https://community.netapp.com/t5/ONTAP-Discussions/is-it-possible-to-override-a-cached-SID-mapping/m-p/460375#M44929 <P>Hi,</P><P>We have a fairly restricted environment where the SVMs are joined to a domain in a forest where the SMB users all reside. No other domains in the forest matter from a CIFS perspective. The problem is we have several multiprotocol shares and at some point someone created an AD account called "root" in a domain we have no control over, much less can tell whether is being used or not, but in every SVM I see non-stop secd messages such as these</P><P>ERROR secd.nfsAuth.noCifsCred: vserver (svm01) NFS authorization cannot retrieve CIFS credentials. Error: Get user credentials procedure failed</P><P>Determined UNIX id 0 is UNIX user 'root'</P><P>UNIX user 'root' mapped to Windows user 'THATOTHERDOMAIN\root'</P><P>Using cached 'THATOTHERDOMAIN\root' SID mapping.</P><P>&nbsp;</P><P>Any legitimate root user has apparently zero access to shares it once was correctly mapped to Administrators.</P><P>I don't see anything "in the cache" which can be deleted, and I've tried creating what I thought would be "override" mappings to make THATOTHERDOMAIN\\root" map to a restricted or bogus local account, but it makes no diff.</P><P>How can I tell the SVM's when you see this account forget it exists or tell it to map to a defunct local account?</P><P>Or, as some articles seem to imply - having the trusts fully in place so tickets and such can be passed is the only way (that seems wrong in so many ways). All I know is this seems to really foil user mapping as it pertains to admins or proper root accounts we want to have full access by way of NTFS security.</P><P>9.14.1P11</P><P>thanks</P> Mon, 28 Apr 2025 19:45:25 GMT uphill 2025-04-28T19:45:25Z https://community.netapp.com/t5/ONTAP-Discussions/is-it-possible-to-override-a-cached-SID-mapping/m-p/460375#M44929 <P>Hi,</P><P>We have a fairly restricted environment where the SVMs are joined to a domain in a forest where the SMB users all reside. No other domains in the forest matter from a CIFS perspective. The problem is we have several multiprotocol shares and at some point someone created an AD account called "root" in a domain we have no control over, much less can tell whether is being used or not, but in every SVM I see non-stop secd messages such as these</P><P>ERROR secd.nfsAuth.noCifsCred: vserver (svm01) NFS authorization cannot retrieve CIFS credentials. Error: Get user credentials procedure failed</P><P>Determined UNIX id 0 is UNIX user 'root'</P><P>UNIX user 'root' mapped to Windows user 'THATOTHERDOMAIN\root'</P><P>Using cached 'THATOTHERDOMAIN\root' SID mapping.</P><P>&nbsp;</P><P>Any legitimate root user has apparently zero access to shares it once was correctly mapped to Administrators.</P><P>I don't see anything "in the cache" which can be deleted, and I've tried creating what I thought would be "override" mappings to make THATOTHERDOMAIN\\root" map to a restricted or bogus local account, but it makes no diff.</P><P>How can I tell the SVM's when you see this account forget it exists or tell it to map to a defunct local account?</P><P>Or, as some articles seem to imply - having the trusts fully in place so tickets and such can be passed is the only way (that seems wrong in so many ways). All I know is this seems to really foil user mapping as it pertains to admins or proper root accounts we want to have full access by way of NTFS security.</P><P>9.14.1P11</P><P>thanks</P> Mon, 28 Apr 2025 19:45:25 GMT https://community.netapp.com/t5/ONTAP-Discussions/is-it-possible-to-override-a-cached-SID-mapping/m-p/460375#M44929 uphill 2025-04-28T19:45:25Z