NFS access fails with error "Required certificate with CA xxxx is not installed"
Applies to
- ONTAP 9
- Use LDAP connections to access NFS
Issue
- NFS mount is fine but access fails.
- LDAPS is set on
truein CIFS security parameter:
::*> vserver cifs security show -vserver svm1_cluster1
Vserver: svm1_cluster1
Kerberos Clock Skew: 5 minutes
Kerberos Ticket Age: 10 hours
Kerberos Renewal Age: 7 days
Kerberos KDC Timeout: 3 seconds
Is Signing Required: false
Is Password Complexity Required: true
Use start_tls for AD LDAP connection: false
(DEPRECATED)-Is AES Encryption Enabled: true
LM Compatibility Level: lm-ntlm-ntlmv2-krb
Is SMB Encryption Required: false
Client Session Security: none
(DEPRECATED)-SMB1 Enabled for DC Connections: false
SMB2 Enabled for DC Connections: system-default
LDAP Referral Enabled For AD LDAP connections: false
Use LDAPS for AD LDAP connection: true
Encryption is required for DC Connections: false
AES session key enabled for NetLogon channel: true
Try Channel Binding For AD LDAP Connections: true
Encryption Types Advertised to Kerberos:
aes-256, aes-128, rc4, des
- Secd log reports as error
required certificate not installed:
0000002e. 0003d6e0 00c420a4 Thu Dec 16 2021 09:52:58 09:00 [kern_secd:info:8458] [ 1] No servers available for MS_LDAP_AD, vserver: 3, domain: domain.com.
0000002e.0003d6e1 00c420a4 Thu Dec 16 2021 09:52:58 09:00 [kern_secd:info:8458] [ 6] Hostname found in Name Service Cache
0000002e.0003d6e2 00c420a4 Thu Dec 16 2021 09:52:58 09:00 [kern_secd:info:8458] [ 12] Successfully connected to ip 10.XX.XX.XX, port 636 using TCP
0000002e.0003d6e3 00c420a4 Thu Dec 16 2021 09:52:58 09:00 [kern_secd: info:8458] [ 20] Required certificate with CA RootCA01 is not installed
0000002e.0003d6e4 00c420a4 Thu Dec 16 2021 09:52: 58 09:00 [kern_secd:info:8458] [ 27] Unable to start LDAPS: Can't contact LDAP server