「Required certificate with CA xxxx is not installed」というエラーが表示されてNFSアクセスが失敗する

最後の更新
PDFとして保存

Views:: 14

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

環境

ONTAP 9
LDAP接続を使用してNFSにアクセスする

問題

NFSマウントは問題ありませんが、アクセスに失敗します。
true では、CIFSセキュリティパラメータでLDAPSが設定されています。

::*> vserver cifs security show -vserver svm1_cluster1 Vserver: svm1_cluster1 Kerberos Clock Skew: 5 minutes Kerberos Ticket Age: 10 hours Kerberos Renewal Age: 7 days Kerberos KDC Timeout: 3 seconds Is Signing Required: false Is Password Complexity Required: true Use start_tls for AD LDAP connection: false (DEPRECATED)-Is AES Encryption Enabled: true LM Compatibility Level: lm-ntlm-ntlmv2-krb Is SMB Encryption Required: false Client Session Security: none (DEPRECATED)-SMB1 Enabled for DC Connections: false SMB2 Enabled for DC Connections: system-default LDAP Referral Enabled For AD LDAP connections: false Use LDAPS for AD LDAP connection: true Encryption is required for DC Connections: false AES session key enabled for NetLogon channel: true Try Channel Binding For AD LDAP Connections: true Encryption Types Advertised to Kerberos: aes-256, aes-128, rc4, des

SecDログで「required certificate not installed ：

0000002e. 0003d6e0 00c420a4 Thu Dec 16 2021 09:52:58  09:00 [kern_secd:info:8458]   [     1] No servers available for MS_LDAP_AD, vserver: 3,  domain: domain.com.
 0000002e.0003d6e1 00c420a4 Thu Dec 16 2021 09:52:58  09:00 [kern_secd:info:8458]   [     6]  Hostname found in Name Service Cache
 0000002e.0003d6e2 00c420a4 Thu Dec 16 2021 09:52:58  09:00 [kern_secd:info:8458]   [    12]  Successfully connected to ip 10.XX.XX.XX, port 636 using TCP
 0000002e.0003d6e3 00c420a4 Thu Dec 16 2021 09:52:58  09:00 [kern_secd: info:8458]   [    20] Required certificate with CA RootCA01 is not installed
 0000002e.0003d6e4 00c420a4 Thu Dec 16 2021 09:52: 58  09:00 [kern_secd:info:8458]   [    27] Unable to start LDAPS: Can't contact LDAP server