由于无法连接 AD LDAP ，无法在数据 LIF 上启用 Kerberos

最后更新
另存为PDF

Views:: 5

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas<a>AD LDAP</a><a>经身份验证的NFS</a><a>2008652984</a>

Last Updated:

适用场景

ONTAP 9
NFS Kerberos
Active Directory LDAP （ AD LDAP ）
Active Directory 密钥分发中心（ AD KDC ）

问题描述

使用 AD 作为 KDC 时，无法在数据 LIF 上启用 Kerberos ，但出现以下错误

Error: NFS Kerberos bind SPN procedure failed

[ 0 ms] Using account name=NFS-TS01, AD domain=NETAPP.LOCAL,

AD server=10.10.10.10

[ 12] Successfully connected to ip 10.10.10.10, port 88 using TCP

[ 679] Successfully connected to ip 10.10.10.10, port 389 using TCP

**[ 680] FAILURE: Unable to SASL bind to LDAP server using GSSAPI:

** Local error

[ 680] Additional info: SASL(-1): generic failure: GSSAPI Error:

Unspecified GSS failure. Minor code may provide more

information (Cannot determine realm for numeric host

address)

[ 680] Unable to connect to LDAP (Active Directory) service on

ad01.netapp.local (Error: Local error)

[ 680] Unable to make a connection (LDAP (Active

Directory):NETAPP.LOCAL), result: 7643

[ 680] Uncaptured failure while creating account

Error: command failed: Failed to enable NFS Kerberos on LIF "nfs_data01". Failed to bind service principal name on LIF "nfs_data01". LDAP Error: Local error occurred