IBM Storwize V7000 Unified Problem Determination Manual page 178

Refer to these topics in the IBM Storwize V7000 Unified Information Center "Planning
for user authentication", "Verifying the authentication configuration", "Establishing
user and group mapping for client access", and "chkauth".
If you cannot resolve the issue, contact the authentication server administrator to
validate or reestablish your account.
Refer to "Managing authentication server integration" for more information about
authentication and server configuration.
Resolving the "Missing SRV record in DNS" error
About this task
If the "Missing SRV record in DNS" error displays when you configure the active
directory (AD) using the cfgad command, similar to the following example, verify
that entries for DNS Domain Name, DNS Server, and DNS Search Domains are
correct. Also, verify that the DNS server has valid SRV records for that domain.
$ cfgad -s 9.9.9.9 -u admin -p ****
(1/9) Fetching the list of cluster file modules.
(2/9) Check if cfgcluster has done the basic configuration successfully.
(3/9) Check whether file modules are
reachable from management file module.
(4/9) Detection of AD server and fetching domain information from AD server.
Missing SRV record in DNS : _ldap._tcp.xxxxx.COM
Missing SRV record in DNS : _ldap._tcp.dc._msdcs.xxxxx.COM
Missing SRV record in DNS : _kerberos._tcp.xxxxx.COM
Missing SRV record in DNS : _kerberos._tcp.dc._msdcs.xxxxx.COM
Necessary DNS entries are missing, the domain join step might fail.
(5/9) Check whether AD server is reachable
from file modules.
(6/9) Joining the domain of the specified ADS.
EFSSG0110C Configure AD failed on cluster. Cause: Error encountered while
executing netjoinAD.sh. Output till failure is :Join to Active Directory
domain with user Administrator
Failed to join domain: failed to find DC for domain SONAS
If "netgroup" functionality with NIS or LDAP is not working
About this task
If "netgroup" functionality with Network Information Service (NIS) or Lightweight
Directory Access Protocol (LDAP) is not working, ensure that you have included a
"@" in front of the netgroup name, as shown in the following example:
$ mkexport testnetgrp5 /ibm/gpfs0/netgroup5 --nfs "@ng1(rw,no_root_squash)"
Do not create a netgroup with an IP address; instead, use a host name. The host
name that is defined in a netgroup should resolve to a valid IP address that points
back to the same host name when you query for it.
Possible client misconfiguration
About this task
Authentication problems might be caused by a client-side NAS misconfiguration.
To verify, issue the lookupname command on the active management file module, as
shown in the following example, to verify that the file module can authenticate
with the authentication server.
158
Storwize V7000 Unified: Problem Determination Guide 2073-720
Error occurred due to reason : Join to Active Directory domain failed