由于 LDAP 模式不正确, LDAP 客户端 UNIX 用户名转换失败
适用场景
- ONTAP 9
- LDAP 模式
- Windows AD LDAP
问题描述
使用 Microsoft Active Directory LDAP 作为目录存储时, ONTAP 无法检索 UNIX 用户凭据。
::>set advanced
::*>vserver services access-check authentication show-creds -node <node>
-vserver <svm>
-unix-user-name <unix-user>
SecD 日志显示以下错误
[
kern_secd:info:15834] Error: Get user credentials procedure failed
[kern_secd:info:15834] [ 38] Retrieved CIFS credentials via S4U2Self for full Windows user name 'test@NTAP.LOCAL'
[kern_secd:info:15834] [ 88] Trying to map 'NTAP\TEST' to UNIX user 'test' using implicit mapping
[kern_secd:info:15834] [ 101] Hostname found in Name Service Cache
[kern_secd:info:15834] [ 101] Resolved LDAP servers: 10.10.10.130. Vserver: 2
[kern_secd:info:15834] [ 101] Failed to initiate Kerberos authentication. Trying NTLM.
[kern_secd:info:15834] [ 102] Successfully connected to ip 10.10.10.130, port 3268 using TCP
[kern_secd:info:15834] **[ 109] FAILURE: User 'test' not found in UNIX authorization source LDAP.
[kern_secd:info:15834] [ 109] Entry for user-name: test not found in the current source: LDAP. Entry for user-name: test not found in any of the available sources