Skip to main content
NetApp Knowledgebase

Kerberos EMS error descriptions

  1. Last updated
  2. Save as PDF
Views:
1,887
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

 

Applies to

  • ONTAP 9x
  • Clustered Data ONTAP 8

Answer

Kerberos is a authentication protocol and Data ONTAP employs it for authenticating either CIFS or NFS requests, depending on the configuration.
By default, NFS is not installed with a Kerberos authentication setup.
Starting with Clustered Data ONTAP CIFS cannot be used unless the the SVM (Storage Virtual Machine) is joined to Active Directory infrastructure and authentication will be performed via the Kerberos implementation in Active Directory.


Data ONTAP 7mode does not trace Kerberos errors related to NFS by default, this has to be enabled with the nfs.rpcsec.trace option:
ontap> options nfs.rpcsec.trace on
In order to reassess the situation, retry your connection and see if something along the following line is logged in EMS messages:
Wed Apr 25 22:18:11 IST [krb.kt.princ.notfound.kv.less:warning]: Kerberos: Found principal nfs/host.domain.com@KDCDOMAIN in keytab file /etc/UNIX_krb5.keytab, but the key version number was wrong (received 3, expected 2). Try running 'kdestroy' and 'kinit' commands on the client and reinstalling the keytab file from the KDC.
Wed Apr 25 22:18:11 IST [rpc.authen.init.rep.status:warning]: authentication reply sent with major_status 851968 and minor_status -1765328158


In Clustered Data ONTAP the authentication is handled by the SECD daemon and at default values SECD will log in detail every authentication request that is not successful.
In order to see a listing of the SECD errors/messages for the last 10 minutes you can use a CLI command of the form:
::> event log show -time >10m -source secd

The SECD daemon that will perform the authentication is the SECD daemon running on the node that owns the LIF accessed by the client, you could also inspect the log from the SPI interface of the node via HTTP at the URL:
https://cluster-mgmt-ip/spi/node-name/etc/log/secd
the files named secd* at the location are the SECD logs.

Minor Status  Minor Error Code Description  Corrective Action
KRB5_KT_KVNONOTFOUND -1765328158L Key version number for the principal in the key table is incorrect Capture the network traces and verify the key version number. ap_req kvno should be the same as for the key tab file

 

Caution: The workaround given below is as per understanding the code and has not been verified by testing. 

 

Minor Status  Minor Error Code  Description  Corrective Action
KRB5KDC_ERR_NONE  -1765328384L No error  No
KRB5KDC_ERR_NAME_EXP  -1765328383L Client's entry in database has expired  Client entry in KDC expired; recreate the key tab files for the client. For verification, capture the network traces between the client and KDC and verify the return status.
KRB5KDC_ERR_SERVICE_EXP  -1765328382L Server's entry in database has expired  Server entry in KDC expired; recreate the key tab files for the server. For verification, capture the network traces between the client and KDC and verify the return status.
KRB5KDC_ERR_BAD_PVNO  -1765328381L Requested protocol version not supported  Capture the network traces and verify the protocol version (Pvno) in AP_REQ. The Protocol version should be 5; if it is an invalid protocol version, check the nfs client configuration.
KRB5KDC_ERR_C_OLD_MAST_KVNO  -1765328380L Client's key is encrypted in an old master key  Check the KDC configuration. Nothing to do with ONTAP Kernel.
KRB5KDC_ERR_S_OLD_MAST_KVNO  -1765328379L Server's key is encrypted in an old master key  Check the KDC configuration. Nothing to do with ONTAP Kernel.
KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN  -1765328378L Client not found in the Kerberos database  Client entry not found in the KDC database; add the principal name and create the key tab files for the client in KDC. For verification, capture the network traces between the client and KDC and verify the return status.
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN  -1765328377L Server not found in the Kerberos database  Server entry not found in the KDC database; add the principal name and create the key tab files for the server in KDC. For verification, capture the network traces between the client and KDC and verify the return status.
KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE  -1765328376L Principal has multiple entries in the Kerberos database  Client/Server has multiple entries in the KDC database; recreate the key tab files for the client/server. For verification, capture the network traces between the client and KDC and verify the return status.
KRB5KDC_ERR_NULL_KEY  -1765328375L Client or server has a null key  Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel
KRB5KDC_ERR_CANNOT_POSTDATE  -1765328374L Ticket is ineligible for postdating  Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.
KRB5KDC_ERR_NEVER_VALID  -1765328373L Requested effective lifetime is negative or too short  Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.
KRB5KDC_ERR_POLICY  -1765328372L KDC policy rejects request  Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.
KRB5KDC_ERR_BADOPTION  -1765328371L KDC cannot fulfill the requested option  Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.
KRB5KDC_ERR_ETYPE_NOSUPP  -1765328370L KDC has no support for the encryption type  Check the Windows/UNIX KDC  configuration, If the error is noticed during the filer cifs setup, then the machine account for the server name specified is inconsistent and it needs to be reset at Windows KDC.
KRB5KDC_ERR_SUMTYPE_NOSUPP  -1765328369L KDC has no support for the checksum type  Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_PADATA_TYPE_NOSUPP 

