AUTH: Unable to acquire filer credentials: (0x96c73a18) Invalid password.

sfoubister · ‎2010-07-22

Hi

We are trying to setup CIFS on one of our filers. When the setup wizard was first run it asked for the filers root username and password which was provided but the rest of hte setup failed due to firewall issues.

Between the firewall issues being resolved and the setup being retried we had a security issue nad had to change the root password on the filer.

Now I have managed to complete the CIFS setup but continue to get the error "AUTH: Unable to acquire filer credentials: (0x96c73a18) Invalid password." whenever I try to "Change Access" on a CIFS share. I also get the following output:

.Thu Jul 22 09:06:50 BST [filer-web1: cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a18) Invalid password.
.Not able to communicate with PDC xxx.xxx.xxx.xxx
trying xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx is alive
..Not able to communicate with PDC xxx.xxx.xxx.xxx
trying xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx is alive
.Thu Jul 22 09:06:51 BST last message repeated 3 times

Does anyone know if there is a way to change the password that CIFS is using as the root password for the filer? Is this cached anywhere?

Thanks very much.

Steve.

watan · ‎2010-07-22

Take a look at the following kb https://now.netapp.com/Knowledgebase/solutionarea.asp?id=kb26568

Also, the PDC error may be some sort of communication problem with the domain controller.

Try a cifs domaininfo and see what ip address/DC the storage array discovered. If it looks good, test DNS from both host and storage to see if everything resolves correctly.

cifs resetdc and can also try to run cifs setup again to ensure everything is ok.

sfoubister · ‎2010-07-22

Thanks watan

Yes, I already looked at that article but I do not know what a KPASSWD server is. Can you shed any light?

If I run the cifs domaininfo command I get:

filer-web1> cifs domaininfo
NetBios Domain:           OUR_DOMAIN_NAME
Windows 2000 Domain Name: ad.our_domain
Type:                     Windows 2000
Filer AD Site:            our_domain.com

Not currently connected to any DCs
Preferred Addresses:
                          xxx.xxx.xxx.xxx AD-WEST                 PDCBROKEN
                          xxx.xxx.xxx.xxx AD-EAST                 PDCBROKEN
Favored Addresses:
                          None
Other Addresses:
                          xxx.xxx.xxx.xxx   A_N_OTHER_DOMAIN        PDCBROKEN

Not currently connected to any AD LDAP server
Preferred Addresses:
                          xxx.xxx.xxx.xxx BROKEN
                           ad-west.our_domain.com
                          xxx.xxx.xxx.xxx BROKEN
                           ad-east.our_domain.com
Favored Addresses:
                          None
Other Addresses:
                          xxx.xxx.xxx.xxx   BROKEN
                           a_n_other_domain.our_domain.com

I ran:

cifs prefdc delete our_domain

and then ran

filer-web1> cifs prefdc add our_domain ip_addrr_DC1 ip_addrr_DC2

to readd the domain and domain controllers, however I get the same result as above if I rerun the 'domaininfo' command

Thanks

Steve.

sfoubister · ‎2010-07-22

Hi watan

I have resolved this. I deleted the machine account for the filer from both Domain controllers, reran the setup etc...Upshot is I can now add domain permissions to a CIFS share so sorted.

Thanks v much

Steve.

watan · ‎2010-07-22

Glad to hear its been resolved.