CIFS服务器帐户密码与Active Directory中存储的密码不匹配(krb5kdc_ERR_PREAUT_FAILE）

适用场景

• ONTAP 9
• CIFS/SMB

问题描述

• 客户端无法 通过 \\svm_ip 、\\svm_ip\share_name 或访问SMB/CCIFS共享 \\fqdn

注意： 屏幕截图显示错误：Windows无法访问\\hostname\sharename 

  

注意： 屏幕截图显示错误：\\无法访问主机名。您可能没有使用此网络资源的权限。

• EMS日志错误：

Wed Sep 27 02:50:49 +0000 [node-01: secd: secd.cifsAuth.problem:error]: vserver (svm_name) General CIFS authentication problem.

[  3398] CIFS server account password does not match password stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)  

Wed Sep 27 02:50:40 +0000 [node-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm_name).

secd.conn.auth.failure:error: Vserver (SVM01) could not authenticate over the network to server (Server01)

注:  

• 安全守护进程安全日志：

00000008.005bdd68 0493a463 Wed Sep 27 2023 02:50:49 +00:00 [kern_secd:info:88xx] | [002.382.xxx]  info :  [krb5 context 087D0xxx] Received error from KDC: -17653xxxxx/Additional pre-authentication required

• 尝试更改密码失败(vserver cifs domain password change ):
• CLI响应

Error: Password update failed. Reason: Kerberos Error: Invalid credentials were given.

• EMS

mgwd: cifs.domainpwd.not.updated:error]: An attempt to update the domain account password for Vserver X failed during password change with the following error: Password update failed. Reason: Kerberos Error: Invalid credentials were given