在SVM上启用AES加密后无法访问CIFS共享
- Views:
- 8
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-9
- Specialty:
- nas<a>AES</a><a>2009409285</a>
- Last Updated:
适用场景
- ONTAP 9
- CIFS
- 高级加密标准( AES )
问题描述
- 在使用以下命令为基于Kerberos的通信启用AES加密后、无法访问CIFS共享
::> cifs server security modify -vserver <svm> -is-aes-encryption-enabled true
- AES-256和AES-128加密类型不会反映在CIFS服务器计算机帐户
msDS-SupportedEncryptionTypes属性中
PS C:\Users\Administrator> Get-ADComputer cifs01 -Properties msDS-SupportedEncryptionTypes,KerberosEncryptionTypeDistinguishedName : CN=CIFS,OU=NetAppSVM,DC=ntapp,DC=localDNSHostName : CIFS01.NTAPP.LOCALEnabled : TrueKerberosEncryptionType : {RC4}msDS-SupportedEncryptionTypes : 6Name : CIFS01ObjectClass : computerObjectGUID : 76b04d1c-90da-4a64-be61-eeffd8ee83d3SamAccountName : CIFS01$SID : S-1-5-21-3246256033-3924162847-1802636329-1224- 在EMS中可能会观察到以下错误:
[node-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (SVM1).