-1765328368L

KDC has no support for the padata type 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_TRTYPE_NOSUPP 

-1765328367L

KDC has no support for the transited type 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_CLIENT_REVOKED 

-1765328366L

Client's credentials have been revoked 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_SERVICE_REVOKED 

-1765328365L

Credentials for the server have been revoked 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_TGT_REVOKED 

-1765328364L

TGT has been revoked 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_CLIENT_NOTYET 

-1765328363L

Client not yet valid, try again later 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_SERVICE_NOTYET 

-1765328362L

Server not yet valid, try again later 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_KEY_EXP 

-1765328361L

Password has expired 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_PREAUTH_FAILED 

-1765328360L

Pre-authentication failed 

Check the Windows KDC configuration. This error is also encountered during a cifs setup. Provide the valid credentials for the account during the cifs setup; authentication failed with the available credentials.

KRB5KDC_ERR_PREAUTH_REQUIRED 

-1765328359L

Additional pre-authentication required 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KDC_ERR_SERVER_NOMATCH 

-1765328358L

Requested server and ticket do not match 

Check the Windows/UNIX KDC configuration. Nothing to do with ONTAP Kernel.

KRB5KRB_AP_ERR_BAD_INTEGRITY 

-1765328353L

Decrypt integrity check failed 

Checksum verification failed, recheck the configured filer and client tickets and capture the network traces. If the same error is noticed, regenerate the tickets for the filer and client.

KRB5KRB_AP_ERR_TKT_EXPIRED 

-1765328352L

Ticket expired 

Check the time synchronization between the client, filer and KDC. It should be less than 5 minutes and should be in same time zone. If they are in sync, ticket gets expired. It needs to be renewed. Regenerate the key tab files for the client and filer and retry the Kerberos mount as per the procedure.

KRB5KRB_AP_ERR_TKT_NYV 

-1765328351L

Ticket not yet valid 

Check the time synchronization between the client, filer and KDC. It should be less than 5 minutes and should be in same time zone. If they are in sync, the ticket is not valid, it needs to be created. Add the proper principals to the KDC and create the proper key tab files for the client and filer and retry the Kerberos mount as per the procedure.

KRB5KRB_AP_ERR_REPEAT 

-1765328350L

Request is a replay 

Check the time synchronization between the KDC and server and also try by setting the libdefaults time sync field to 0

[libdefaults]

   kdc_timesync = 0

KRB5KRB_AP_ERR_NOT_US 

-1765328349L

The ticket is not for us 

Nothing to do with ONTAP Kernel.

KRB5KRB_AP_ERR_BADMATCH 

-1765328348L

Ticket/authenticator do not match 

Capture the network traces and verify the request (ap-req) principal name in the  NULL call with the principal names in the key tab file. Both the principals should be the same. If both are not the same, add the proper principal in KDC and generate the new key tab files for the filer and retry the Kerberos mount as per the procedure.

KRB5KRB_AP_ERR_SKEW 

-1765328347L

Clock skew too high

Check the time synchronization between the client, KDC and the filer. It should be less than 5 minutes. All the entities should be in the same time zone.

KRB5KRB_AP_ERR_BADADDR 

-1765328346L

Incorrect network address 

Capture the network traces and verify the network addresses, the remote client address, and the encrypted source address are not matching.  

KRB5KRB_AP_ERR_BADVERSION 

-1765328345L

Protocol version mismatch 

Capture the network traces and verity the message type and protocol version. It should be type AP_REQ and the version should be 5.

