在CIFS设置、创建或密码重置期间、由于krb5kdc_ERR_etype_NOSUPPR而发生故障

适用场景

• ONTAP 9
• CIFS

问题描述

• ONTAP 命令行界面命令cifs setup或vserver cifs createvserver cifs password-reset 失败
• secd日志：
  • KRB5KDC_ERR_ETYPE_NOSUPP 
  • KDC_ERR_ETYPE_NOTSUPP (KDC不支持加密类型)。

示例：

[kern_secd:info:12090] | [000.028.994] debug: Supported encryption types are RC4 and DES { in getEtypeList() at src/utils/secd_krb_utils.cpp:103 }
[kern_secd:info:12090] Failure Summary:
[kern_secd:info:12090] Error: Machine account creation procedure failed
[kern_secd:info:12090] [ 28] Loaded the preliminary configuration.
[kern_secd:info:12090] [ 31] Successfully connected to ip xx.xx.0.1, port 88 using TCP
[kern_secd:info:12090] **[ 40] FAILURE: Could not authenticate as 'user@DOMAIN.LOCAL': KDC has no support for encryption type (KRB5KDC_ERR_ETYPE_NOSUPP)

• SVM加密设置与DC加密配置不同：

cluster1::> vserver cifs security show

       Vserver: vs1
           Kerberos Clock Skew:         3 minutes
           Kerberos Ticket Age:         8 hours
          Kerberos Renewal Age:         7 days
          Kerberos KDC Timeout:         3 seconds
           Is Signing Required:         true
     Is Password Complexity Required:         true
  Use start_tls For AD LDAP connection:         false
        Is AES Encryption Enabled:         false