跳转到主内容

由于缺少用户或计算机帐户的属性, LDAP 服务器将标记为不可用

Views:
5
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

适用场景

ONTAP 9

问题描述

  • 由于缺少用户或计算机帐户的属性信息, LDAP 服务器将标记为不可用。
  • 已配置 LDAP 客户端,并且 ns 交换机将 LDAP 作为 passwd 和 group 查找的源

CDOT::*> ns-switch  show -vserver svm1
                Source
Vserver      Database     Order
--------------- ------------   ---------
svm1       hosts      files,
                dns
svm1       group     files,  
                ldap  <<<<<<
svm1       passwd     files,
                ldap  <<<<<< 
svm1       netgroup     files
svm1       namemap     files

CDOT::*> ldap client  show -vserver svm1
     Client     LDAP       Active Directory        Minimum
Vserver Configuration Servers      Domain       Schema    Bind Level
------- ------------- --------------- ----------------- ----------- ----------
svm1   ldap1      -         naslab.local    AD-SFU    sasl

  • 对用户或计算机帐户执行查询后, vserver cifs domain discovered-servers show 会将 LDAP 服务器显示为 " 不可用 " 。

CDOT::*> diag secd authentication show-creds -vserver svm1 -node CDOT-01 -win-name naslab\india-dc1$
 UNIX UID: pcuser <> Windows User: NASLAB\INDIA-DC1$ (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:
  pcuser

 Primary Group SID: NASLAB\Domain Controllers (Windows Domain group)

 Windows Membership:
  NASLAB\Domain Controllers (Windows Domain group)
  NASLAB\Denied RODC Password Replication Group (Windows Alias)
  NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS (Windows Well known group)
  Service asserted identity (Windows Well known group)
 User is also a member of Authenticated Users, Network Users, and Everyone

 Privileges (0x2000):
  SeChangeNotifyPrivilege

CDOT::*> vserver  cifs domain  discovered-servers show -vserver svm1
Node: CDOT-01
Vserver: svm1

Domain Name    Type    Preference DC-Name      DC-Address    Status
--------------- -------- ---------- --------------- --------------- ---------
""       LDAP    adequate   india-dc1     10.216.41.190   undetermined
""       LDAP    adequate   india-dc2     10.216.41.191   undetermined
""       LDAP    adequate   india-dc3     10.216.41.30   undetermined
""       LDAP    adequate   windowslds    10.216.41.29   unavailable  <<<<<<<<<<<<<
naslab.local   MS-DC   adequate   india-dc1     10.216.41.190   undetermined
naslab.local   MS-DC   adequate   india-dc2     10.216.41.191   undetermined
naslab.local   MS-DC   adequate   india-dc3     10.216.41.30   undetermined
naslab.local   MS-DC   adequate   windowslds    10.216.41.29   OK

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.