KRB5KRB_AP_ERR_MSG_TYPE 

-1765328344L

Invalid message type 

Capture the network traces and verity the message type. It should be AP_REQ.

KRB5KRB_AP_ERR_MODIFIED 

-1765328343L

Message stream modified 

When a user, or Service Account, or computer password get changed in KDC. When the service decrypts the ticket it is going to use its current password and decrypt the ticket. So, if the Kerberos service ticket was generated by a KDC that has not received the latest password for the Service Account, then, it will encrypt the ticket with the wrong password. Thus, the service will not be able to decrypt the ticket; and then, this error is encountered. Regenerate the tickets with the new password and retry the mount as per the procedure.

KRB5KRB_AP_ERR_BADORDER 

-1765328342L

Message out of order 

Verify the cifs setup/ nfs setup with Windows KDC.

KRB5KRB_AP_ERR_ILL_CR_TKT 

-1765328341L

Illegal cross-realm ticket 

Add the intermediate cross realm entries [domain_relam] section in the /etc/krb5.conf file.

KRB5KRB_AP_ERR_BADKEYVER 

-1765328340L

Key version is not available 

Check the configuration, nothing to do with ONTAP Kernel.

KRB5KRB_AP_ERR_NOKEY 

-1765328339L

Service key not available 

Check the configuration, nothing to do with ONTAP Kernel.

KRB5KRB_AP_ERR_MUT_FAIL 

-1765328338L

Mutual authentication failed 

Check the configuration , nothing to do with ONTAP Kernel

KRB5KRB_AP_ERR_BADDIRECTION 

-1765328337L

Incorrect message direction 

Check the configuration , nothing to do with ONTAP Kernel

KRB5KRB_AP_ERR_METHOD 

-1765328336L

Alternative authentication method required 

Check the configuration , nothing to do with ONTAP Kernel

KRB5KRB_AP_ERR_BADSEQ 

-1765328335L

Incorrect sequence number in message 

Check the configuration , nothing to do with ONTAP Kernel

KRB5KRB_AP_ERR_INAPP_CKSUM 

-1765328334L

Inappropriate type of checksum in message 

Checksum verification failed, recheck the configured filer and client tickets and capture the network traces. If the same error is encountered, regenerate the tickets for the filer and client.

KRB5KRB_ERR_GENERIC 

-1765328324L

Generic error 

 

KRB5KRB_ERR_FIELD_TOOLONG 

-1765328323L

Field is too long for this implementation 

Credentials length too long, it should be less than 65535. Capture the network traces and verify the same.

KRB5_LIBOS_BADLOCKFLAG 

-1765328255L

Invalid flag for file lock mode 

Collect the network traces between the client and the filer

KRB5_LIBOS_CANTREADPWD 

-1765328254L

Cannot read password 

Recheck the cifs setup or nfs setup with Windows KDC.

KRB5_LIBOS_BADPWDMATCH 

-1765328253L

Password mismatch 

Recheck the cifs setup or nfs setup with Windows KDC.

KRB5_LIBOS_PWDINTR 

-1765328252L

Password read interrupted 

Recheck the cifs setup or nfs setup with Windows KDC.

KRB5_PARSE_ILLCHAR 

-1765328251L

Illegal character in component name 

Nothing to do with ONTAP Kernel.

KRB5_PARSE_MALFORMED 

-1765328250L

Malformed representation of principal 

Capture the network traces and verify the  request principal

KRB5_CONFIG_CANTOPEN 

-1765328249L

Cannot open/find Kerberos /etc/krb5.conf configuration file

Check if the /etc/krb5.conf file exists or not and also check the permissions.

KRB5_CONFIG_BADFORMAT 

-1765328248L

Improper format of Kerberos /etc/krb5.conf configuration file

Check the /etc/krb5.conf file contents, contents should be in proper format.

KRB5_CONFIG_NOTENUFSPACE 

-1765328247L

Insufficient space to return complete information 

Check the configured key tab file name, should be less than 256 characters.

KRB5_BADMSGTYPE 

-1765328246L

Invalid message type specified for encoding 

Capture the network traces and verify the message type, It should be ap_req(14)..

KRB5_CC_BADNAME 

-1765328245L

Credential cache name malformed 

Verify the cifs setup or nfs setup using Windows KDC.

KRB5_CC_UNKNOWN_TYPE 

-1765328244L

Unknown credential cache type 

Verify the cifs setup or nfs setup using Windows KDC.

