メインコンテンツまでスキップ

LDAP クライアントでの UNIX ユーザ名の変換が正しくないために失敗する

Views:
80
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>LDAP</a><a>2008866698</a><a>LDAPスキーマ</a>
Last Updated:

環境

  • ONTAP 9
  • LDAPスキーマ
  • Windows AD LDAP

問題

ONTAP でディレクトリストアとして Microsoft Active Directory LDAP を使用すると、 UNIX ユーザクレデンシャルを取得できません。
 
::>set advanced
::*>vserver services access-check authentication show-creds -node <node> -vserver <svm> -unix-user-name <unix-user>
 
SecD ログに次のエラーが表示されます
[kern_secd:info:15834] Error: Get user credentials procedure failed
[kern_secd:info:15834] [ 38] Retrieved CIFS credentials via S4U2Self for full Windows user name 'test@NTAP.LOCAL'
[kern_secd:info:15834] [ 88] Trying to map 'NTAP\TEST' to UNIX user 'test' using implicit mapping
[kern_secd:info:15834] [ 101] Hostname found in Name Service Cache
[kern_secd:info:15834] [ 101] Resolved LDAP servers: 10.10.10.130. Vserver: 2
[kern_secd:info:15834] [ 101] Failed to initiate Kerberos authentication. Trying NTLM.
[kern_secd:info:15834] [ 102] Successfully connected to ip 10.10.10.130, port 3268 using TCP
[kern_secd:info:15834] **[ 109] FAILURE: User 'test' not found in UNIX authorization source LDAP.
[kern_secd:info:15834] [ 109] Entry for user-name: test not found in the current source: LDAP. Entry for user-name: test not found in any of the available sources
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.