由于AD-LDAP服务器缺少PTR、导致secd.keros.preauth
适用场景
- ONTAP 9
- CIFS
- Kerberos
问题描述
- 即使在CIFS密码重置后、也报告ONTAP事件日志错误
secd.kerberos.preauth: A Kerberos pre-authentication failure occurred for SVM "SVM1" due to invalid credentials for SVM1$@DOMAIN.LOCAL.- 在SECD中、找不到Kerberos票证、并返回错误:
示例指标1:
Discovery returned ldap1.domain.local (10.1.2.14)Entry for host-address:10.1.2.14 not found in any of the available sourcesRequesting tickets for ldap/10.1.2.14@domain.local-1765328377/Server not found in Kerberos databaseAD-LDAP sasl bind failed. Trying again with new password示例指标2:
NSLIBC: getaddrinfo(), ../../../../../../src/lib/libc/net/getaddrinfo.c:437, Vsid = 3 Hostname received: XXX.XXX.XXX.XXX
NSLIBC: __res_nsend(), ../../../../../../src/lib/libc/resolv/res_send.c:843, Vsid = 3 Connected to XXX.XXX.XXX.XXX for DNS
NSLIBC: log_rcode_and_update_stats(), ../../../../../../src/lib/libc/resolv/res_send.c:489, Vsid = 3 Rcode received from the DNS server(XXX.XXX.XXX.XXX): 3 when querying _kerberos.XXX
NSLIBC: __res_nquery(), ../../../../../../src/lib/libc/resolv/res_query.c:224, Vsid = 3 ;; rcode = (XXX), counts = an:0 ns:1 ar:0
[krb5 context 09F29800] No URI records found
[krb5 context 09F29800] Sending DNS SRV query for _kerberos._udp.XXX