Network and Storage Protocols

not able to access cifs shares


I am having trouble access cifs shares. I have tried running cifs setup and it fails with "Data ONTAP API Failed :Could not authenticate with domain controller: Client not found in Kerberos database." It appears to be trying to use an old domain controller. when i run cifs domaininfo i get the following results 

cifs domaininfo
NetBios Domain: domain
Windows 2000 Domain Name:
Type: Windows 2000
Filer AD Site: sitename

Not currently connected to any DCs
Preferred Addresses: BDC BDC BDC
Favored Addresses:
Other Addresses:

Not currently connected to any AD LDAP server
Preferred Addresses:
Favored Addresses: BROKEN BROKEN
Other Addresses:

The ip addresses listed in the preferred addresses list are no longer domain controllers. How do i force the cifs filer to not use the preferred DC on the list.





This error 'Client not found in Kerberos database' is inidcating that client's SPN is not found in kerb database.


Deleting a preferred DC list:

To delete a deferred DC list for a domain, use the delete option:
filer> cifs prefdc delete 'domain'


I suggest remove the old 'filer' (cifs server) from AD | computers (Generally when you do cifs setup, cifs server name is added to the OU), so that when you re-run the cifs setup, it will automatically re-create the correct SPNs.


Re-run the cifs setup (Make sure filer & AD time are not more than 5 minutes apart)




I have removed the computer object from AD and verified it replicated. I also deleted the domain using the command cifs prefdc delete 'domain'. I have also verified the time service is correct. both the domain controller and the netapp server are using the same time source and the times both match. When i run the cifs setup it get to the point where its prompting for credentials and when i use my admin credentials it doesnt seam to like them. I have tried multiple account that are domain admins and they dont work. the error message i receive is "Could not authenticate with domain controller: Client not found in Kerberos database.
CIFS - unable to log into domain as
Please try again (Ctrl-C to exit).

Any additional thoughts?


Thanks for the update.


Can you check if filer can ping the DC and the vice-versa.  Is DNS working fine ? nslookup


Interesting - B'cos it prompts you for entering password, that means it is able to contact the AD, and when it is trying to add the object, it is refusing. Isn't it ?


I am able to ping the DC and vice-versa. DNS appears to be working. i can do an nslookup for the and the dc. I was able to resolve the problem by joining the server to a child domain instead of the root domain which it was originally part of (  thanks for the response.


Good one. Well done. Interesting, plausible reason could be - As it was originally attached to, this child domain may have the SPN for the old CIFS server and it was probably looking for it. It is required for CIFS (kerb) authentication.