メインコンテンツまでスキップ

Microsoft April 2022 HotfixesのあとにCIFSパスワードを変更すると、SecD:secsecsec.kerberos.preauth:エラーが表示されずに失敗します

Views:
148
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>20099147370</a>
Last Updated:

環境

  • ONTAP 9
  • CIFS
  • Active Directory
  • CVE-2021-42287

問題

  • vserver cifs domain password schedule が有効になっている場合、エラーは通知されません。
  • イベントログが以下のエラーを示している

Sat Apr 16 03:00:00 +0800 [cluster1-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm1).

  • CIFSクライアントアクセスが secd.log エラーで失敗する KRB5KDC_ERR_PREAUTH_FAILED
  • 次のコマンドも失敗します。
    • vserver cifs domain password change
    • vserver cifs domain password schedule
    • vserver cifs security modify -is-aes-encryption-enabled

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.