Skip to main content
NetApp Knowledge Base

Accessing a CIFS server via hostname fails with the error: Key table entry not found (KRB5_KT_NOTFOUND)

Views:
1,370
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • Cifs
  • Kerberos ETypes
  • Domain Controler (DC)
  • Windows OS

Issue

  • Access denied while opening a share using hostname
    • Example: \\svm_hostname
  • Same share opened as expected if accessed via IP
    • Example: \\ip_address_of_SVM
  • In logs we can see:
    • EMS.log:

[?] Mon Jan 14 00:27:40 IST [Cluster1: secd: secd.cifsAuth.problem:error]: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = a.b.c.d [ 4 ms] Error accepting security context for Vserver identifier (4). Key table entry not found (KRB5_KT_NOTFOUND). **[ 7] FAILURE: CIFS authentication failed 
 

  • In SECD.logenctype aes256 or enctype aes256 is logged:

00000015.0056f642 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.000.125] debug: secd_rpc_auth_extended_1_svc called with vserver = SVM1 { in secd_rpc_auth_extended_1_svc() at src/authentication/secd_rpc_auth.cpp:1204 }
00000015.0056f643 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.281] info : [krb5 context 09658600] Retrieving cifs/SVM1@testlab.com from SPINKT:kt:C:4 (vno 3, enctype aes256-cts) with result: -1765328203/Key table entry not found
00000015.0056f644 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.356] info : Error accepting security context for Vserver identifier (4). Key table entry not found (KRB5_KT_NOTFOUND).

  • SPN entry is updated correctly on windows side:

C:\Windows\system32>setspn -l SVM1
Registered ServicePrincipalNames for CN=SVM1,OU=Computers,DC=TESTLAB,DC=COM:
 HOST/SVM1.testlab.com
 HOST/SVM1

 

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support