跳转到主内容

由于 LDAP 模式不正确, LDAP 客户端 UNIX 用户名转换失败

Views:
10
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>LDAP</a><a>2008866698</a><a>LDAP模式</a>
Last Updated:

适用场景

  • ONTAP 9
  • LDAP 模式
  • Windows AD LDAP

问题描述

使用 Microsoft Active Directory LDAP 作为目录存储时, ONTAP 无法检索 UNIX 用户凭据。
 
::>set advanced
::*>vserver services access-check authentication show-creds -node <node> -vserver <svm> -unix-user-name <unix-user>
 
SecD 日志显示以下错误
[kern_secd:info:15834] Error: Get user credentials procedure failed
[kern_secd:info:15834] [ 38] Retrieved CIFS credentials via S4U2Self for full Windows user name 'test@NTAP.LOCAL'
[kern_secd:info:15834] [ 88] Trying to map 'NTAP\TEST' to UNIX user 'test' using implicit mapping
[kern_secd:info:15834] [ 101] Hostname found in Name Service Cache
[kern_secd:info:15834] [ 101] Resolved LDAP servers: 10.10.10.130. Vserver: 2
[kern_secd:info:15834] [ 101] Failed to initiate Kerberos authentication. Trying NTLM.
[kern_secd:info:15834] [ 102] Successfully connected to ip 10.10.10.130, port 3268 using TCP
[kern_secd:info:15834] **[ 109] FAILURE: User 'test' not found in UNIX authorization source LDAP.
[kern_secd:info:15834] [ 109] Entry for user-name: test not found in the current source: LDAP. Entry for user-name: test not found in any of the available sources
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.