Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

CIFS Client Access Fails on ONTAP 9.2+ After CIFS Password Reset

Views:
964
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9.2 +

Issue    

  • CIFS clients fail to authenticate to the CIFS server
  • EMS errors (secd.cifsAuth.problem) report "KRB5KRB_AP_ERR_BAD_INTEGRITY"

12/31/2018 14:12:31 cluster-01      ERROR         secd.cifsAuth.problem: vserver (vserver) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.11.22.33
  [  2 ms] Error accepting security context for Vserver identifier (8). Decrypt integrity check failed (KRB5KRB_AP_ERR_BAD_INTEGRITY).
**[     4] FAILURE: CIFS authentication failed

  • Manual or Scheduled CIFS password reset
    • Use the following command to check the last time the password was reset for the vserver

cluster::> cifs domain password schedule show -vserver <vserver>

          Schedule Enabled: true <<<< Whether or not scheduled password reset is enabled
         Schedule Interval: 4   week(s)
Schedule Randomized Within: 120 minute(s)
                  Schedule: Sun@01:00
           Last Changed At: Mon Dec 31 15:23:41 2018 <<<< Last time password was changed either manually or via scheduled reset

  • Packet-trace of during failure shows the one of the following error codes in the Session Setup Response
    • Unknown (0xC0000466)
    • STATUS_UNSUCCESSFUL

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support