我试图让我的FAS2040使用LDAP来操作用户查找,下面是filerconfiguration选项:
filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name domain-admin-account ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on 输出nsswitch.conf:
hosts: files dns passwd: ldap files netgroup: ldap files group: ldap files shadow: files nis
错误消息:
[filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for dc1.colour.domain.LOCAL. [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (site). [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Could not get passwd entry for name = <random user> the filer can ping the FQDN of dc1 the filer can ping the IP of dc1 the filer cannot ping "dc1"
我不确定我要去哪里错,所以任何指针都会很棒。
所以你没有列出服务器IP。 因此它试图使用域名的DNS RRlogging。 这是可用的吗? 它应该有一个_msdcs.domain.com条目,在该域的所有域控制器的IP地址列表中的某处。 听起来像第二个和第三个错误线都指出了。
我的猜测是, Could not get passwd entry for name = <random user>错误的Could not get passwd entry for name = <random user>是从以前的错误级联。
为什么这么多事情是不合法的? 以及为什么要解除你的最低限度anvenus? 让一个专门用户完成所有这些工作。
这是我的configuration:
filer1> options ldap ldap.ADdomain foo.com ldap.base dc=foo,dc=com ldap.base.group dc=foo,dc=com ldap.base.netgroup dc=foo,dc=com ldap.base.passwd dc=foo,dc=com ldap.enable on ldap.minimum_bind_level simple ldap.name cn=netapp,cn=users,dc=foo,dc=com ldap.nssmap.attribute.gecos name ldap.nssmap.attribute.gidNumber msSFU30GidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory msSFU30HomeDirectory ldap.nssmap.attribute.loginShell msSFU30LoginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid sAMAccountName ldap.nssmap.attribute.uidNumber msSFU30UidNumber ldap.nssmap.attribute.userPassword msSFU30Password ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount User ldap.nssmap.objectClass.posixGroup Group ldap.passwd ****** ldap.port 636 ldap.servers ldap.servers.preferred ldap.ssl.enable on ldap.timeout 20 ldap.usermap.attribute.unixaccount sAMAccountName ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base dc=foo,dc=com ldap.usermap.enable on
以下命令的输出是什么? (这是我的输出)
nslookup > set q=srv _msdcs Server: dc01.foo.com Address: 10.17.0.1 _msdcs.foo.com primary name server = dc01.foo.com responsible mail addr = hostmaster serial = 14628 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) > _ldap._tcp.dc._msdcs (followed by a LOOONG list of posible servers :)