無効なIPを持つPTRが原因で、ONTAP 9でsecd.conn.auth.failure:noticeまたはsecd.ldap.noServers:EMERGENCYエラーが発生します
環境
ONTAP 9
問題
- LDAP サーバは、 LDAP の署名と封印によって保護されています
- EMSログのエラー:
secd.conn.auth.failure:notice
またはsecd.ldap.noServers:EMERGENCY
- サイトディスカバリ:
- EMS
secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver <VServer Name> are currently accessible via the network
- SecD:
[auth_secd:notice] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
- GPO処理:
SecD
.------------------------------------------------------------------------------.
RPC FAILURE:
secd_rpc_gpo_get_list has failed
Result = 0, RPC Result = 6940
RPC received at Thu Feb 13 09:51:42 2020
------------------------------------------------------------------------------'
FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error
Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Local error)
No servers available for MS_LDAP_AD, vserver: 3, domain: demo.netapp.com.
Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940
- このエラー状態SPN (LDAP / gc.demo.netapp.com)の詳細は正しくありません(dc1.demo.netapp.com:)
info : [krb5 context 0991DC00] ccselect can't find appropriate cache for server principal ldap/gc.demo.netapp.com@
注: パケットトレースで は、TGS-REQ はエラーを返します KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN