メインコンテンツへスキップ

DCの複数のPTRレコードが原因のsecd.ldap.noServers

  1. 最後の更新
  2. PDFとして保存
Views:
62
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>2009455552.</a>
Last Updated:

環境

  • ONTAP 9
  • CIFS
  • MS-LDAP/AD-LDAP
  • Kerberos

問題

  • EMS:
::> event log show -event *secd.ldap.noServers* -severity *
Time         Node       Severity    Event
------------------- ---------------- ------------- ---------------------------
3/20/2023 13:47:47  cluster-n02   EMERGENCY   secd.ldap.noServers: None of the LDAP servers configured for Vserver (svm1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
3/20/2023 13:47:35  cluster-n01   EMERGENCY   secd.ldap.noServers: None of the LDAP servers configured for Vserver (svm1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
  • または、get-dc-infoが断続的に失敗します。
::> set adv
Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y
 
::*> vserver services access-check authentication get-dc-info -node cluster-n01 -vserver svm1
Error: command failed: RPC call to SecD failed. RPC: "SecD Error: no server
available".  Reason: "".
  • SecDログには、LDAPサーバへのSASLバインドが失敗したことが表示されます。
[kern_secd:info:9440] | [000.039.193]  debug:  ldap_sasl_interactive_bind_s returned -2  { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:666 }
[kern_secd:info:9440] | [000.039.200]  ERR  :  Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:670 }
[kern_secd:info:9440] | [000.039.210]  info :  Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:673 }
[kern_secd:info:9440] | [000.039.216]  ERR  :  RESULT_ERROR_LDAPSERVER_LOCAL_ERROR:7643 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:677
[kern_secd:info:9440] | [000.039.221] ERR  :  ldapSaslBindGssapi: LDAP Error: (-2): 'Local error':
  • getXXbyYY gethostbyaddrは、複数回実行するとDC IPの異なるホスト名を返します。
::*> vserver services name-service getxxbyyy gethostbyaddr -node cluster-n01 -vserver svm1 -ipaddress 10.xx.xx.245
(vserver services name-service getxxbyyy gethostbyaddr)
IP address: 10.xx.xx.245
Host name: india10.naslab.local
Alias: NASLAB.naslab.local
Alias: gc._msdcs.naslab.local
 
::*> vserver services name-service getxxbyyy gethostbyaddr -node cluster-n01 -vserver svm1 -ipaddress 10.xx.xx.245
IP address: 10.xx.xx.245
Host name: NASLAB.naslab.local
Alias: india10.naslab.local
Alias: gc._msdcs.naslab.local
 
::*> vserver services name-service getxxbyyy gethostbyaddr -node cluster-n01 -vserver svm1 -ipaddress 10.xx.xx.245
IP address: 10.xx.xx.245
Host name: gc._msdcs.naslab.local
Alias: india10.naslab.local
Alias: NASLAB.naslab.local

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.