Extended authentication fails and access is denied with LDAPS with error 'certificate is not yet valid'
Applies to
- ONTAP 9
- NFS
- LDAPS
- Extended Authentication
Issue
- Fails to access NFS volume when extended authentication is enabled.
- EMS reports the following error:
NODE01: secd: secd.nfsAuth.noUnixCreds:error]: Vserver "svm" cannot determine UNIX identity. Error: Acquire UNIX extended credentials procedure failed [ 2 ms] Entry for user-id: 12345 not found in the current source: FILES. Ignoring and trying next available source [ 2] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 4, domain: . [ 3] Hostname found in Name Service Cache [ 3] IP Address found in Name Service Cache [ 3] Resolved LDAP servers: 1.2.3.4. Vserver: 4 [ 3] Failed to initiate Kerberos authentication. Trying NTLM. [ 21] Successfully connected to ip 1.2.3.4, port 636 using TCP [ 46] Unable to start LDAPS: Can't contact LDAP server [ 46] Additional info: error:0A000086:SSL routines::certificate verify failed (certificate is not yet valid) [ 46] Unable to connect to LDAP (NIS & Name Mapping) service on ldap.domain.local (Error: Can't contact LDAP server) [ 46] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 4, domain: . **[ 46] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE [ 46] Failed to get user info for id '12345' [ 46] Source: LDAP unavailable. Entry for user-id:12345 not found in any of the available sources [ 46] Unable to retrieve credentials for UNIX user with UID 12345
