https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66071#M6003 <HTML><HEAD></HEAD><BODY><P>Hi Shaunjurr,</P><P></P><P>we have the same problem with our new netapp to get access to a share with the computeraccount. We tried your way with the usermap.cfg. It seems to work half the way. We get an authenticaton message to input our credentials from the sccmuser. Should this not happen automatically and how can this be done?</P></BODY></HTML> Thu, 23 Aug 2012 12:10:14 GMT niedermeier 2012-08-23T12:10:14Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66052#M5997 <HTML><HEAD></HEAD><BODY><P> Hi Guys,</P><P></P><P>We are currently looking to migrate a Microsoft SCCM file store from the local SCCM server to a CIFS share on NetApp 7.3.2.</P><P></P><P>The issue we have found during testing is that the Windows machine account (Local System Account) on that Windows 2003 server is unable to access the CIFS share.</P><P></P><P>We have updated the ACLs to include the Windows machine account access to both the CIFS share and the containing files - but still we are unable to even list the files.</P><P></P><P>The command "cifs shares" shows that the Windows machine account has "Full Control" and the everyone group also has "Full Control".</P><P></P><P>Sectrace shows <SPAN style="font-size: 10pt; font-family: Arial; ">"Access denied because 'Read' permission (0x1) is not granted on file or directory (Access denied by the share-level ACL) - Status: 1:188743680:32:192"</SPAN></P><P></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">Windows Active Directory User accounts access the CIFS share without any issues. </SPAN></P><P></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">I am concerned that there is some limitation with Windows Machine Account (Local System Account) access to CIFS shares.</SPAN></P><P></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">Does anyone have any experience with this type of CIFS access ?</SPAN></P><P></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">Thanks</SPAN></P></BODY></HTML> Thu, 05 Jun 2025 06:55:01 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66052#M5997 greg_upton 2025-06-05T06:55:01Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66057#M5999 <HTML><HEAD></HEAD><BODY><P>I believe, there was NetApp knowledge base and the problem definitely was discussed here already. IIRC this won’t work, account needs to be proper user account, not the machine one. Unfortunately I can’t find references right now, try to search kb/communities.</P></BODY></HTML> Fri, 13 May 2011 02:38:07 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66057#M5999 aborzenkov 2011-05-13T02:38:07Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66062#M6001 <HTML><HEAD></HEAD><BODY><P><A class="jive-link-external-small" href="http://communities.netapp.com/message/53431#53431" target="_blank">http://communities.netapp.com/message/53431#53431</A><SPAN> we have a similiar problem, access with machine account work. But not with PowerShell Script.</SPAN></P><P></P><P>The first Problem we had with the Access was NTLM, you have to deactivate it.</P></BODY></HTML> Fri, 13 May 2011 07:32:19 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66062#M6001 daehnrich_bsh 2011-05-13T07:32:19Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66067#M6002 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you want to create a CIFS share that is meant to be accessed only by a machine account, you can map the IP address of the server to a local account on the filer in usermap.cfg and then add that user with useradmin and finally add full control for that user on the share.&nbsp; You may want to add other rights to the share for administration of files.&nbsp; I found it helpful to make the shares hidden to reduce the chance of others accessing the file.</P><P></P><P>We've done this for Notes storage on a set of filers for a lot of years.&nbsp; It seemed like a hack at the time, but it has been suprisingly stable.</P><P></P><P>10.10.10.10:"" =&gt; sccmuser&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (a backend storage IP subnet to limit access via IP spoofing can be a good idea)</P><P></P><P>useradmin user add sccmuser -g administrators -c "SCCM server"&nbsp; (or some other more limited group)</P><P></P><P>cifs access &lt;sccm_share&gt; sccmuser Full Controll</P><P></P><P>Something like this should get things rolling.</P><P></P><P>The documentation says that machine accounts should be able to access the data.&nbsp; Not sure if you've looked at that specifically or not.</P></BODY></HTML> Sun, 15 May 2011 00:18:35 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66067#M6002 shaunjurr 2011-05-15T00:18:35Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66071#M6003 <HTML><HEAD></HEAD><BODY><P>Hi Shaunjurr,</P><P></P><P>we have the same problem with our new netapp to get access to a share with the computeraccount. We tried your way with the usermap.cfg. It seems to work half the way. We get an authenticaton message to input our credentials from the sccmuser. Should this not happen automatically and how can this be done?</P></BODY></HTML> Thu, 23 Aug 2012 12:10:14 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66071#M6003 niedermeier 2012-08-23T12:10:14Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66076#M6004 <HTML><HEAD></HEAD><BODY><P>In general to confirm the user is valid user or not. We can use the command called "getXXbyYY getpwbyname_r root or &lt;username&gt;"</P><P></P><P>If you see the output, you will know that user is valid user to access the filer or not.</P><P></P><P>thank you,</P><P>AK G<BR /><BR /></P></BODY></HTML> Thu, 23 Aug 2012 17:10:21 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66076#M6004 AGUMADAVALLI 2012-08-23T17:10:21Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66081#M6005 <HTML><HEAD></HEAD><BODY><P>more over enable the cifs audit : <STRONG>options cifs.audit.enable on</STRONG></P><P><STRONG>browse thru the /etc/messages for audit logs or you can rdfile </STRONG><STRONG>/etc/log/adtlog.evt</STRONG></P><P></P><P><STRONG>thank you,</STRONG></P><P><STRONG>AK G<BR /></STRONG></P></BODY></HTML> Thu, 23 Aug 2012 17:14:31 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Windows-2003-Machine-Account-Local-System-access-to-CIFS-share/m-p/66081#M6005 AGUMADAVALLI 2012-08-23T17:14:31Z