クラスタSVMをActive Directory LDAPで認証できません
環境
- ONTAP 9
- クラスタSVM
- Active Directory LDAPの略
問題
- クラスタSVM用に設定されたMicrosoft AD LDAP認証で、ONTAP がUNIXユーザクレデンシャルを取得できません
::> set advanced
::*> vserver services name-service getxxbyyy getpwbyname -node node1 -vserver ClusterSVM -username ntaptest -show-source true -use-cache false
Error: command failed: Failed to resolve ntaptest. Reason: Entry not found for "username: ntaptest
- SecDログに次のイベントが表示されます
Error: Acquire UNIX credentials procedure failed
Entry for user-name: ntaptest not found in the current
source: FILES. Ignoring and trying next available source
[ 6] Using a cached connection to dc01.netapp.local
[ 3301] FAILURE: User 'ntaptest' not found in UNIX authorization source LDAP.
[ 3301] Entry for user-name: ntaptest not found in the current
source: LDAP. Entry for user-name: ntaptest not found in any of the available sources
[ 3303] Unable to retrieve UID for UNIX user ntaptest
Error: command failed: Failed to resolve user name to a UNIX ID. Reason: "SecD Error: object not found".
- UID、uidNumber、gidNumberは、PowerShellを使用してActive DirectoryからUNIX属性を照会するときに動作しません
PS Z:\> get-ADuser <user>-Properties * | select SamAccountName,gidnumber,uidNumber,uid