Unable to delete NFS Kerberos with error cifs smb kadmin error

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 20

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
Key Distribution Center (KDC)
Domain Controller (DC)
CIFS
Service Principal Name (SPN)

Issue

CLI error with warning:

::*> vserver nfs kerberos interface modify -vserver XX -lif XX -kerberos disabled

Warning: This command deletes the service principal name "XXXX" from the machine account on the KDC.Do you want to continue? y Error: command failed: Failed to disable NFS Kerberos on LIF "XX". Failed to delete the account associated with the Kerberos service principal name. Reason: cifs smb kadmin error.

SECD logs:

debug:secd_rpc_nfs_krb_delete_account_1_svc_secd called with vserverId=3, adminUserName=admin{in secd_rpc_nfs_krb_delete_account_1_svc_secd() at src/nfs_kerberos/secd_nfs_krbkey.cpp:777} debug:Found KrbSpn nfs/XXfor vserverId=3, vifId=1030 {in secd_rpc_nfs_krb_delete_account_1_svc_secd() at src/nfs_kerberos/secd_nfs_krbkey.cpp:781} debug:vif princ Spn nfs/XX{ in secd_rpc_nfs_krb_delete_account_1_svc_secd() at src/nfs_kerberos/secd_nfs_krbkey.cpp:791}debug:The file /usr/local/etc/krb5.conf is missing, skipping to next.

With

Failed to accept the context: Unspecified GSS failure. Minor code may provide more information(minor: Cannot decrypt ticket for nfs/XX using keytab key for nfs/XX)

ERR:RESULT_ERROR_CIFS_SMB_KADMIN_ERROR:1142 in getKadminServerHandle() at src/utils/secd_kadmin_utils.cpp:178 ERR:getKadminServerHandle: Kadmin Error: (-1765328378): 'Client not found in Kerberos database':
ERR:RESULT_ERROR_CIFS_SMB_KADMIN_ERROR:1142 in secd_rpc_nfs_krb_delete_account_1_svc_secd()at src/nfs_kerberos/secd_nfs_krbkey.cpp:877
ERR:Uncaptured failure while deleting account { in secd_rpc_nfs_krb_delete_account_1_svc_secd()at src/nfs_kerberos/secd_nfs_krbkey.cpp:890