Subscribe
Accepted Solution

HTTP Authentication using NTLM failed

Dear NetApp Users,

I have a problem with the Data ONTAP built in HTTP Web Server.

The authentication is not working properly. For example: Once that the user was authenticated he can access any folder independent of the share permission configuration, or be, the user can access folders which they wouldn´t.

The following message is shown:

Wed Jul 13 11:15:34 BRT [HTTPPool00:warning]: HTTP Authentication from XXX.XXX.XXX.XXX using NTLM failed

I use the CIFS Authentication which works without problems.

Some usefull information:


NETFAS 2020

NetApp Release 7.3.2

Domain type: Windows 2003

Authentication type: Active Directory

Security Style: NTFS Only

*The domain server firewall is disabled for now.

httpd.access                 legacy    

httpd.admin.access           legacy    

httpd.admin.enable           on        

httpd.admin.hostsequiv.enable off       

httpd.admin.max_connections  512      

httpd.admin.ssl.enable       on        

httpd.admin.top-page.authentication on        

httpd.autoindex.enable       on        

httpd.bypass_traverse_checking off       

httpd.enable                 on        

httpd.ipv6.enable            off       

httpd.log.format             common    

httpd.method.trace.enable    on       

httpd.rootdir                /vol/rdstorage1/

httpd.timeout                900       

httpd.timewait.enable        off   

cifs.LMCompatibilityLevel    1        

cifs.audit.account_mgmt_events.enable on        

cifs.audit.autosave.file.extension           

cifs.audit.autosave.file.limit 0         

cifs.audit.autosave.onsize.enable off       

cifs.audit.autosave.onsize.threshold 75%       

cifs.audit.autosave.ontime.enable off       

cifs.audit.autosave.ontime.interval 1d        

cifs.audit.enable            off       

cifs.audit.file_access_events.enable on        

cifs.audit.liveview.allowed_users           

cifs.audit.liveview.enable   off      

cifs.audit.logon_events.enable on        

cifs.audit.logsize           1048576   

cifs.audit.nfs.enable        off       

cifs.audit.nfs.filter.filename           

cifs.audit.saveas            /etc/log/adtlog.evt

cifs.bypass_traverse_checking on        

cifs.client.dup-detection    ip-address

cifs.comment                 Storage Comment

cifs.enable_share_browsing   on       

cifs.gpo.enable              off       

cifs.gpo.trace.enable        off       

cifs.grant_implicit_exe_perms off       

cifs.guest_account                     

cifs.home_dir_namestyle      ntname   

cifs.home_dirs_public_for_admin on        

cifs.idle_timeout           1800      

cifs.ipv6.enable             off       

cifs.max_mpx                 50        

cifs.ms_snapshot_mode        xp        

cifs.netbios_aliases         XXX.XXX.XXX.XXX

cifs.netbios_over_tcp.enable on        

cifs.nfs_root_ignore_acl     off      

cifs.oplocks.enable          on        

cifs.oplocks.opendelta       0         

cifs.per_client_stats.enable off       

cifs.perm_check_ro_del_ok    off      

cifs.perm_check_use_gid      on       

cifs.preserve_unix_security  off      

cifs.restrict_anonymous      0        

cifs.restrict_anonymous.enable off       

cifs.save_case               on        

cifs.scopeid                           

cifs.search_domains                    

cifs.show_dotfiles           on        

cifs.show_snapshot           on        

cifs.shutdown_msg_level      2        

cifs.sidcache.enable         on        

cifs.sidcache.lifetime       1440      

cifs.signing.enable          off       

cifs.smb2.client.enable      off      

cifs.smb2.durable_handle.enable on        

cifs.smb2.durable_handle.timeout 16m       

cifs.smb2.enable             off       

cifs.smb2.signing.required   off      

cifs.snapshot_file_folding.enable off       

cifs.symlinks.cycleguard     on       

cifs.symlinks.enable         on        

cifs.trace_dc_connection     on       

cifs.trace_login             off       

cifs.universal_nested_groups.enable on        

cifs.weekly_W2K_password_change off       

cifs.widelink.ttl            10m       

I´ve tried to change some values unsuccessfully.

Do you have any tip about the problem?

Regards,

Leonardo Maia

HTTP Authentication using NTLM failed

Share permissions only come into effect when you access data through that share. Have you tried NTFS permissions?

Re: HTTP Authentication using NTLM failed

Yes, it worked fine with the NTFS permissions.

I thought that DATA ONTAP Share Configurations should works with the HTTP authentication, however in my case, the HTTP authentication only worked properly with the NTFS permissions.

Thank you!