"cifs setup" fails with "Setup cannot connect to an LDAP server for the FQDN"

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

"cifs setup" fails with "Setup cannot connect to an LDAP server for the FQDN"

Momonth
Hi,

I tried to add 8.2.3 7-Mode filer to Windows AD via "cifs setup"
wizard, but it's failing with:

CIFS - Logged in as [hidden email]
***     Setup cannot connect to an LDAP server for the MYDOMAIN.COM
***     active directory domain, and so cannot continue.

I think the error message is misleading as the filer can talk to LDAP
servers (I have multiple domain controllers) and I have a tcpdump that
confirms it.

From what I could get from the tcpdump, the filer does the following:

0. Sends DNS request "SRV _ldap._tcp.MYDOMAIN.COM"

// + some more DNS requests for "SRV _kerberos" etc.

1 Sends LDAP search query that looks like this:

Filter: (&(&(DnsDomain=MYDOMAIN.COM)(Host=FILER-NAME))(NtVer=0x00000006))

Does it try to find itself ?

2. Gets am empty (but successful) response, where "matchedDN" is empty.

3. Sends "abondonRequest" to LDAP server.

4. Sends "unbindRequest to LDAP server.

The filer repeats it for all LDAP server it fetched at step 0. and
quits with the error.

I found the following KBs:

https://kb.netapp.com/support/index?page=content&id=2026294&actp=LIST
https://kb.netapp.com/support/index?page=content&id=2018207&actp=LIST

All my LDAP servers have names that are less than 15 symbols, that's
verified. And NetBIOS is not active I was told.

Any ideas maybe?

Cheers,
Vladimir
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: "cifs setup" fails with "Setup cannot connect to an LDAP server for the FQDN"

Parisi, Justin
It does an LDAP lookup for itself to see if it needs to create a new machine account or to use the existing one.

Did you try to enable "cifs.trace_login" during the process?

You may want to open a support case.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Momonth
Sent: Thursday, August 11, 2016 6:53 AM
To: [hidden email]
Subject: "cifs setup" fails with "Setup cannot connect to an LDAP server for the FQDN"

Hi,

I tried to add 8.2.3 7-Mode filer to Windows AD via "cifs setup"
wizard, but it's failing with:

CIFS - Logged in as [hidden email]
***     Setup cannot connect to an LDAP server for the MYDOMAIN.COM
***     active directory domain, and so cannot continue.

I think the error message is misleading as the filer can talk to LDAP servers (I have multiple domain controllers) and I have a tcpdump that confirms it.

From what I could get from the tcpdump, the filer does the following:

0. Sends DNS request "SRV _ldap._tcp.MYDOMAIN.COM"

// + some more DNS requests for "SRV _kerberos" etc.

1 Sends LDAP search query that looks like this:

Filter: (&(&(DnsDomain=MYDOMAIN.COM)(Host=FILER-NAME))(NtVer=0x00000006))

Does it try to find itself ?

2. Gets am empty (but successful) response, where "matchedDN" is empty.

3. Sends "abondonRequest" to LDAP server.

4. Sends "unbindRequest to LDAP server.

The filer repeats it for all LDAP server it fetched at step 0. and quits with the error.

I found the following KBs:

https://kb.netapp.com/support/index?page=content&id=2026294&actp=LIST
https://kb.netapp.com/support/index?page=content&id=2018207&actp=LIST

All my LDAP servers have names that are less than 15 symbols, that's verified. And NetBIOS is not active I was told.

Any ideas maybe?

Cheers,
Vladimir
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "cifs setup" fails with "Setup cannot connect to an LDAP server for the FQDN"

Momonth
Yes, I tried this option, but it didn't log anything.

On Thu, Aug 11, 2016 at 3:32 PM, Parisi, Justin
<[hidden email]> wrote:
> It does an LDAP lookup for itself to see if it needs to create a new machine account or to use the existing one.
>
> Did you try to enable "cifs.trace_login" during the process?
>
> You may want to open a support case.
>
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "cifs setup" fails with "Setup cannot connect to an LDAP server for the FQDN"

Momonth
In reply to this post by Momonth
Here is how I resolved it.

1. Register a new object (your filer to be added) in your domain
controller manually. Or ask respective Windows sysadmin team to do so.
In my case it is:

CN=FILER-NAME,CN=Computers,DC=my,DC=domain,DC=com;

2. Important bit: make sure LDAP "dNSHostName" attribute is populated.
Otherwise the filer refuses to find itself while running "cifs setup".

3. Run "cifs setup" and say "yes" to overwrite the existing object
when prompted.

Cheers,
Vladimir


On Thu, Aug 11, 2016 at 12:52 PM, Momonth <[hidden email]> wrote:
> Hi,
>
> I tried to add 8.2.3 7-Mode filer to Windows AD via "cifs setup"
> wizard, but it's failing with:
>
> CIFS - Logged in as [hidden email]
> ***     Setup cannot connect to an LDAP server for the MYDOMAIN.COM
> ***     active directory domain, and so cannot continue.
>
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Loading...