I need to access our NetApp via CIFS from 2 different domains while we migrate all useres/computers from one domain to the other. We have thought of changing the netapp to work with internal local users or users in /etc/passwd so users can access to it previous local authentication. However I am getting access denied without even challenge to credentials. Do you know if that is possible? It works ok if we use domain authentication but obviously only for done domain, not 2 at the same time.
Any way to do that? Since it is temporary we don't mind having to challenge the user for user and password and check it against local filer users.
Thanks for your answer, it helps but there is still some peculiarities in our environment. Do you know if there is just a simpler way to connect? I just want to have access from any windows machine using the local user and password users in /etc/passwd I dont mind being challenged.
Simply create a local user on the filer (use the MMC to connect to the NetApp if this is easier for you), and then when you try to connect to a CIFS share or map a drive, use this local user to authenticate. The filer (even when in a domain) fully supports local users, exactly the same as a windows machine would do.
The clocks are quite synced like 3-4 seconds of diference.
I am trying both /etc/passwd and windows workgroup configs. None of them seems to work. Not sure what I can be doing wrong. User to be authenticated because if I try wrong password or user I get the other error...
events.enable on cifs.audit.autosave.file.extension timestamp cifs.audit.autosave.file.limit 0 cifs.audit.autosave.onsize.enable off cifs.audit.autosave.onsize.threshold 90% cifs.audit.autosave.ontime.enable on cifs.audit.autosave.ontime.interval 1d cifs.audit.enable on cifs.audit.file_access_events.enable on cifs.audit.liveview.allowed_users cifs.audit.liveview.enable off cifs.audit.logon_events.enable on cifs.audit.logsize 524288 cifs.audit.nfs.enable off cifs.audit.nfs.filter.filename cifs.audit.saveas /etc/log/adtlog.evt cifs.bypass_traverse_checking off cifs.client.dup-detection ip-address cifs.comment P839 NetApp Simulator cifs.enable_share_browsing on cifs.gpo.enable off cifs.gpo.trace.enable off cifs.grant_implicit_exe_perms off cifs.guest_account cifs.home_dir_namestyle cifs.home_dirs_public_for_admin off cifs.idle_timeout 1800 cifs.ipv6.enable off cifs.max_mpx 50 cifs.ms_snapshot_mode off cifs.netbios_aliases P839NETAPP cifs.netbios_over_tcp.enable on cifs.nfs_root_ignore_acl on cifs.oplocks.enable on cifs.oplocks.opendelta 8 cifs.per_client_stats.enable on cifs.perfmon.allowed_users cifs.perm_check_ro_del_ok on cifs.perm_check_use_gid on cifs.preserve_unix_security on cifs.restrict_anonymous 2 cifs.restrict_anonymous.enable on cifs.save_case on cifs.scopeid cifs.search_domains MYDOMAINNAME cifs.show_dotfiles off cifs.show_snapshot off cifs.shutdown_msg_level 1 cifs.sidcache.enable on cifs.sidcache.lifetime 1200 cifs.signing.enable off cifs.smb2.client.enable off cifs.smb2.durable_handle.enable on cifs.smb2.durable_handle.timeout 16m cifs.smb2.enable off cifs.smb2.signing.required off cifs.snapshot_file_folding.enable off cifs.symlinks.cycleguard on cifs.symlinks.enable on cifs.trace_dc_connection off cifs.trace_login off cifs.universal_nested_groups.enable off cifs.weekly_W2K_password_change off cifs.widelink.ttl 12h cifs.wins_servers
Yeah they are in the same timezone. I cannot connect to any share in the filer I can only can if I join the netapp back to the domain
And when you authenticate to the share, you use "filername\username" and not just "username"?
Not entirely sure in that case. I've run filers in workgroup mode on many occasions without issue. Silly questions, but CIFS is definitely running? You ran through CIFS setup and configured it in workgroup mode?
Based on the fact that "hostname\username ---> I get bad user", can you confirm how you are adding the user locally onto the NetApp please? You definitely want to get this working in workgroup mode and not using /etc/passwd.
Actually I am adding the users in /etc/passwd. My idea is, for legacy reasons, to use Unix permissions and try to auth against /etc/passwd. This worked in our previous environment but authenticating against AD. Just want to make it work outside of the domain for several weeks...