跳转到主内容

通过主机名访问 CIFS 服务器失败,并显示以下错误: Key table entry not found ( KRB5_KT_NOTFOUND )

Views:
11
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

状态信息

适用于

  • ONTAP 9
  • Kerberos 类型

问题

客户端在通过主机名(即)访问 CIFS 服务器时遇到问题 \\svm_hostname ,以下日志会显示这些错误: (KRB5_KT_NOTFOUND)

无论怎样,通过 IP 访问都能正常工作。(即) \\ip_address_of_SVM

 

  • EMS 日志:

EMS 日志显示与 Kerberos 相关的错误:

[?] Mon Jan 14 00:27:40 IST [Cluster1: secd: secd.cifsAuth.problem:error]: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = a.b.c.d [ 4 ms] Error accepting security context for Vserver identifier (4). Key table entry not found (KRB5_KT_NOTFOUND). **[ 7] FAILURE: CIFS authentication failed 
 

  • Secd 日志:

Secd 日志显示接受 enctype : AES256 或 aes128 时出现问题:

00000015.0056f642 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.000.125] debug: secd_rpc_auth_extended_1_svc called with vserver = SVM1 { in secd_rpc_auth_extended_1_svc() at src/authentication/secd_rpc_auth.cpp:1204 }
00000015.0056f643 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.281] info : [krb5 context 09658600] Retrieving cifs/SVM1@testlab.com from SPINKT:kt:C:4 (vno 3, enctype aes256-cts) with result: -1765328203/Key table entry not found
00000015.0056f644 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.356] info : Error accepting security context for Vserver identifier (4). Key table entry not found (KRB5_KT_NOTFOUND).

  • Windows 端的 SPn 条目已正确更新:

C:\Windows\system32>setspn -l SVM1
Registered ServicePrincipalNames for CN=SVM1,OU=Computers,DC=TESTLAB,DC=COM:
 HOST/SVM1.testlab.com
 HOST/SVM1

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support