secd.kerberos.preauth(AD-LDAP サーバーの PTR がないため)
環境
- ONTAP 9
- CIFS
- Kerberos
問題
- CIFSパスワードのリセット後もONTAPイベントログエラーが報告される
secd.kerberos.preauth: A Kerberos pre-authentication failure occurred for SVM "SVM1" due to invalid credentials for SVM1$@DOMAIN.LOCAL.- SECD で Kerberos チケットが見つからずエラーが返されました:
指標例1:
Discovery returned ldap1.domain.local (10.1.2.14)Entry for host-address:10.1.2.14 not found in any of the available sourcesRequesting tickets for ldap/10.1.2.14@domain.local-1765328377/Server not found in Kerberos databaseAD-LDAP sasl bind failed. Trying again with new password指標例2:
NSLIBC: getaddrinfo(), ../../../../../../src/lib/libc/net/getaddrinfo.c:437, Vsid = 3 Hostname received: XXX.XXX.XXX.XXX
NSLIBC: __res_nsend(), ../../../../../../src/lib/libc/resolv/res_send.c:843, Vsid = 3 Connected to XXX.XXX.XXX.XXX for DNS
NSLIBC: log_rcode_and_update_stats(), ../../../../../../src/lib/libc/resolv/res_send.c:489, Vsid = 3 Rcode received from the DNS server(XXX.XXX.XXX.XXX): 3 when querying _kerberos.XXX
NSLIBC: __res_nquery(), ../../../../../../src/lib/libc/resolv/res_query.c:224, Vsid = 3 ;; rcode = (XXX), counts = an:0 ns:1 ar:0
[krb5 context 09F29800] No URI records found
[krb5 context 09F29800] Sending DNS SRV query for _kerberos._udp.XXX- クライアントの表示:
The program cannot open the dialogue box as it cannot determine if the computer named SVM.domain.com is joined to a domain