Skip to main content
NetApp Knowledge Base

LDAP servers are marked unavailable due to missing attribute for an user or machine account

  1. Last updated
  2. Save as PDF
Views:
1,572
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Issue

  • LDAP servers are marked unavailable due to missing attribute information for a user or machine account.
  • LDAP client is configured and ns switch has LDAP as a source for passwd and group lookup

CDOT::*> ns-switch  show -vserver svm1
                               Source
Vserver         Database       Order
--------------- ------------   ---------
svm1            hosts          files,
                               dns
svm1            group          files,  
                               ldap  <<<<<<
svm1            passwd         files,
                               ldap  <<<<<<  
svm1            netgroup       files
svm1            namemap        files

CDOT::*> ldap client  show -vserver svm1
        Client        LDAP            Active Directory              Minimum
Vserver Configuration Servers         Domain            Schema      Bind Level
------- ------------- --------------- ----------------- ----------- ----------
svm1    ldap1         -               naslab.local      AD-SFU      sasl

  • vserver  cifs domain  discovered-servers show displays LDAP server as "unavilable" after a query is done for the user or machine account.

CDOT::*> diag secd authentication show-creds -vserver svm1 -node CDOT-01 -win-name naslab\india-dc1$
 UNIX UID: pcuser <> Windows User: NASLAB\INDIA-DC1$ (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:
  pcuser

 Primary Group SID: NASLAB\Domain Controllers (Windows Domain group)

 Windows Membership:
  NASLAB\Domain Controllers (Windows Domain group)
  NASLAB\Denied RODC Password Replication Group (Windows Alias)
  NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS (Windows Well known group)
  Service asserted identity (Windows Well known group)
 User is also a member of Authenticated Users, Network Users, and Everyone

 Privileges (0x2000):
  SeChangeNotifyPrivilege

CDOT::*> vserver  cifs domain  discovered-servers show -vserver svm1
Node: CDOT-01
Vserver: svm1

Domain Name     Type     Preference DC-Name         DC-Address      Status
--------------- -------- ---------- --------------- --------------- ---------
""              LDAP     adequate   india-dc1       10.216.41.190   undetermined
""              LDAP     adequate   india-dc2       10.216.41.191   undetermined
""              LDAP     adequate   india-dc3       10.216.41.30    undetermined
""              LDAP     adequate   windowslds      10.216.41.29    unavailable  <<<<<<<<<<<<<
naslab.local    MS-DC    adequate   india-dc1       10.216.41.190   undetermined
naslab.local    MS-DC    adequate   india-dc2       10.216.41.191   undetermined
naslab.local    MS-DC    adequate   india-dc3       10.216.41.30    undetermined
naslab.local    MS-DC    adequate   windowslds      10.216.41.29    OK

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.