集群SVM无法使用Active Directory LDAP进行身份验证
适用场景
- ONTAP 9
- 集群SVM
- Active Directory LDAP
问题描述
- 已为集群SVM配置Microsoft AD LDAP身份验证、ONTAP 无法检索UNIX用户凭据
::> set advanced
::*> vserver services name-service getxxbyyy getpwbyname -node node1 -vserver ClusterSVM -username ntaptest -show-source true -use-cache false
Error: command failed: Failed to resolve ntaptest. Reason: Entry not found for "username: ntaptest
- SecD日志显示以下事件
Error: Acquire UNIX credentials procedure failed
Entry for user-name: ntaptest not found in the current
source: FILES. Ignoring and trying next available source
[ 6] Using a cached connection to dc01.netapp.local
[ 3301] FAILURE: User 'ntaptest' not found in UNIX authorization source LDAP.
[ 3301] Entry for user-name: ntaptest not found in the current
source: LDAP. Entry for user-name: ntaptest not found in any of the available sources
[ 3303] Unable to retrieve UID for UNIX user ntaptest
Error: command failed: Failed to resolve user name to a UNIX ID. Reason: "SecD Error: object not found".
- 使用PowerShell从Active Directory查询UNIX属性时、UID、uidNumber、gidNumber为empy
PS Z:\> get-ADuser <user>-Properties * | select SamAccountName,gidnumber,uidNumber,uid