ONTAP Discussions

SVM unable to join CIFS to Windows Server 2003 AD

jeffrey24
113 Views

Dear all, 

 

I have been facing Netapp Ontap Storage VM issues of joining CIFS to Windows server 2003 AD.

 

I am on Netapp ontap 9.14.

 

I understand that Windows Server 2003 cannot support AES and can only support  SMB1 authentication. Therefore disabled AES 128 and 256 under:

 

-vserver cifs security modify : -advertised-enc-types {DES,RC4}
--aes-enabled-for-netlogon-channel{false}

--encryption-required-for-dc-connections {false}

-use-ldaps-for-ad-ldap {false}

-smb2-enabled-for-dc-connections{false}

-smb1-enabled-for-dc-connections{true}

I managed to add the Windows server 2003 DNS to my SVM. Despite trying all methods, I am still getting the error KRB5KDC_ERR_ETYPE_NOSUPP when i add my SVM CIFS to Windows server 2003 active directory. Will appreciate any help on this, thanks!

 

With regards,

Jeff

2 REPLIES 2

CristianoRossi
59 Views

Usually in this kind of problem secd.log can provide more information on what is going on

 

Not sure there is a way to have it working 

liu
25 Views

AES is not enabled on the Vserver  CIFS authentication error: KRB5KDC_ERR_ETYPE_NOSUPP - NetApp Knowledge Base

Check the Windows/UNIX KDC  configuration, If the error is noticed during the filer cifs setup, then the machine account for the server name specified is inconsistent and it needs to be reset at Windows KDC

Kerberos EMS error descriptions - NetApp Knowledge Base

Public