LDAP client UNIX user lookup fails due to incorrect LDAP schema

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 1,722

Visibility:: Public

Votes:: 1

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
LDAP schema
Windows AD LDAP

Issue

Using Microsoft Active Directory LDAP as a Directory Store, ONTAP fails to retrieve the UNIX user credentials

::> set advanced

::*> vserver services access-check authentication show-creds -node <node_name> -vserver <svm_name> -win-name DOMAIN\Name

SecD log shows the following error

example

[kern_secd:info:15834] Error: Get user credentials procedure failed

[kern_secd:info:15834] [ 38] Retrieved CIFS credentials via S4U2Self for full Windows user name 'test@NTAP.LOCAL'

[kern_secd:info:15834] [ 88] Trying to map 'NTAP\TEST' to UNIX user 'test' using implicit mapping

[kern_secd:info:15834] [ 101] Hostname found in Name Service Cache

[kern_secd:info:15834] [ 101] Resolved LDAP servers: 10.10.10.130. Vserver: 2

[kern_secd:info:15834] [ 101] Failed to initiate Kerberos authentication. Trying NTLM.

[kern_secd:info:15834] [ 102] Successfully connected to ip 10.10.10.130, port 3268 using TCP

[kern_secd:info:15834] **[ 109] FAILURE: User 'test' not found in UNIX authorization source LDAP.

[kern_secd:info:15834] [ 109] Entry for user-name: test not found in the current source: LDAP. Entry for user-name: test not found in any of the available sources