Skip to main content

Coming soon...New Support-Specific categorization of Knowledge Articles in the NetApp Knowledge Base site to improve navigation, searchability and your self-service journey.

NetApp Knowledge Base

Unable to modify the ACL permission after enabled Seal/Signing for MS-LDAP

Last Updated:

Applies to

  • ONTAP 9
  • LDAP


  • Unable to modify ACL permission after enabling LDAP signing/seal
  • The SECD log show LDAP server connection failed:
Failure Summary:
[kern_secd:info:17440] [ 2771] Unable to SASL bind to LDAP server using GSSAPI: Can't contact LDAP server
[kern_secd:info:17440] [ 2777] Successfully connected to ip, port 88 using TCP
[kern_secd:info:17440] [ 2789] Could not authenticate as 'xxxx$': Generic preauthentication failure (KRB5_PREAUTH_FAILED)
[kern_secd:info:17440] [ 2789] Unable to start LDAPS: Can't contact LDAP server

secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver (SVM) are currently accessible via 
the network for LDAP service type (Service: LDAP (Active Directory)
[000.298.509] info : Source: DNS unavailable. Entry for not found in any of the available sources { in SecdCbNsJournal() at src/utils/secd_ns_utils.cpp:96 }
[000.298.704] debug: ldap_sasl_interactive_bind_s returned -2 { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:571 }
[000.298.711] ERR : Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:575 }
[000.298.716] info : Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot determine realm for numeric host address) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:578 }
[000.298.723] ERR : RESULT_ERROR_LDAPSERVER_LOCAL_ERROR:7643 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:582
[000.298.729] ERR : ldapSaslBindGssapi: LDAP Error: (-2): 'Local error':
  • Client presents "The program cannot open the required dialog box because it cannot determine whether the computer named "host" is joined to a domain"


Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device