NFSv4 mount with krb5 security fails with "access denied by server" due to unsupported encryption
Applies to
- ONTAP 9
- NFSv4
- Kerberos
Issue
- On NFSv4 mount using
sec=krb5
, the mount fails withaccess denied by server while mounting nfs-svm.example.com:/nfs_krb5_mnt
- NFSv4 mounts using
sec=sys
succeeds. - ONTAP reports this as shown below:
Cluster1::> event log show -node node1 -message-name secd*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
5/9/2021 14:09:51 node1 ERROR secd.nfsAuth.problem: vserver (svm01) General NFS authorization problem. Error: RPC accept GSS token procedure failed
[ 0 ms] Using the NFS service credential for logical interface 1030 (SPN='nfs/xxxxxxxxx') from cache.
**[ 1] FAILURE: Failed to accept the context: Unspecified GSS failure. Minor code may provide more information (minor: Encryption type ArcFour with HMAC/md5 not permitted).