Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 25 results
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Unable_to_connect_to_CIFS_shares_after_enabling_AES_for_advertised_encryption_types
      Applies to ONTAP 9 CIFS Kerberos Issue Clients unable to login to CIFS shares after enabling AES-128 and AES-256 for advertised encryption types on a CIFS server Packet captures show a Kerberos error ...Applies to ONTAP 9 CIFS Kerberos Issue Clients unable to login to CIFS shares after enabling AES-128 and AES-256 for advertised encryption types on a CIFS server Packet captures show a Kerberos error occurring with error code KRB5KRB_AP_ERR_MODIFIED
    • https://kb.netapp.com/on-prem/ontap/OHW/OHW-KBs/Domain_Controller_not_responding_-_Resolution_Guide
      Applies to ONTAP 9 Description CIFS authentication fails and indicates that the domain controllers are not responding The following document is designed to assist you finding a solution based on what ...Applies to ONTAP 9 Description CIFS authentication fails and indicates that the domain controllers are not responding The following document is designed to assist you finding a solution based on what condition you are meeting
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Accessing_a_CIFS_server_via_name_fails_with_the_error__Key_table_entry_not_found_KRB5_KT_NOTFOUND
      Key table entry not found (KRB5_KT_NOTFOUND). **[ 7] FAILURE: CIFS authentication failed 00000015.0056f643 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.281] info : [krb5 c...Key table entry not found (KRB5_KT_NOTFOUND). **[ 7] FAILURE: CIFS authentication failed 00000015.0056f643 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.281] info : [krb5 context 09658600] Retrieving cifs/SVM1@testlab.com from SPINKT:kt:C:4 (vno 3, enctype aes256-cts) with result: -1765328203/Key table entry not found
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/CIFS_SMB_is_not_accessible_because_authentication_fails_when_secd.kerberos.clockskew_is_seen_in_EMS
      CIFS/SMB is not accessible because authentication fails when secd.kerberos.clockskew is seen in EMS Accessing shares through IP is successful, but attempting to do so via hostname (\\hostname) or FQDN...CIFS/SMB is not accessible because authentication fails when secd.kerberos.clockskew is seen in EMS Accessing shares through IP is successful, but attempting to do so via hostname (\\hostname) or FQDN (\\hostname.domain.com) fails. ERR : [    22] Unable to connect to any of the provided DNS servers ERR : [   104] Unable to connect to a7-6.cifs.lab.netapp.com through the 10.53.21.46 interface A packet trace is only needed from the client to confirm this - we'd see a KRB5 packet:
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Unable_to_modify_the_ACL_permission_after_enabled_Seal_Signing_for_MS-LDAP
      Unable to modify ACL permission after enabling LDAP signing/seal [kern_secd:info:17440] [ 2771] Unable to SASL bind to LDAP server using GSSAPI: Can't contact LDAP server [000.298.711] ERR : Unable to...Unable to modify ACL permission after enabling LDAP signing/seal [kern_secd:info:17440] [ 2771] Unable to SASL bind to LDAP server using GSSAPI: Can't contact LDAP server [000.298.711] ERR : Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:575 } Client presents "The program cannot open the required dialog box because it cannot determine whether the computer named "host" is joined to a domain"
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/RHEL_clients_are_able_to_mount_home_directories_but_can_t_access_the_NFS_share
      Applies to ONTAP 9 Kerberos RHEL Kerberos Distribution Center (KDC) Issue After enabling Kerberos on the data LIFs, RHEL clients are able to mount home directories, but get 'permission denied' when li...Applies to ONTAP 9 Kerberos RHEL Kerberos Distribution Center (KDC) Issue After enabling Kerberos on the data LIFs, RHEL clients are able to mount home directories, but get 'permission denied' when listing files and changing directory
    • https://kb.netapp.com/Legacy/ONTAP/7Mode/CIFS_inaccessible_by_some_clients_using_DNS_name_after_AD_object_password_reset
      The 7-Mode Active Directory (AD) computer object password is reset and users are unable to connect to CIFS shares with generic network error "windows Cannot Access the specified device path, path, or ...The 7-Mode Active Directory (AD) computer object password is reset and users are unable to connect to CIFS shares with generic network error "windows Cannot Access the specified device path, path, or file" "CIFS setup" is ran in Data ONTAP -Mode to re-synchronize the AD object password and this restores access, however some clients are still unable to connect using the DNS name All clients are able to ping the DNS name, which resolves to the correct IP address
    • https://kb.netapp.com/on-prem/ontap/Perf/Perf-KBs/Logging_into_cluster_using_Active_Directory_domain_account_times_out_when_using_Kerberos_for_domain-tunnel_authentication
      Applies to ONTAP 9 Active Directory (AD) Domain Tunnel Issue Logging into cluster using Active Directory domain account times out when using Kerberos for domain-tunnel authentication.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/DC_connection_fails_with_error_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN_causing_CIFS_issue
      Users do not have access to CIFS shares Logs show connection to domain controller using machine account fails with error KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: ERROR secd.cifsAuth.problem: vserver (svm_cifs...Users do not have access to CIFS shares Logs show connection to domain controller using machine account fails with error KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: ERROR secd.cifsAuth.problem: vserver (svm_cifs) General CIFS authentication problem. [ 10] Unable to connect to NetLogon service on dcsvr.tekunasas.local (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE) On the Active Directory side, the machine acount of the CIFS server is not found
    • https://kb.netapp.com/Legacy/ONTAP/7Mode/CIFS_setup_fails_with_No_Kerberos_keys_for_this_account_in_Active_Directory
      This process will enable CIFS access to the filer from a Windows(R) system. This filer is currently a member of the Active Directory domain Do you want to continue and change the current filer account...This process will enable CIFS access to the filer from a Windows(R) system. This filer is currently a member of the Active Directory domain Do you want to continue and change the current filer account information? [n]: y Would you like to reconfigure this filer to be a multiprotocol filer? [n]: In order to create an Active Directory machine account for the filer, Could not authenticate with domain controller: No Kerberos keys for this account in Active Directory.
    • https://kb.netapp.com/on-prem/ontap/OHW/OHW-KBs/Receiving_required_key_not_available_error_when_mounting_cifs_share_using_Kerberos
      When mounting a CIFS share using kerberos authentication from a Unix client, the mount fails with a "Required key not available" error. When mounting cifs share without using sec=krb5 option(where pas...When mounting a CIFS share using kerberos authentication from a Unix client, the mount fails with a "Required key not available" error. When mounting cifs share without using sec=krb5 option(where password needs to typed manually for username), scripts folder is accessible. When mounting cifs share using with sec=krb5 option(where password is not typed manually), scripts folder is not accessible.