Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 4 results
    • Fail to enable Kerberos on a data LIF due to unable to connect AD LDAP
      https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Fail_to_enable_Kerberos_on_a_data_LIF_due_to_unable_to_connect_AD_LDAP
      Fail to enable Kerberos on a data LIF with below error when using the AD as the KDC [ 12] Successfully connected to ip 10.10.10.10, port 88 using TCP **[ 680] FAILURE: Unable to SASL bind to LDAP serv...Fail to enable Kerberos on a data LIF with below error when using the AD as the KDC [ 12] Successfully connected to ip 10.10.10.10, port 88 using TCP **[ 680] FAILURE: Unable to SASL bind to LDAP server using GSSAPI: [ 680] Unable to connect to LDAP (Active Directory) service on [ 680] Unable to make a connection (LDAP (Active Error: command failed: Failed to enable NFS Kerberos on LIF "nfs_data01". Failed to bind service principal name on LIF "nfs_data01". LDAP Error: Local error occurred
    • "Access denied by server while mounting" with NFS Kerberos because SPN missing
      https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Access_denied_by_server_while_mounting_with_NFS_Kerberos_because_SPN_missing
      Applies to ONTAP 9 Kerberos Issue When issuing a mount command from an NFS client in an environment leveraging Kerberos, you may encounter one of the following errors: mount.nfs: access denied by serv...Applies to ONTAP 9 Kerberos Issue When issuing a mount command from an NFS client in an environment leveraging Kerberos, you may encounter one of the following errors: mount.nfs: access denied by server while mounting mount(2): Permission denied
    • Kerberos authentication for NFS fails when the client uses a client UPN rather than a user UPN
      https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Kerberos_authentication_for_NFS_fails_when_the_client_uses_a_client_UPN_rather_than_a_user_UPN
      Client system sending a client UPN(host/<client FQDN>@<KERBEROS REALM>) rather than a user UPN [     6] Trying to map SPN 'host/client1.domain@domain' to UNIX user 'host' using implicit mapping **[   ...Client system sending a client UPN(host/<client FQDN>@<KERBEROS REALM>) rather than a user UPN [     6] Trying to map SPN 'host/client1.domain@domain' to UNIX user 'host' using implicit mapping **[     8] FAILURE: Unable to map Kerberos NFS user 'host/client1.domain@domain' to appropriate UNIX user node1 ERROR secd.kerberos.lookupFailed: Unable to map Kerberos user (host/client1.domain@domain) to appropriate UNIX user on Vserver (vs1).
    • Kerberized NFS clients mount reliably, but lose access mid-day
      https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Kerberized_NFS_clients_mount_reliably_but_lose_access_mid_day
      Applies to ONTAP 9 NFS (Kerberized) Issue Kerberized NFS clients are able to mount reliably, but may lose access after hours of activity, requiring a reboot or manual clearing of the NFS service-ticke...Applies to ONTAP 9 NFS (Kerberized) Issue Kerberized NFS clients are able to mount reliably, but may lose access after hours of activity, requiring a reboot or manual clearing of the NFS service-ticket and ticket-granting-ticket to resume access to the export. Specific errors observed could include the following: Error 13 / NFS4ERR_ACCESS RPCSEC_GSS session expired