信息无效的PTR导致secd.conn.auth.failure或secd.ldap.noServers:EMERGENCY错误

适用场景

• ONTAP 9

问题描述

• LDAP服务器通过LDAP签名和/或签章进行保护
• EMS日志中存在错误： secd.conn.auth.failure:notice 或secd.ldap.noServers:EMERGENCY
• 站点发现：
• EMS：

secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver <VServer Name> are currently accessible via the network

• SECD：

[auth_secd:notice] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)

• GPO处理：

SECD

.------------------------------------------------------------------------------.
                                 RPC FAILURE:
                       secd_rpc_gpo_get_list has failed
                        Result = 0, RPC Result = 6940
                   RPC received at Thu Feb 13 09:51:42 2020
------------------------------------------------------------------------------'

FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error
Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)
Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Local error)
No servers available for MS_LDAP_AD, vserver: 3, domain: demo.netapp.com.
Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940

• 此错误状态 SPN (ldap/gc.demo.netapp.com)的详细信息不正确(dc1.demo.netapp.com:

info : [krb5 context 0991DC00] ccselect can't find appropriate cache for server principal ldap/gc.demo.netapp.com@

注意： 在数据包跟踪中 、TGS-REQ 返回错误 KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN