserAccount'



資料包擷取顯示如下:
 

347 2015-12-02 13:38:59.050609 10.29.1.61 141.119.201.2 KRB5 21 196 KRB Error: KRB5KDC_ERR_POLICY NT Status: Unknown error code 0xc0000413 0.016839



由於在 AD 信任上啟用選擇性身份驗證,因此會出現此問題。選擇性身份驗證是一項功能,域管理員可以藉此以精細的方式管理信任。

信託可以按如下方式進行驗證:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753821(v=ws.11)?redirectedfrom=MSDN

提示:Netdom 提供了解決此問題的最佳輸出。

Cause

選擇性認證會在 Active Directory 網域和信任物件中的相關信任上啟用。以下文章將詳細介紹此功能:

信任的安全注意事項:

https://technet.microsoft.com/en-us/library/cc755321%28v=ws.10%29.aspx

設定選擇性身份驗證設定:

https://technet.microsoft.com/en-us/library/cc755844%28v=ws.10%29.aspx

Resolution

將有問題的使用者或群組新增至允許對叢集物件進行驗證的權限,或根據下列 kb 移除選擇性驗證:

A TGS request for the krbtgt account fails with KDC_ERR_POLICY and an extended status of STATUS_AUTHENTICATION_FIREWALL_FAILED (0xC0000413)

https://support.microsoft.com/en-us/kb/2959395

在信任域或林中的電腦上授予「允許身份驗證」許可權:

https://technet.microsoft.com/en-us/library/cc816733%28v=ws.10%29.aspx
 

Affected Products

PowerScale OneFS

Products

Isilon
Article Properties
Article Number: 000018338
Article Type: Solution
Last Modified: 25 Nov 2025
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.