Skip to main content
NetApp Knowledge Base

Fail to enable Kerberos on a data LIF due to unable to connect AD LDAP

Views:
163
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nfs
Last Updated:

Applies to

  • ONTAP 9
  • NFS Kerberos
  • Active Directory LDAP (AD LDAP)
  • Active Directory Key Distribution Center( AD KDC)

Issue

Fail to enable Kerberos on a data LIF with below error when using the AD as the KDC
 
Error: NFS Kerberos bind SPN procedure failed
[ 0 ms] Using account name=NFS-TS01, AD domain=NETAPP.LOCAL,
AD server=10.10.10.10
[ 12] Successfully connected to ip 10.10.10.10, port 88 using TCP
[ 679] Successfully connected to ip 10.10.10.10, port 389 using TCP
**[ 680] FAILURE: Unable to SASL bind to LDAP server using GSSAPI:
** Local error
[ 680] Additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Cannot determine realm for numeric host
address)
[ 680] Unable to connect to LDAP (Active Directory) service on
ad01.netapp.local (Error: Local error)
[ 680] Unable to make a connection (LDAP (Active
Directory):NETAPP.LOCAL), result: 7643
[ 680] Uncaptured failure while creating account
Error: command failed: Failed to enable NFS Kerberos on LIF "nfs_data01". Failed to bind service principal name on LIF "nfs_data01". LDAP Error: Local error occurred

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support