跳转到主内容

由于(强制实施)通道绑定,使用安全 LDAP 的操作失败

Views:
14
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

适用于

  • ONTAP 9
  • Microsoft LDAP Server
  • 安全 LDAP
  • LDAPS
  • Start-TLS

问题

  • 如果操作需要在 ONTAP 和 MS LDAP 服务器之间建立 LDAP 连接(例如更改文件的 ACL ),则操作将失败。
  • 在 EMS 和 SECD 日志中,报告 " 凭据无效 " 事件,这些事件似乎与启动安全 LDAP 连接时失败有关。

EMS 中的事件

secd: secd.conn.auth.failure:notice]: Vserver (<vserver>) could not authenticate over the network to server (). Error: Invalid credentials (Service: LDAP (Active Directory), Operation: SiteDiscovery).
 
SECD 中的事件
 
00000013.007e944b 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] Failure Summary:
00000013.007e944c 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] Error: User authentication procedure failed
00000013.007e944d 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] CIFS SMB2 Share mapping - Client Ip = 1.2.3.4
00000013.007e944e 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] ...
00000013.007e944f 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] [ 9988] Successfully connected to ip 1.2.3.51, port 636 using TCP
00000013.007e9450 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] [ 10202] Unable to start LDAPS: Invalid credentials
00000013.007e9451 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] [ 10202] Additional info: 80090346: LdapErr: DSID-0C090588, comment: AcceptSecurityContext error, data 80090346, v2580
00000013.007e9452 0fc9a7d2 Mon Nov 02 2020 06:14:14 +01:00 [kern_secd:info:8211] [ 10202] Unable to connect to LDAP (Active Directory) service on <server.domain> (Error: Invalid credentials)
up.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support