跳转到主内容

由于缺少用户或计算机帐户的属性, LDAP 服务器将标记为不可用

Views:
1
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

适用场景

ONTAP 9

问题描述

  • 由于缺少用户或计算机帐户的属性信息, LDAP 服务器将标记为不可用。
  • 已配置 LDAP 客户端,并且 ns 交换机将 LDAP 作为 passwd 和 group 查找的源

CDOT::*> ns-switch  show -vserver svm1
                Source
Vserver      Database     Order
--------------- ------------   ---------
svm1       hosts      files,
                dns
svm1       group     files,  
                ldap  <<<<<<
svm1       passwd     files,
                ldap  <<<<<< 
svm1       netgroup     files
svm1       namemap     files

CDOT::*> ldap client  show -vserver svm1
     Client     LDAP       Active Directory        Minimum
Vserver Configuration Servers      Domain       Schema    Bind Level
------- ------------- --------------- ----------------- ----------- ----------
svm1   ldap1      -         naslab.local    AD-SFU    sasl

  • 对用户或计算机帐户执行查询后, vserver cifs domain discovered-servers show 会将 LDAP 服务器显示为 " 不可用 " 。

CDOT::*> diag secd authentication show-creds -vserver svm1 -node CDOT-01 -win-name naslab\india-dc1$
 UNIX UID: pcuser <> Windows User: NASLAB\INDIA-DC1$ (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:
  pcuser

 Primary Group SID: NASLAB\Domain Controllers (Windows Domain group)

 Windows Membership:
  NASLAB\Domain Controllers (Windows Domain group)
  NASLAB\Denied RODC Password Replication Group (Windows Alias)
  NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS (Windows Well known group)
  Service asserted identity (Windows Well known group)
 User is also a member of Authenticated Users, Network Users, and Everyone

 Privileges (0x2000):
  SeChangeNotifyPrivilege

CDOT::*> vserver  cifs domain  discovered-servers show -vserver svm1
Node: CDOT-01
Vserver: svm1

Domain Name    Type    Preference DC-Name      DC-Address    Status
--------------- -------- ---------- --------------- --------------- ---------
""       LDAP    adequate   india-dc1     10.216.41.190   undetermined
""       LDAP    adequate   india-dc2     10.216.41.191   undetermined
""       LDAP    adequate   india-dc3     10.216.41.30   undetermined
""       LDAP    adequate   windowslds    10.216.41.29   unavailable  <<<<<<<<<<<<<
naslab.local   MS-DC   adequate   india-dc1     10.216.41.190   undetermined
naslab.local   MS-DC   adequate   india-dc2     10.216.41.191   undetermined
naslab.local   MS-DC   adequate   india-dc3     10.216.41.30   undetermined
naslab.local   MS-DC   adequate   windowslds    10.216.41.29   OK

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device