If "Netgroup" Functionality With Nis Or Ldap Is Not Working; Possible Client Misconfiguration - IBM Storwize V7000 Unified Problem Determination Manual
Hide thumbs
Also See for Storwize V7000 Unified:
- Introduction and implementation manual (670 pages) ,
- Problem determination manual (474 pages) ,
- Troubleshooting and maintenance manual (189 pages)
Table of Contents
Advertisement
that entries for DNS Domain Name, DNS Server, and DNS Search Domains are
correct. Also, verify that the DNS server has valid SRV records for that domain.
$ cfgad -s 9.9.9.9 -u admin -p ****
(1/9) Fetching the list of cluster file modules.
(2/9) Check if cfgcluster has done the basic configuration successfully.
(3/9) Check whether file modules are
reachable from management file module.
(4/9) Detection of AD server and fetching domain information from AD server.
Missing SRV record in DNS : _ldap._tcp.xxxxx.COM
Missing SRV record in DNS : _ldap._tcp.dc._msdcs.xxxxx.COM
Missing SRV record in DNS : _kerberos._tcp.xxxxx.COM
Missing SRV record in DNS : _kerberos._tcp.dc._msdcs.xxxxx.COM
Necessary DNS entries are missing, the domain join step might fail.
(5/9) Check whether AD server is reachable
from file modules.
(6/9) Joining the domain of the specified ADS.
EFSSG0110C Configure AD failed on cluster. Cause: Error encountered while
executing netjoinAD.sh. Output till failure is :Join to Active Directory
domain with user Administrator
Failed to join domain: failed to find DC for domain SONAS
If "netgroup" functionality with NIS or LDAP is not working
About this task
If "netgroup" functionality with Network Information Service (NIS) or Lightweight
Directory Access Protocol (LDAP) is not working, ensure that you have included a
"@" in front of the netgroup name, as shown in the following example:
$ mkexport testnetgrp5 /ibm/gpfs0/netgroup5 --nfs "@ng1(rw,no_root_squash)"
Do not create a netgroup with an IP address; instead, use a host name. The host
name that is defined in a netgroup should resolve to a valid IP address that points
back to the same host name when you query for it.
Possible client misconfiguration
About this task
Authentication problems might be caused by a client-side NAS misconfiguration.
To verify, issue the lookupname command on the active management file module, as
shown in the following example, to verify that the file module can authenticate
with the authentication server.
$ lookupname --user SONAS\\userr
USER
SONAS\userr SONAS\domain users
EFSSG1000I The command completed successfully.
$ chkauth -i -u SONAS\\userr
Command_Output_Data
FETCH USER INFO SUCCEED 12004360 12000513 /var/opt/IBM/sofs/scproot /usr/bin/rssh
EFSSG1000I The command completed successfully.
When the system is unable to authenticate against an external authentication
server, you must ensure that it can obtain user information from the authentication
server. For this user information, query commands can be run from the file
modules. For example, in the case of the LDAP authentication server, you can issue
a command as shown in the following example:
$ chkauth -a -u SONAS\\userr -p ******
AUTHENTICATE USER SUCCEED
EFSSG1000I The command completed successfully.
174
Storwize V7000 Unified: Problem Determination Guide Version
Error occurred due to reason : Join to Active Directory domain failed
GROUP
UID
GID
Home_Directory
Template_Shell
Advertisement
Table of Contents
Troubleshooting
