https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443254#M42027 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/73493">@Ontapforrum</a>&nbsp;Thank you again for your advice!</P><P>&nbsp;</P><P>Actually I haven't set an ntp server for kerberos authentication at all. Because we didn't block internet in our studio, I thought it would be ok.</P><P>&nbsp;</P><P>I guess the time set originally in ontap skewed ever since then.</P><P>&nbsp;</P><P>After I set up the ntp server, everything is back to working!</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Apr 2023 07:33:25 GMT yb 2023-04-07T07:33:25Z https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443233#M42024 <P>I have a Freeipa server, that also runs LDAP and DNS. Our Ontap uses the information to verify kerberos user credential.</P><P>&nbsp;</P><P>It has worked well for me 3 month or so.<BR /><BR />But today, all nfs clients using kerberos authentication denied to access to the ontap storage.</P><P>&nbsp;</P><P>I found this error message that has raised since 1am today.</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">secd.ldap.noServers: None of the LDAP servers configured for Vserver (vs1) are currently accessible via the network for LDAP service type (Service: LDAP (NIS &amp; Name Mapping), Operation: GetUserInfoFromName).</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>So I believe they are related. Unfortunately, I don't know why it happened and how can I recover from it.</P><P>&nbsp;</P><P>From ssh shell in Ontap, I checked with this command.</P><P>&nbsp;</P><LI-CODE lang="markup">ldap check -vserver {vserver}</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>At the very first time it gave me an error. I ran 'ldapsearch' from our Freeipa server and it raise "GSSAPI" error.</P><P>I ran 'kinit admin' on the idm server. After that 'ldapsearch' successfully returns ldap information, and 'ldap check' returns normal status again.</P><P>&nbsp;</P><P>But still got the above error once an hour. Still kerberos user cannot access.</P><P>&nbsp;</P><P>Please give me some light. Thanks!</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 04 Jun 2025 09:51:05 GMT https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443233#M42024 yb 2025-06-04T09:51:05Z https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443238#M42025 <P>Could you check the following kbs, I don't know which one is relevant to your issue but as you said - it suddenly stopped so there must be something that has caused it. I am hoping the clock is in sync, b'cos Kerberos is time-sensitive. So ensure your NTP, FreeIPA client and Storage is within 5 mnt offset.<BR /><BR />Unable to authenticate to Cluster using FreeIPA LDAP:<BR /><A href="https://kb.netapp.com/onprem/ontap/da/NAS/Unable_to_authenticate_to_Cluster_using_FreeIPA_LDAP" target="_blank">https://kb.netapp.com/onprem/ontap/da/NAS/Unable_to_authenticate_to_Cluster_using_FreeIPA_LDAP</A></P><P>&nbsp;</P><P>secd.ldap.noServers: None of the LDAP servers configured for Vserver (vs1) are currently accessible via the network for LDAP service type<BR /><A href="https://kb.netapp.com/onprem/ontap/da/NAS/secd.ldap.noServers%3A_None_of_the_LDAP_servers_configured_for_Vserver_seen_in_the_log#:~:text=Preferred%20LDAP%20servers%20are%20configured%20and%20reachable%20in,%28Service%3A%20LDAP%20%28NIS%20%26%20Name%20Mapping%29%2C%20Operation%3A%20MapNameWindowsToUnix%29" target="_blank">https://kb.netapp.com/onprem/ontap/da/NAS/secd.ldap.noServers%3A_None_of_the_LDAP_servers_configured_for_Vserver_seen_in_the_log#:~:text=Preferred%20LDAP%20servers%20are%20configured%20and%20reachable%20in,%28Service%3A%20LDAP%20%28NIS%20%26%20Name%20Mapping%29%2C%20Operation%3A%20MapNameWindowsToUnix%29</A>.</P><P>&nbsp;</P><P><BR />secd.ldap.noServers messages every 4 hours during domain discovery<BR /><A href="https://kb.netapp.com/onprem/ontap/da/NAS/secd.ldap.noServers_messages_every_4_hours_during_domain_discovery" target="_blank">https://kb.netapp.com/onprem/ontap/da/NAS/secd.ldap.noServers_messages_every_4_hours_during_domain_discovery</A></P><P>&nbsp;</P><P>"secd.ldap.noServers" in EMS when using SSL/TLS</P><P><A href="https://kb.netapp.com/onprem/ontap/da/NAS/%22secd.ldap.noServers%22_in_EMS_when_using_SSL%2F%2F%2F%2FTLS" target="_blank">https://kb.netapp.com/onprem/ontap/da/NAS/%22secd.ldap.noServers%22_in_EMS_when_using_SSL%2F%2F%2F%2FTLS</A></P><P>&nbsp;</P><P><A href="https://whyistheinternetbroken.wordpress.com/2020/03/24/nfs-kerberos-ontap-freeipa/" target="_blank">https://whyistheinternetbroken.wordpress.com/2020/03/24/nfs-kerberos-ontap-freeipa/</A></P><P>&nbsp;</P> Thu, 06 Apr 2023 14:25:12 GMT https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443238#M42025 Ontapforrum 2023-04-06T14:25:12Z https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443254#M42027 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/73493">@Ontapforrum</a>&nbsp;Thank you again for your advice!</P><P>&nbsp;</P><P>Actually I haven't set an ntp server for kerberos authentication at all. Because we didn't block internet in our studio, I thought it would be ok.</P><P>&nbsp;</P><P>I guess the time set originally in ontap skewed ever since then.</P><P>&nbsp;</P><P>After I set up the ntp server, everything is back to working!</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Apr 2023 07:33:25 GMT https://community.netapp.com/t5/ONTAP-Discussions/connection-with-kerberos-authentication-suddenly-denide/m-p/443254#M42027 yb 2023-04-07T07:33:25Z