secd.kerberos.preauth due to missing PTR for AD-LDAP server
Applies to
- ONTAP 9
- CIFS
- Kerberos
Issue
- ONTAP event log error reported even after CIFS password reset
secd.kerberos.preauth: A Kerberos pre-authentication failure occurred for SVM "SVM1" due to invalid credentials for SVM1$@DOMAIN.LOCAL.- In SECD Kerberos ticket cannot be found and error is returned:
Example indicators 1:
Discovery returned ldap1.domain.local (10.1.2.14)Entry for host-address:10.1.2.14 not found in any of the available sourcesRequesting tickets for ldap/10.1.2.14@domain.local-1765328377/Server not found in Kerberos databaseAD-LDAP sasl bind failed. Trying again with new passwordExample indicators 2:
NSLIBC: getaddrinfo(), ../../../../../../src/lib/libc/net/getaddrinfo.c:437, Vsid = 3 Hostname received: XXX.XXX.XXX.XXX
NSLIBC: __res_nsend(), ../../../../../../src/lib/libc/resolv/res_send.c:843, Vsid = 3 Connected to XXX.XXX.XXX.XXX for DNS
NSLIBC: log_rcode_and_update_stats(), ../../../../../../src/lib/libc/resolv/res_send.c:489, Vsid = 3 Rcode received from the DNS server(XXX.XXX.XXX.XXX): 3 when querying _kerberos.XXX
NSLIBC: __res_nquery(), ../../../../../../src/lib/libc/resolv/res_query.c:224, Vsid = 3 ;; rcode = (XXX), counts = an:0 ns:1 ar:0
[krb5 context 09F29800] No URI records found
[krb5 context 09F29800] Sending DNS SRV query for _kerberos._udp.XXX