During cifs setup, create, or password-reset, a failure occurs due to KRB5KDC_ERR_ETYPE_NOSUPP
Applies to
- ONTAP 9
- CIFS
Issue
- ONTAP CLI commands
cifs setup
,vserver cifs create
orvserver cifs password-reset
fail - secd logs either:
KRB5KDC_ERR_ETYPE_NOSUPP
KDC_ERR_ETYPE_NOTSUPP
(KDC has no support for encryption type).
Example:
[kern_secd:info:12090] | [000.028.994] debug: Supported encryption types are RC4 and DES { in getEtypeList() at src/utils/secd_krb_utils.cpp:103 }
[kern_secd:info:12090] Failure Summary:
[kern_secd:info:12090] Error: Machine account creation procedure failed
[kern_secd:info:12090] [ 28] Loaded the preliminary configuration.
[kern_secd:info:12090] [ 31] Successfully connected to ip xx.xx.0.1, port 88 using TCP
[kern_secd:info:12090] **[ 40] FAILURE: Could not authenticate as 'user@DOMAIN.LOCAL': KDC has no support for encryption type (KRB5KDC_ERR_ETYPE_NOSUPP)
- SVM encryption setting differs from DC encryption configuration:
cluster1::> vserver cifs security show
Vserver: vs1
Kerberos Clock Skew: 3 minutes
Kerberos Ticket Age: 8 hours
Kerberos Renewal Age: 7 days
Kerberos KDC Timeout: 3 seconds
Is Signing Required: true
Is Password Complexity Required: true
Use start_tls For AD LDAP connection: false
Is AES Encryption Enabled: false