無効な情報を持つPTRが原因でsecd.conn.auth.failureまたはsecd.ldap.noServers:EMERGENCYエラーが発生する
環境
- ONTAP 9
問題
- LDAP署名/封印で保護されたLDAPサーバ
- EMSログのエラー:
secd.conn.auth.failure:notice
またはsecd.ldap.noServers:EMERGENCY
- サイトディスカバリ:
- EMS:
secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver <VServer Name> are currently accessible via the network
- SecD:
[auth_secd:notice] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
- GPO処理:
SecD
.------------------------------------------------------------------------------.
RPC FAILURE:
secd_rpc_gpo_get_list has failed
Result = 0, RPC Result = 6940
RPC received at Thu Feb 13 09:51:42 2020
------------------------------------------------------------------------------'
FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error
Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Local error)
No servers available for MS_LDAP_AD, vserver: 3, domain: demo.netapp.com.
Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940
- このエラー状態 SPN (LDAP / gc.demo.netapp.com)の詳細は正しくありません(dc1.demo.netapp.com:)。
info : [krb5 context 0991DC00] ccselect can't find appropriate cache for server principal ldap/gc.demo.netapp.com@
注: パケットトレースでは、 TGS-REQ はエラーを返します。 KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN