启用签章 / 签名后,无法修改 ACL 权限 MS-LDAP
适用场景
- ONTAP 9
- LDAP
问题描述
- 启用 LDAP 签名 / 签章后,无法修改 ACL 权限。
- SECD log show ldap server connection failed :
Failure Summary:[kern_secd:info:17440] [ 2771] Unable to SASL bind to LDAP server using GSSAPI: Can't contact LDAP server[kern_secd:info:17440] [ 2777] Successfully connected to ip xxx.xxx.xxx.xx, port 88 using TCP[kern_secd:info:17440] [ 2789] Could not authenticate as 'xxxx$@xxx.xxx.xx.xx.xx': Generic preauthentication failure (KRB5_PREAUTH_FAILED)[kern_secd:info:17440] [ 2789] Unable to start LDAPS: Can't contact LDAP server
secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver (SVM) are currently accessible via
the network for LDAP service type (Service: LDAP (Active Directory)Details:[000.298.509] info : Source: DNS unavailable. Entry for host-address:xxx.xxx.xx.xx not found in any of the available sources { in SecdCbNsJournal() at src/utils/secd_ns_utils.cpp:96 }[000.298.704] debug: ldap_sasl_interactive_bind_s returned -2 { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:571 }[000.298.711] ERR : Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:575 }[000.298.716] info : Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot determine realm for numeric host address) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:578 }[000.298.723] ERR : RESULT_ERROR_LDAPSERVER_LOCAL_ERROR:7643 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:582[000.298.729] ERR : ldapSaslBindGssapi: LDAP Error: (-2): 'Local error':