Cluster SVM unable to authenticate with Active Directory LDAP
Applies to
- ONTAP 9
- Cluster SVM
- Active Directory LDAP
Issue
- Configured Microsoft AD LDAP authentication for Cluster SVM, ONTAP fails to retrieve the UNIX user credential
::> set advanced
::*> vserver services name-service getxxbyyy getpwbyname -node node1 -vserver ClusterSVM -username ntaptest -show-source true -use-cache false
Error: command failed: Failed to resolve ntaptest. Reason: Entry not found for "username: ntaptest
- SecD log shows the below event
Error: Acquire UNIX credentials procedure failed
Entry for user-name: ntaptest not found in the current
source: FILES. Ignoring and trying next available source
[ 6] Using a cached connection to dc01.netapp.local
[ 3301] FAILURE: User 'ntaptest' not found in UNIX authorization source LDAP.
[ 3301] Entry for user-name: ntaptest not found in the current
source: LDAP. Entry for user-name: ntaptest not found in any of the available sources
[ 3303] Unable to retrieve UID for UNIX user ntaptest
Error: command failed: Failed to resolve user name to a UNIX ID. Reason: "SecD Error: object not found".
- uid,uidNumber,gidNumber are emtpy when querying UNIX Attributes from Active Directory with Powershell
PS Z:\> get-ADuser <user>-Properties * | select SamAccountName,gidnumber,uidNumber,uid