Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

CIFS setup fails with "No Kerberos keys for this account in Active Directory"

Last Updated:

Applies to 

  • Data ONTAP 7-mode
  • Kerberos


  • CIFS setup fails with below error :
    • Could not authenticate with domain controller: No Kerberos keys for this account in Active Directory.
  • Example :

*> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.
        This filer is currently a member of the Active Directory domain
Do you want to continue and change the current filer account information? [n]: y
        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]:
        This filer is currently configured as an NTFS-only filer.
Would you like to reconfigure this filer to be a multiprotocol filer? [n]:
        The default name for this CIFS server is 'VRAMAMUR-VSIM'.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the NASLAB.LOCAL domain.
Enter the name of the Windows user [Administrator@NASLAB.LOCAL]:
Password for Administrator@NASLAB.LOCAL:
Could not authenticate with domain controller: No Kerberos keys for this account in Active Directory.
To recover, reset account password on DC, then either wait for or force
Active Directory synchronization.
CIFS - unable to log into domain as Administrator@NASLAB.LOCAL.
        Please try again (Ctrl-C to exit).
Enter the name of the Windows user [Administrator@NASLAB.LOCAL]:


Scan to view the article on your device

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support