Network and Storage Protocols

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

Access a CIFS Share from a different domain, failed

Shelton
‎2019-07-03 09:22 AM
12,316 Views

I have a user attempting to access a CIFS share from a different domain. The domain is trusted. And the user authenticates to the domain controllers successfully. But then fails when attempting CIFS authentication on the NetApp. Any guidance would be greatly appreciated.

 

The error message in the Logs:

Login attempt by domain user "***\***" using NTLMv2 style security [176] Successfully connected to IP *.*.*.*, port 445 using TCP [360] Successfully authenticated with DC ***.*** [2524] FAILURE: Pass-through authentication failed. (Status: 0xC000005E) [2524] CIFS authentication failed [2524] Retry requested, but maximum attempts (3) reached; giving up.

 

Using AFF300 ontap 9.5p3

CIFS is currently using client session security over LDAP set to "Seal". 

0 Kudos
View By:
1 ACCEPTED SOLUTION
RajeshPanda has accepted the solution

Vijay_ramamurthy
NetApp
‎2019-07-04 06:10 AM
12,240 Views

Hi Shelton,

Error 0xC000005E  decodes to  STATUS_NO_LOGON_SERVERS.

I would suggest we check few things as stated below :


To check if SVM is connected to DC's.

::> set di -c off ; rows 0 

::*>vserver cifs domain discovered-servers show -vserver <svm> -node <node_hosting_data_lif>

 

To check domain trusts:
::*>vserver cifs domain trust show -vserver <svm>

 

Check creds for the user :
::*> diag secd authentication show-creds -vserver <svm> -node <node_hosting_data_lif> -win-name <domain\user>

 

Also a secd log and a packet trace would help to further narrow down the issue.

I would suggest to open a ticket with support and share the logs for further analsysis.  

View solution in original post

0 Kudos
1 REPLY 1
RajeshPanda has accepted the solution

Vijay_ramamurthy
NetApp
‎2019-07-04 06:10 AM
12,241 Views

Hi Shelton,

Error 0xC000005E  decodes to  STATUS_NO_LOGON_SERVERS.

I would suggest we check few things as stated below :


To check if SVM is connected to DC's.

::> set di -c off ; rows 0 

::*>vserver cifs domain discovered-servers show -vserver <svm> -node <node_hosting_data_lif>

 

To check domain trusts:
::*>vserver cifs domain trust show -vserver <svm>

 

Check creds for the user :
::*> diag secd authentication show-creds -vserver <svm> -node <node_hosting_data_lif> -win-name <domain\user>

 

Also a secd log and a packet trace would help to further narrow down the issue.

I would suggest to open a ticket with support and share the logs for further analsysis.  

0 Kudos
All Community Forums
Public