How to set the correct SPN for a storage controller
Applies to
- Data ONTAP 8 7-Mode
- Data ONTAP 7 and earlier
Description
- There are times when the Service Principal Name (SPN) defined during CIFS Setup does not match the required SPN that a client attempts to look up.
- This results in the following error being identified in the packet trace:
KRB_ERR_S_PRINCIPAL_UNKNOWN
- This in turn, causes the Microsoft Client to fall back and then use NTLM for authentication instead of Kerberos.
- This results in the following error being identified in the packet trace:
- There are three common causes for this:
- When CIFS setup was run on the storage controller, the value defined in
options dns.domainname
did not match the FQDN of the domain that was being joined. - When clients attempt to access the storage controller, they are using a Netbios Alias.
- When clients attempt to access the storage controller, they are using a DNS Alias.
- When CIFS setup was run on the storage controller, the value defined in