When trying to access the filer's NetBIOS alias, the following error messages are generated:
[auth.trace.authenticateUser.krbReject:info]: AUTH: Login attempt from 10.20.1.13 rejected by Kerberos.
[cifs.trace.GSSinfo:info]: AUTH: notice- Could not authenticate user.
[cifs.trace.GSSinfo:info]: AUTH: notice- Decrypt integrity check failed.
Issue
The Active Directory had a stale computer account that had the same name as the NetBIOS alias used to contact the filer. The NetBIOS alias may have been created in the Active Directory during vFiler testing, but the account had not been removed.
Check the following:
1. Check for another account in the same AD forest that has the same name as the filer. This can either be a stale account (left over from a previous situation), or another machine.
2. The reason you can connect when you specify an IP address is that the client uses NTLM instead of Kerberos in that situation. When the client gets a Kerberos ticket, it is most likely getting a ticket for the wrong machine.
No comments:
Post a Comment