如果为Kerberos禁用AES、则会记录KDC事件ID 16
适用场景
- ONTAP 9
- CIFS
- Windows 密钥分发中心( KDC )
问题描述
- 由于缺少对AES加密类型"Aes128-CTS-HMAC-SHA1-96"(17)和"AES256-CTS-HMAC-SHA1-96"(18)的Kerberos支持、源Microsoft-Windows-Kerberos Key-Distribution -Center中的事件ID 16 (KDCESVENT_NO_key_intersoncsection _TGS)已记录在一个或多个KDC上:
While processing a TGS request for the target server cifs/netappcifs, the account user@DOMAIN.COM did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18 17. The accounts available etypes were 23 -133 -128 18 17. Changing or resetting the password of NETAPPCIFS will generate a proper key.
- 用于
vserver cifs security show
确定当前配置:
cluster::> vserver cifs security show -vserver netappcifs -fields is-aes-encryption-enabled vserver is-aes-encryption-enabled ---------- ------------------------- netappcifs false