Kerberos Encryption Type Change Fails with "KDC has no support for encryption type" Error
Applies to
- ONTAP 9
- Kerberos encryption types
Issue
rc4, des'
to 'aes-128, aes-256'
,the following error occurs:Cluster::> vserver cifs security modify -vserver <Vserver name> -advertised-enc-types aes-128,aes-256
Enter your user ID: Administrator@test.com
Enter your password:
Error: command failed: Password update failed. Reason: Kerberos Error: KDC has no support for encryption type.
Secd log:
00000020.001098b2 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.587] info : [krb5 context 09618400] Retrieving STRG_USER$@SHIMPO.LOCAL from SPINKT:kt:C:12 (vno 0, enctype aes256-cts) with result: -1765328203/Key table entry not found
00000020.001098b3 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.599] info : [krb5 context 09618400] Preauth module encrypted_timestamp (2) (real) returned: -1765328203/Key table entry not found
00000020.001098b4 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.631] ERR : CIFS server could not authenticate as 'STRG_USER$@SHIMPO.LOCAL': Generic preauthentication failure (KRB5_PREAUTH_FAILED) { in getKerberosServerCredentials() at src/utils/secd_krb_utils.cpp:617 }
00000020.001098b5 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.647] ERR : RESULT_ERROR_KERBEROS_UNKNOWN_ERROR:7556 in getKerberosServerCredentials() at src/utils/secd_krb_utils.cpp:633