Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000183783

VNX: server_kerberos output shows incorrect or outdated information about KDC (Dell EMC Correctable)

Summary: server_kerberos output shows incorrect or outdated information about KDC

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

The command "server_kerberos server_x -list" will sometimes show KDCs that have been decommissioned and are no longer in use. For example, in the output below, the server "oldserver.mouse.com" is not what the administrator expects to see listed as the current KDC for the configured realm:

[nasadmin@MoundsBar_CS0 ~]$ server_kerberos server_2 -list
server_2 : 


Kerberos common attributes section:
    Supported TGS encryption types:  rc4-hmac-md5 des-cbc-md5 des-cbc-crc
    Supported TKT encryption types:  rc4-hmac-md5 des-cbc-md5 des-cbc-crc
    Use DNS locator:                yes

Kerberos realm configuration:

realm name:           MOUSE.COM
    kdc:              oldserver.mouse.com
    admin server:     oldserver.mouse.com
    kpasswd server:   oldserver.mouse.com
    default domain:   mouse.com

Cause

This happens because KDC portion of the output from the "server_kerberos server_x -list" command is pulled from ".etc/krb5.conf" on the data mover. This portion of the content of this file is generated the first time a given CIFS server is joined to a domain, and then the data is not overwritten afterwards. Note that if the CIFS server was migrated from one platform to another, that these values could have been generated prior to when the VNX system its self was deployed into production. The more important part of the output is the "Use DNS locator" value. If this is set to yes, that means that the system is selecting a KDC based on the DNS records configured in the environment rather than the values shown in the realm configuration.

Resolution

If the administrator wants to see which KDC the VNX system is actually using, the better command to use is "server_kerberos server_x -ccache".

You can also use a command like the following to manually perform a DNS lookup for the relevant records for the KDC. The domain "mouse.com" is used as a placeholder here, so the administrator will want to replace that with the FQDN of the relevant domain:

/nas/bin/.server_config server_2 -v "dns query SRV=_kerberos._tcp.mouse.com"

Article Properties

Affected Product

VNX for DLm8100, VNX VG10, VNX VG2, VNX VG50, VNX VG8, VNX1 Series, VNX2 Series, VNX5100, VNX5150, VNX5200, VNX5300, VNX5400, VNX5500, VNX5600, VNX5700, VNX5800, VNX7500, VNX7600, VNX8000

Last Published Date

19 Aug 2021

Version

3

Article Type

Solution

Back to Top