- Data ONTAP 8 7-Mode
- Data ONTAP 7 and earlier
There are times when the Service Principal Name (SPN) defined during CIFS Setup does not match the required SPN that a client attempts to look up. This results in the following error being identified in the packet trace:
This in turn, causes the Microsoft Client to fall back and then use NTLM for authentication instead of Kerberos. There are three common causes for this:
- When CIFS setup was run on the storage controller, the value defined in
options dns.domainnamedid not match the FQDN of the domain that was being joined.
- When clients attempt to access the storage controller, they are using a Netbios Alias.
- When clients attempt to access the storage controller, they are using a DNS Alias.