Fail to enable Kerberos on a data LIF due to unable to connect AD LDAP
Applies to
- ONTAP 9
- NFS Kerberos
- Active Directory LDAP (AD LDAP)
- Active Directory Key Distribution Center( AD KDC)
Issue
Fail to enable Kerberos on a data LIF with below error when using the AD as the KDC
Error: NFS Kerberos bind SPN procedure failed
[ 0 ms] Using account name=NFS-TS01, AD domain=NETAPP.LOCAL,
AD server=10.10.10.10
[ 12] Successfully connected to ip 10.10.10.10, port 88 using TCP
[ 679] Successfully connected to ip 10.10.10.10, port 389 using TCP
**[ 680] FAILURE: Unable to SASL bind to LDAP server using GSSAPI:
** Local error
[ 680] Additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Cannot determine realm for numeric host
address)
[ 680] Unable to connect to LDAP (Active Directory) service on
ad01.netapp.local (Error: Local error)
[ 680] Unable to make a connection (LDAP (Active
Directory):NETAPP.LOCAL), result: 7643
[ 680] Uncaptured failure while creating account
Error: command failed: Failed to enable NFS Kerberos on LIF "nfs_data01". Failed to bind service principal name on LIF "nfs_data01". LDAP Error: Local error occurred