由于 LDAP 架构不正确，LDAP 客户端 UNIX 用户查找失败

最后更新
另存为PDF

Views:: 59

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

适用于

ONTAP 9
LDAP 架构
Windows AD LDAP

问题描述

使用 Microsoft Active Directory LDAP 作为目录存储，ONTAP 无法检索 UNIX 用户凭据

::> set advanced

::*> vserver services access-check authentication show-creds -node <node_name> -vserver <svm_name> -win-name DOMAIN\Name

SecD 日志显示以下错误

示例

[kern_secd:info:15834] Error: Get user credentials procedure failed

[kern_secd:info:15834] [ 38] Retrieved CIFS credentials via S4U2Self for full Windows user name 'test@NTAP.LOCAL'

[kern_secd:info:15834] [ 88] Trying to map 'NTAP\TEST' to UNIX user 'test' using implicit mapping

[kern_secd:info:15834] [ 101] Hostname found in Name Service Cache

[kern_secd:info:15834] [ 101] Resolved LDAP servers: 10.10.10.130. Vserver: 2

[kern_secd:info:15834] [ 101] Failed to initiate Kerberos authentication. Trying NTLM.

[kern_secd:info:15834] [ 102] Successfully connected to ip 10.10.10.130, port 3268 using TCP

[kern_secd:info:15834] **[ 109] FAILURE: User 'test' not found in UNIX authorization source LDAP.

[kern_secd:info:15834] [ 109] Entry for user-name: test not found in the current source: LDAP. Entry for user-name: test not found in any of the available sources