Skip to main content
NetApp Knowledge Base

ONTAP Requirements for CIFS Kerberos

Views:
175
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • Microsoft Windows
  • Kerberos

Answer

  • Check to see if any existing sessions are using Kerberos
    • Cluster1::> vserver cifs session show -vserver svm1 -fields authentication-method
      • node         vserver   session-id   connection-id  auth-mechanism
        ----------   -------   ----------   ------------   --------------
        Cluster-01   svm       9513291262   3060587580     NTLMv2
  • Users must access shares via domain name and not via IP Address
  • Confirm time difference between ONTAP and the Domain Controller is less than 5 minutes (the default time skew)
  • DNS A record should have the name of the ONTAP CIFS Server, and the IP Address of one of the Data LIFs for that SVM.
  • Confirm SPNs (Service Principal Name) exists for the CIFS machine account
    • C:\> setspn -l <svm_machine_account_name>

Additional Information

 

 

  • Was this article helpful?