KRB5_CC_NOTFOUND 

-1765328243L

No matching credential has been found 

Verify the cifs setup or nfs setup using Windows KDC

KRB5_CC_END 

-1765328242L

End of credential cache reached 

Verify the cifs setup or nfs setup using Windows KDC

KRB5_NO_TKT_SUPPLIED 

-1765328241L

Request did not supply a ticket 

Capture the network traces and verify the ticket length. It should have a proper value.

KRB5KRB_AP_WRONG_PRINC 

-1765328240L

Wrong principal in request 

Capture the network traces and compare the server principal name in ap-req with the filer key tab principal names. 

KRB5KRB_AP_ERR_TKT_INVALID 

-1765328239L

Ticket has an invalid flag set 

Request contains an invalid ticket. Regenerate the tickets for the client and filer.

KRB5_KDCREP_MODIFIED 

-1765328237L

KDC reply did not match expectations 

Verify the cifs setup or nfs setup using Windows KDC.

KRB5_PRINC_NOMATCH 

-1765328238L

Requested principal and ticket do not match 

Capture the network traces and compare the server principal name in request with the filer key tab principal name.

KRB5_KDCREP_SKEW 

-1765328236L

Clock skew too high in KDC reply 

Check the time synchronization between the client, KDC and the filer. It should be less than 5 minutes and should be in same time zone.

KRB5_IN_TKT_REALM_MISMATCH 

-1765328235L

Client/server realm mismatch in the initial ticket request 

Capture the network traces and compare the realm names in the request with the filer configured realm.

KRB5_PROG_ETYPE_NOSUPP 

-1765328234L

Program lacks support for encryption type 

ONTAP 7G/7M will support only DES-CBC-CRC and DES-CBC-MD5. While generating key tabs using add_principal/ktpass, use the encryption type DES only.

KRB5_WRONG_ETYPE 

-1765328232L

Requested encryption type not used in the message 

Nothing to do with ONTAP Kernel.

KRB5_PROG_SUMTYPE_NOSUPP 

-1765328231L

Program lacks support for the checksum type 

Checksum type not supported, verify the client side configuration.

KRB5_REALM_UNKNOWN 

-1765328230L

Cannot find KDC for requested realm 

Check the /etc/krb5.conf file. It should be configured with the proper KDC, realm details.

KRB5_SERVICE_UNKNOWN 

-1765328229L

Kerberos service unknown 

Nothing to do with ONTAP Kernel

KRB5_KDC_UNREACH 

-1765328228L

Cannot contact any KDC for the requested realm 

Check the cifs setup or nfs setup using  Windows KDC

KRB5_NO_LOCALNAME 

-1765328227L

No local name found for principal name 

Nothing to do with ONTAP Kernel.

KRB5_MUTUAL_FAILED 

-1765328226L

Mutual authentication failed 

Check the time synchronization between the client, KDC and the filer. It should be less than 5 minutes and should be in same time zone.

KRB5_RC_TYPE_EXISTS 

-1765328225L

Replay cache type is already registered 

Try by disabling the Kerberos reply cache option.

KRB5_RC_MALLOC 

-1765328224L

No more memory to allocate in replay cache code 

Check the filer memory statics.

KRB5_RC_TYPE_NOTFOUND 

-1765328223L

Replay cache type is unknown 

Try disabling the Kerberos reply cache option.

KRB5_RC_UNKNOWN 

-1765328222L

Generic unknown RC error 

Try disabling the Kerberos reply cache option.

KRB5_RC_REPLAY 

-1765328221L

Message is a replay 

Try disabling the Kerberos reply cache option.

KRB5_RC_IO 

-1765328220L

Replay I/O operation failed 

Try disabling the Kerberos reply cache option.

KRB5_RC_NOIO 

-1765328219L

Replay cache type does not support non-volatile storage 

Try disabling the Kerberos reply cache option.

KRB5_RC_PARSE 

-1765328218L

Replay cache name parse and format error 

Try disabling the Kerberos reply cache option.

KRB5_RC_IO_EOF 

-1765328217L

End-of-file on replay cache I/O 

Try disabling the Kerberos reply cache option.

KRB5_RC_IO_MALLOC 

-1765328216L

No more memory to allocate in replay cache I/O code 

Check the filer memory statics.

