メインコンテンツまでスキップ

ホスト名を使用して CIFS サーバにアクセスすると、「 Key table entry not found ( krb5_KT_NOTFOUND )」というエラーが表示されて失敗します。

Views:
423
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>Kerberos</a><a>1086891</a><a>AES</a><a>krb5 _ KT_NOTFOUND</a>
Last Updated:

のしんだ

環境

  • ONTAP 9
  • CIFS
  • KerberosのEType
  • ドメインコントローラ(DC)
  • Windows OS

問題

  • ホスト名を使用して共有を開くときにアクセスが拒否される
    • 例: \\svm_hostname
  • IP経由でアクセスした場合、想定どおりに同じ共有が開かれる
    • 例: \\ip_address_of_SVM
  • ログには次の情報が表示されます。
    • EMS.log

[?] Mon Jan 14 00:27:40 IST [Cluster1: secd: secd.cifsAuth.problem:error]: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = a.b.c.d [ 4 ms] Error accepting security context for Vserver identifier (4). Key table entry not found (KRB5_KT_NOTFOUND). **[ 7] FAILURE: CIFS authentication failed

  • ログイン SECD.log: enctype aes256 または enctype aes256 ログに記録されます。

00000015.0056f642 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.000.125] debug: secd_rpc_auth_extended_1_svc called with vserver = SVM1 { in secd_rpc_auth_extended_1_svc() at src/authentication/secd_rpc_auth.cpp:1204 }
00000015.0056f643 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.281] info : [krb5 context 09658600] Retrieving cifs/SVM1@testlab.com from SPINKT:kt:C:4 (vno 3, enctype aes256-cts) with result: -1765328203/Key table entry not found
00000015.0056f644 01e038b1 Mon Jan 14 2019 00:29:31 +05:30 [kern_secd:info:7104] | [000.004.356] info : Error accepting security context for Vserver identifier (4). Key table entry not found (KRB5_KT_NOTFOUND).

  • Windows側でSPNエントリが正しく更新されている。

C:\Windows\system32>setspn -l SVM1
Registered ServicePrincipalNames for CN=SVM1,OU=Computers,DC=TESTLAB,DC=COM:
 HOST/SVM1.testlab.com
 HOST/SVM1

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.