I am having trouble access cifs shares. I have tried running cifs setup and it fails with "Data ONTAP API Failed :Could not authenticate with domain controller: Client not found in Kerberos database." It appears to be trying to use an old domain controller. when i run cifs domaininfo i get the following results
cifs domaininfo NetBios Domain: domain Windows 2000 Domain Name: domain.net Type: Windows 2000 Filer AD Site: sitename
Not currently connected to any DCs Preferred Addresses: 172.20.216.30 BDC 172.20.216.31 BDC 172.20.176.92 BDC Favored Addresses: None Other Addresses: None
Not currently connected to any AD LDAP server Preferred Addresses: None Favored Addresses: 172.20.216.151 BROKEN server1.domain.net 172.20.216.150 BROKEN server1.domain.net 172.20.216.150 server1.domain.net 172.20.216.151 server2.domain.net Other Addresses: None
The ip addresses listed in the preferred addresses list are no longer domain controllers. How do i force the cifs filer to not use the preferred DC on the list.
This error 'Client not found in Kerberos database' is inidcating that client's SPN is not found in kerb database.
Deleting a preferred DC list:
To delete a deferred DC list for a domain, use the delete option: filer> cifs prefdc delete 'domain'
I suggest remove the old 'filer' (cifs server) from AD | computers (Generally when you do cifs setup, cifs server name is added to the OU), so that when you re-run the cifs setup, it will automatically re-create the correct SPNs.
Re-run the cifs setup (Make sure filer & AD time are not more than 5 minutes apart)
I have removed the computer object from AD and verified it replicated. I also deleted the domain using the command cifs prefdc delete 'domain'. I have also verified the time service is correct. both the domain controller and the netapp server are using the same time source and the times both match. When i run the cifs setup it get to the point where its prompting for credentials and when i use my admin credentials it doesnt seam to like them. I have tried multiple account that are domain admins and they dont work. the error message i receive is "Could not authenticate with domain controller: Client not found in Kerberos database. CIFS - unable to log into domain as email@example.com. Please try again (Ctrl-C to exit).
I am able to ping the DC and vice-versa. DNS appears to be working. i can do an nslookup for the domain.com and the dc. I was able to resolve the problem by joining the server to a child domain instead of the root domain which it was originally part of (child.domain.com). thanks for the response.
Good one. Well done. Interesting, plausible reason could be - As it was originally attached to child.domain.com, this child domain may have the SPN for the old CIFS server and it was probably looking for it. It is required for CIFS (kerb) authentication.