Access a CIFS Share from a different domain, failed
2019-07-03 09:22 AM
I have a user attempting to access a CIFS share from a different domain. The domain is trusted. And the user authenticates to the domain controllers successfully. But then fails when attempting CIFS authentication on the NetApp. Any guidance would be greatly appreciated.
The error message in the Logs:
Login attempt by domain user "***\***" using NTLMv2 style security  Successfully connected to IP *.*.*.*, port 445 using TCP  Successfully authenticated with DC ***.***  FAILURE: Pass-through authentication failed. (Status: 0xC000005E)  CIFS authentication failed  Retry requested, but maximum attempts (3) reached; giving up.
Using AFF300 ontap 9.5p3
CIFS is currently using client session security over LDAP set to "Seal".
1 REPLY 1
Re: Access a CIFS Share from a different domain, failed
2019-07-04 06:10 AM
Error 0xC000005E decodes to STATUS_NO_LOGON_SERVERS.
I would suggest we check few things as stated below :
To check if SVM is connected to DC's.
::> set di -c off ; rows 0
::*>vserver cifs domain discovered-servers show -vserver <svm> -node <node_hosting_data_lif>
To check domain trusts:
::*>vserver cifs domain trust show -vserver <svm>
Check creds for the user :
::*> diag secd authentication show-creds -vserver <svm> -node <node_hosting_data_lif> -win-name <domain\user>
Also a secd log and a packet trace would help to further narrow down the issue.
I would suggest to open a ticket with support and share the logs for further analsysis.