Network Storage Protocols Discussions

NFS Kerberos interface enable failed

Hello,

 

I'm trying to implement my first NFS Kerberos configuration and this step is failing  and the error message is not helpful

 

Here is the command :

vserver nfs kerberos interface enable -vserver pardf1932_test -lif lif_pardf1932_test_cifs_data  -spn nfs/pardf1932vf2.euro@EURO.XX  -ou "ou=Non image:ou=PAR:ou=FR"

 

 

  [  6779] Got an LDAP connection to the AD server=10.XXX
  [  6783] LDAP search for the "" attribute(s) within base "ou=Non
           image:ou=PAR:ou=FR" (scope: 0)
           using filter "(|(objectClass=organizationalUnit)(objectCla
           ss=container))" failed with error: Invalid DN syntax
  [  6783] Additional info: 0000208F: NameErr: DSID-031001F7,
           problem 2006 (BAD_NAME), data 8349, best match of:
                'ou=Non image:ou=PAR:ou=FR'
**[  6783] FAILURE: Unexpected state: Error 7623 at
**         file:src/utils/secd_ldap_utils.cpp func:searchLdap
**         line:356
**[  6783] FAILURE: Lookup of ou 'ou=Non
**         image:ou=PAR:ou=FR' failed - most
**         likely an illegal ou syntax
  [  6783] Uncaptured failure while creating account

Error: command failed: Failed to enable NFS Kerberos on LIF "lif_pardf1932_test_cifs_data". Failed to bind service principal name on LIF "lif_pardf1932_test_cifs_data". SecD Error: ou not
       found.

 

 

Realm is like this :

vserver nfs kerberos realm show -instance

                           Vserver: pardf1932_test
                    Kerberos Realm: EURO.XX
                        KDC Vendor: Microsoft
                    KDC IP Address: 10.XXXX
                          KDC Port: 88
                        Clock Skew: 5
      Active Directory Server Name:
Active Directory Server IP Address: 10.XXXX
                           Comment: -
           Admin Server IP Address: 10.XXXX
                 Admin Server Port: 749
        Password Server IP Address: 10.XXXX
              Password Server Port: 464

 

Is there a special log to consult for this ?

I'm very confdused about the ldap search :

LDAP search for the "" attribute(s) within base "ou=Non
           image:ou=PAR:ou=FR" (scope: 0)
           using filter "(|(objectClass=organizationalUnit)(objectCla
           ss=container))" failed with error: Invalid DN syntax

 

Any idea

 

Forums