Skip to main content
NetApp Knowledge Base

Fail to enable Kerberos on a data LIF due to unable to connect AD LDAP

Views:
1,217
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nfs
Last Updated:

Applies to

  • ONTAP 9
  • NFS Kerberos
  • Active Directory LDAP (AD LDAP)
  • Active Directory Key Distribution Center( AD KDC)

Issue

Fail to enable Kerberos on a data LIF with below error when using the AD as the KDC
 
Error: NFS Kerberos bind SPN procedure failed
[ 0 ms] Using account name=NFS-TS01, AD domain=NETAPP.LOCAL,
AD server=10.10.10.10
[ 12] Successfully connected to ip 10.10.10.10, port 88 using TCP
[ 679] Successfully connected to ip 10.10.10.10, port 389 using TCP
**[ 680] FAILURE: Unable to SASL bind to LDAP server using GSSAPI:
** Local error
[ 680] Additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Cannot determine realm for numeric host
address)
[ 680] Unable to connect to LDAP (Active Directory) service on
ad01.netapp.local (Error: Local error)
[ 680] Unable to make a connection (LDAP (Active
Directory):NETAPP.LOCAL), result: 7643
[ 680] Uncaptured failure while creating account
Error: command failed: Failed to enable NFS Kerberos on LIF "nfs_data01". Failed to bind service principal name on LIF "nfs_data01". LDAP Error: Local error occurred

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device