KRB5_RC_IO_PERM 

-1765328215L

Permission denied in replay cache code 

Try disabling the Kerberos reply cache option.

KRB5_RC_IO_IO 

-1765328214L

I/O error in replay cache I/O code 

Check the filer memory statics.

KRB5_RC_IO_UNKNOWN 

-1765328213L

Generic unknown RC/IO error 

Check the filer memory statics.

KRB5_RC_IO_SPACE 

-1765328212L

Insufficient system space to store replay information 

Check the filer memory statics.

KRB5_TRANS_CANTOPEN 

-1765328211L

Cannot open/find the realm translation file 

Nothing to do with ONTAP Kernel.

KRB5_TRANS_BADFORMAT 

-1765328210L

Improper format of realm translation file 

Nothing to do with ONTAP Kernel.

KRB5_LNAME_CANTOPEN 

 -1765328209L

Cannot open or find the  lname translation database

Capture the network traces and verity the error and generate the new tickets with the proper encryption type.

KRB5_LNAME_NOTRANS 

 -1765328208L

No translation is available for the requested principal 

Capture the network traces and verity the error and generate the new tickets with the proper encryption type.

KRB5_LNAME_BADFORMAT 

 -1765328207L

Improper format of translation database entry 

Capture the network traces and verity the error and generate the new tickets with the proper encryption type.

KRB5_CRYPTO_INTERNAL 

 -1765328206L

Cryptosystem internal error 

Checksum validation failed. Capture the network traces and verity the error and generate the new tickets with the proper encryption type.

KRB5_KT_BADNAME 

 -1765328205L

Key table name malformed 

Nothing to do with ONTAP Kernel.

KRB5_KT_UNKNOWN_TYPE 

 -1765328204L

Unknown key table type 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_KT_NOTFOUND 

 -1765328203L

Key table entry not found 

Capture the network traces and verify the ap-req principal is available in key tab file or not.

KRB5_KT_END 

 -1765328202L

End of key table reached 

Capture the network traces and verify the  ap-req principal is  available in key tab file or not.

KRB5_KT_NOWRITE 

 -1765328201L

Cannot write to the specified key table 

Verify the number of memory key tab entries; it should be less than 64.

KRB5_KT_IOERR 

 -1765328200L

Error writing to key table 

Verify the ,give the configured default_keytab_name' in the /etc/krb5.conf file. For UNIX_KDC it should be FILE:/etc/UNIX_krb5.keytab and for WINDOWS KDC it should be MEMORY:/etc/krb5.ketyab.

KRB5_NO_TKT_IN_RLM 

 -1765328199L

Cannot find the ticket for the requested realm 

Capture the network traces between the filer and Windows/UNIX KDC. If the ticket is not found, add the proper principals and regenerate the tickets.

KRB5DES_BAD_KEYPAR 

 -1765328198L

DES key has bad parity 

Checksum verification failed; retry the mount operation with the newly generated key tab files.

KRB5DES_WEAK_KEY 

 -1765328197L

DES key is a weak key 

Checksum verification failed; retry the mount operation with the newly generated key tab files.

KRB5_BAD_ENCTYPE 

 -1765328196L

Bad encryption type 

ONTAP 7G/7M will support only DES-CBC-CRC and DES-CBC-MD5. While generating key tabs using add_principal/ktpass, use the encryption type DES only.

KRB5_BAD_KEYSIZE 

 -1765328195L

Key size is incompatible with the encryption type 

Key size validation failed during checksum validation. Capture the network traces and verity the error and generate the new tickets with the proper encryption type.

KRB5_BAD_MSIZE 

 -1765328194L

Message size is incompatible with the encryption type 

Message size validation failed during check sum verification. Capture the network traces and verity the error and generate the new tickets with the proper encryption type.

KRB5_CC_TYPE_EXISTS 

 -1765328193L

Credentials cache type is already registered 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup, Capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_KT_TYPE_EXISTS 

 -1765328192L

Key table type is already registered 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_CC_IO 

 -1765328191L

Credentials cache I/O operation failed 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_FCC_PERM 

 -1765328190L

Credentials cache file permissions incorrect 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_FCC_NOFILE 

 -1765328189L

No credentials cache file found 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_FCC_INTERNAL 

 -1765328188L

Internal file credentials cache error 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_CC_WRITE 

 -1765328187L

Error writing to credentials cache file 

Check the cifs setup or nfs setup using Windows KDC; capture the network traces between the filer and KDC during the cifs/nfs setup

KRB5_CC_NOMEM 

 -1765328186L

No more memory to allocate in the credentials cache code 

Verify the filer memory statistics.

