在CIFS设置、创建或密码重置期间、由于krb5kdc_ERR_etype_NOSUPPR而发生故障
状态信息
适用场景
- ONTAP 9
- CIFS
问题描述
- ONTAP 命令行界面命令
cifs setup
或vserver cifs create
vserver cifs password-reset
失败 - secd日志:
KRB5KDC_ERR_ETYPE_NOSUPP
KDC_ERR_ETYPE_NOTSUPP
(KDC不支持加密类型)。
示例:
[kern_secd:info:12090] | [000.028.994] debug: Supported encryption types are RC4 and DES { in getEtypeList() at src/utils/secd_krb_utils.cpp:103 }
[kern_secd:info:12090] Failure Summary:
[kern_secd:info:12090] Error: Machine account creation procedure failed
[kern_secd:info:12090] [ 28] Loaded the preliminary configuration.
[kern_secd:info:12090] [ 31] Successfully connected to ip xx.xx.0.1, port 88 using TCP
[kern_secd:info:12090] **[ 40] FAILURE: Could not authenticate as 'user@DOMAIN.LOCAL': KDC has no support for encryption type (KRB5KDC_ERR_ETYPE_NOSUPP)
- SVM加密设置与DC加密配置不同:
cluster1::> vserver cifs security show
Vserver: vs1
Kerberos Clock Skew: 3 minutes
Kerberos Ticket Age: 8 hours
Kerberos Renewal Age: 7 days
Kerberos KDC Timeout: 3 seconds
Is Signing Required: true
Is Password Complexity Required: true
Use start_tls For AD LDAP connection: false
Is AES Encryption Enabled: false