跳转到主内容

对AD LDAP连接使用通道绑定时、计算机帐户创建失败

Views:
9
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>LDAP通道绑定</a><a>2009年296054</a><a>计算机帐户创建</a>
Last Updated:

适用场景

  • ONTAP 9.10.1及更高版本
  • Active Directory LDAP
  • CIFS 服务器
  • LDAP通道绑定

问题描述

  • LDAP local error 对AD LDAP连接使用通道绑定时、计算机帐户创建失败
cluster1::>vserver active-directory create -account-name svm1 -domain ntap.local -ou OU=test,OU=netapp -vserver svm1
 
In order to create an Active Directory machine account, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "OU=test,OU=netapp" container within the "NTAP.LOCAL" domain.
Enter the user name: <account>
Enter the password:
Error: Machine account creation procedure failed
[20336] Loaded the preliminary configuration.
[ 20361] Successfully connected to ip 10.10.10.11, port 88 using TCP
[20429] Successfully connected to ip 10.10.10.11, port 636 using TCP
[ 20719] Successfully connected to ip 10.10.10.11, port 88 using TCP
[ 20751] FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error
[ 20751] Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)
[ 20753]Unable to start LDAPS: Local error
[ 20753] Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)
[ 20753] Unable to connect to LDAP (Active Directory) service on dc01.ntap.local (Error: Local error)
[ 20753] Unable to make a connection (LDAP (Active Directory):NTAP.LOCAL), result: 7643
Error: command failed: Failed to create the ActiveDirectory machine account "svm01". Reason: LDAP Error: Local error occurred.
 
  • SecD 显示了 使用Spengo 'Invalid credentials"  "local error" 时LDAP SASL绑定失败并出现错误、并报告了使用GSSAPI和通道绑定时的情况
 
00000014.00099b77 0169eaf8 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.526.942]  info :  Successfully connected to ip 10.10.10.11, port 636 using TCP { in _connect() at src/connection_manager/secd_connection_shim.cpp:497 }
00000014.00099b78 0169eaf8 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.619.995]  debug:  ldap_sasl_bind_s returned 49  { in ldapSaslBindSpnego() at src/connection_manager/secd_connection.cpp:774 }
00000014.00099b79 0169eaf8 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.620.026]  ERR  :  RESULT_ERROR_LDAPSERVER_INVALID_CREDENTIALS:7627 in ldapSaslBindSpnego() at src/connection_manager/secd_connection.cpp:780
00000014.00099b7a 0169eaf8 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.620.035]  ERR  :  ldapSaslBindSpnego: LDAP Error: (49): 'Invalid credentials':
00000014.00099b7b 0169eaf8 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.620.517]  debug: Invalid credentials. Trying with SIGN  { in ldapSaslBind() at src/connection_manager/secd_connection.cpp:1010 }
 
00000014.00099c19 0169eb00 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.786.549]  info :  [krb5 context 08CE2E00] Received answer from stream 10.10.10.11:88
00000014.00099c1a 0169eb00 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.786.597]  info :  [krb5 context 08CE2E00] TGS request result: -1765328377/Server not found in Kerberos database
00000014.00099c1b 0169eb00 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.786.830]  ERR  : LDAP SASL bind failed using GSSAPI and channel binding. Error: -2(Local error) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:633 }
00000014.00099c1c 0169eb00 Thu Sep 09 2022 14:40:04 +02:00 [kern_secd:info:10469] | [020.786.836]  debug:  Retrying bind without channel binding  { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:637 }
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.