KRB5_CC_FORMAT 

 -1765328185L

Bad format in the credentials cache 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_INVALID_FLAGS 

 -1765328184L

Invalid KDC option combination, which is an internal library error 

Nothing to do with ONTAP kernel.

KRB5_NO_2ND_TKT 

 -1765328183L

Request missing second ticket 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_NOCREDS_SUPPLIED 

 -1765328182L

No credentials supplied to library routine 

Nothing to do with ONTAP kernel.

KRB5_SENDAUTH_BADAUTHVERS 

 -1765328181L

Bad sendauth version was sent 

Check the cifs setup or nfs setup using windows kdc, Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_SENDAUTH_BADAPPLVERS 

 -1765328180L

Bad application version was sent by sendauth 

Check the cifs setup or nfs setup using windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_SENDAUTH_BADRESPONSE 

 -1765328179L

Bad response during sendauth exchange 

Check the cifs setup or nfs setup using Windows KDC, Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_SENDAUTH_REJECTED 

 -1765328178L

Server rejected authentication during sendauth exchange 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_PREAUTH_BAD_TYPE 

 -1765328177L

Unsupported pre-authentication type 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_PREAUTH_NO_KEY 

 -1765328176L

Required pre-authentication key not supplied 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_PREAUTH_FAILED 

 -1765328175L

Generic pre-authentication failure 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_RCACHE_BADVNO 

 -1765328174L

Unsupported format version number for replay cache 

Try by disabling the Kerberos reply cache option.

KRB5_CCACHE_BADVNO 

 -1765328173L

Unsupported credentials cache format version number 

Check the cifs setup or nfs setup using windows kdc, Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_KEYTAB_BADVNO 

 -1765328172L

Unsupported key table format version number 

Capture the network traces and verify the ap-req key version in the key tab file. Both should have same key version number.

KRB5_PROG_ATYPE_NOSUPP 

 -1765328171L

Program lacks support for address type 

Received invalid  IP address type, check the client side configuration.

KRB5_RC_REQUIRED 

 -1765328170L

Message replay detection requires rcache parameter 

Try disabling the Kerberos reply cache option.

KRB5_ERR_BAD_HOSTNAME 

 -1765328169L

Host name cannot be canonicalized 

Hostname to IP address resolution failed.  Verify the name server resolution.

KRB5_ERR_HOST_REALM_UNKNOWN 

 -1765328168L

Cannot determine the realm for the host 

Configure the default realm.

KRB5_SNAME_UNSUPP_NAMETYPE 

 -1765328167L

Conversion to service principal is undefined for the name type 

ONTAP has taken care and is always setting the proper type.

KRB5_REALM_CANT_RESOLVE 

 -1765328165L

Cannot resolve KDC for requested realm 

Check the configured KDC details.

KRB5_TKT_NOT_FORWARDABLE 

 -1765328164L

The requesting ticket cannot get the forwardable tickets 

Nothing to do with ONTAP Kernel.

KRB5_FWD_BAD_PRINCIPAL 

 -1765328163L

Bad principal name while trying to forward credentials 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_GET_IN_TKT_LOOP 

 -1765328162L

Looping detected inside krb5_get_in_tkt 

Check the cifs setup or nfs setup using Windows KDC. Capture the network traces between the filer and KDC during the cifs/nfs setup.

KRB5_CONFIG_NODEFREALM 

 -1765328161L

Configuration file /etc/krb5.conf does not specify the default realm

Configure the default realm name in libdefaults section in the /etc/krb5.conf file

KRB5_SAM_UNSUPPORTED 

 -1765328160L

Bad SAM flags in obtain_sam_padata 

 

KRB5_KT_NAME_TOOLONG 

 -1765328159L

Key tab name too long 

Configure proper key tab name in the /etc/krb5.conf file, it should be less than 256 chars. To void errors use empty /etc/krb5.conf file.

KRB5_KT_KVNONOTFOUND 

 -1765328158L

Key version number for principal in key table is incorrect 

Capture the network traces and verify the key version number. ap_req kvno should be same as with the key tab file.

 

 

Additional Information

Add your text here.