启用签章 / 签名后,无法修改 ACL 权限 MS-LDAP
适用场景
- ONTAP 9
- LDAP
- CIFS/SMB
问题描述
- 启用 LDAP签名/签章后、无法修改ACL权限
- SECD 日志显示 LDAP服务器连接 失败:
Failure Summary:
[kern_secd:info:17440] [ 2771] Unable to SASL bind to LDAP server using GSSAPI: Can't contact LDAP server
[kern_secd:info:17440] [ 2777] Successfully connected to ip xxx.xxx.xxx.xx, port 88 using TCP
[kern_secd:info:17440] [ 2789] Could not authenticate as 'xxxx$@xxx.xxx.xx.xx.xx': Generic preauthentication failure (KRB5_PREAUTH_FAILED)
[kern_secd:info:17440] [ 2789] Unable to start LDAPS: Can't contact LDAP server
secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver (SVM) are currently accessible via
the network for LDAP service type (Service: LDAP (Active Directory)
Details:
[000.298.509] info : Source: DNS unavailable. Entry for host-address:xxx.xxx.xx.xx not found in any of the available sources { in SecdCbNsJournal() at src/utils/secd_ns_utils.cpp:96 }
[000.298.704] debug: ldap_sasl_interactive_bind_s returned -2 { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:571 }
[000.298.711] ERR : Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:575 }
[000.298.716] info : Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot determine realm for numeric host address) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:578 }
[000.298.723] ERR : RESULT_ERROR_LDAPSERVER_LOCAL_ERROR:7643 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:582
[000.298.729] ERR : ldapSaslBindGssapi: LDAP Error: (-2): 'Local error':
- 客户端显示 "程序无法打开所需的对话框、因为它无法确定名为"host"的计算机是否已加入域"