のシール / 署名を有効にした後、 ACL 権限を変更できません MS-LDAP
環境
- ONTAP 9
- LDAP
問題
- LDAP署名/封印を有効にしたあとでACL権限を変更できません
- SECD ログ show ldap server connection failed :
Failure Summary:[kern_secd:info:17440] [ 2771] Unable to SASL bind to LDAP server using GSSAPI: Can't contact LDAP server[kern_secd:info:17440] [ 2777] Successfully connected to ip xxx.xxx.xxx.xx, port 88 using TCP[kern_secd:info:17440] [ 2789] Could not authenticate as 'xxxx$@xxx.xxx.xx.xx.xx': Generic preauthentication failure (KRB5_PREAUTH_FAILED)[kern_secd:info:17440] [ 2789] Unable to start LDAPS: Can't contact LDAP server
secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver (SVM) are currently accessible via
the network for LDAP service type (Service: LDAP (Active Directory)Details:[000.298.509] info : Source: DNS unavailable. Entry for host-address:xxx.xxx.xx.xx not found in any of the available sources { in SecdCbNsJournal() at src/utils/secd_ns_utils.cpp:96 }[000.298.704] debug: ldap_sasl_interactive_bind_s returned -2 { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:571 }[000.298.711] ERR : Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:575 }[000.298.716] info : Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot determine realm for numeric host address) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:578 }[000.298.723] ERR : RESULT_ERROR_LDAPSERVER_LOCAL_ERROR:7643 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:582[000.298.729] ERR : ldapSaslBindGssapi: LDAP Error: (-2): 'Local error':- クライアントは、「ホスト」という名前のコンピュータがドメインに参加しているかどうかを判別できないため、必要なダイアログボックスを開くことができません」と表示します。