Network Storage Protocols Discussions

NFS Kerberos interface enable failed

JF-Louvet

Hello,

 

I'm trying to implement my first NFS Kerberos configuration and this step is failing  and the error message is not helpful

 

Here is the command :

vserver nfs kerberos interface enable -vserver pardf1932_test -lif lif_pardf1932_test_cifs_data  -spn nfs/pardf1932vf2.euro@EURO.XX  -ou "ou=Non image:ou=PAR:ou=FR"

 

 

  [  6779] Got an LDAP connection to the AD server=10.XXX
  [  6783] LDAP search for the "" attribute(s) within base "ou=Non
           image:ou=PAR:ou=FR" (scope: 0)
           using filter "(|(objectClass=organizationalUnit)(objectCla
           ss=container))" failed with error: Invalid DN syntax
  [  6783] Additional info: 0000208F: NameErr: DSID-031001F7,
           problem 2006 (BAD_NAME), data 8349, best match of:
                'ou=Non image:ou=PAR:ou=FR'
**[  6783] FAILURE: Unexpected state: Error 7623 at
**         file:src/utils/secd_ldap_utils.cpp func:searchLdap
**         line:356
**[  6783] FAILURE: Lookup of ou 'ou=Non
**         image:ou=PAR:ou=FR' failed - most
**         likely an illegal ou syntax
  [  6783] Uncaptured failure while creating account

Error: command failed: Failed to enable NFS Kerberos on LIF "lif_pardf1932_test_cifs_data". Failed to bind service principal name on LIF "lif_pardf1932_test_cifs_data". SecD Error: ou not
       found.

 

 

Realm is like this :

vserver nfs kerberos realm show -instance

                           Vserver: pardf1932_test
                    Kerberos Realm: EURO.XX
                        KDC Vendor: Microsoft
                    KDC IP Address: 10.XXXX
                          KDC Port: 88
                        Clock Skew: 5
      Active Directory Server Name:
Active Directory Server IP Address: 10.XXXX
                           Comment: -
           Admin Server IP Address: 10.XXXX
                 Admin Server Port: 749
        Password Server IP Address: 10.XXXX
              Password Server Port: 464

 

Is there a special log to consult for this ?

I'm very confdused about the ldap search :

LDAP search for the "" attribute(s) within base "ou=Non
           image:ou=PAR:ou=FR" (scope: 0)
           using filter "(|(objectClass=organizationalUnit)(objectCla
           ss=container))" failed with error: Invalid DN syntax

 

Any idea

 

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public