跳转到主内容

CONAP-81008:发生LDAP SASL绑定延迟或失败

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
NAS
Last Updated:

问题描述

  • Clients may not be able to modify NTFS permissions on files on the CIFS share
  • ONTAP EMS log reports:

secd.dns.server.timed.out:error secd.ldap.sasl.bind.delayed:error secd.ldap.sasl.bind.delayed:error secd.ldap.noServers:EMERGENCY

  • In SecD logs ONTAP attempts to look up the node name in DNS and receives a DNS NXDOMAIN error:

Failed to connect to XXX.XX.X.XXX for DNS via Source Address XXX.XXX.X.XX: Operation timed out Entry for host-name: Cluster01-node1 not found in any of the available sources

  • During a simple and SASL bind, ONTAP reaches out to the DNS server to resolve the node name which might lead to an LDAP SASL bind delay or failure.
  • EMS log:

[node_01: secd: secd.dns.server.timed.out:error]: DNS server 10.10.XX.XX did not respond to vserver = vserver_1 within timeout interval. [node_01: secd: secd.ldap.sasl.bind.delayed:error]: LDAP SASL bind taking longer time on server "10.110.10.41" for Vserver "vserver_1". [node_01: secd: secd.ldap.sasl.bind.delayed:error]: LDAP SASL bind taking longer time on server "10.110.10.42" for Vserver "vserver_1". [node_01: secd: secd.ldap.sasl.bind.delayed:error]: LDAP SASL bind taking longer time on server "10.110.10.43" for Vserver "vserver_1". [node_01: secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver (vserver_1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: ADgetClaimName). *

  • SECD logs shows ONTAP doing queries to DNS domain.corp.testdomain.com and failing since there was no DNS record in DNS server:

ERR : LDAP SASL bind taking long time(6 secs) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:653 } debug: Vserver's operational state: running { in isVserverRunning() at src/configuration_manager/secd_configuration_manager.cpp:2807 } debug: Logged secd.ldap.sasl.bind.delayed to EMS { in logEmsEventForLdapError() at src/utils/secd_ems_utils.cpp:534 } ERR : RESULT_ERROR_LDAPSERVER_SASL_BIND_TIMEOUT:7660 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:661 ERR : RESULT_ERROR_LDAPSERVER_SASL_BIND_TIMEOUT:7660 in ldapSaslBind() at src/connection_manager/secd_connection.cpp:1129 ERR : RESULT_ERROR_LDAPSERVER_SASL_BIND_TIMEOUT:7660 in ldapConnectAD() at src/connection_manager/secd_connection.cpp:1255 ERR : RESULT_ERROR_LDAPSERVER_SASL_BIND_TIMEOUT:7660 in connect() at src/connection_manager/secd_connection.cpp:2517 info : Unable to start LDAPS: (null) { in connect() at src/connection_manager/secd_connection.cpp:2647 } debug: LDAP TLS Alert generated is 'warning:close notify' info : Unable to connect to LDAP (Active Directory) service on domain.corp.testdomain.com { in addFailedConnectionJournal() at src/connection_manager/secd_connection_manager.cpp:553 } ERR : RESULT_ERROR_LDAPSERVER_SASL_BIND_TIMEOUT:7660 in makeConnectionAttempt() at src/connection_manager/secd_connection_manager.cpp:1033

  • This problem occurs when a timeout occurs, so it is not a permanent event.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.