Network and Storage Protocols

HTTP Authentication using NTLM failed

leonardo_m
4,691 Views

Dear NetApp Users,

I have a problem with the Data ONTAP built in HTTP Web Server.

The authentication is not working properly. For example: Once that the user was authenticated he can access any folder independent of the share permission configuration, or be, the user can access folders which they wouldn´t.

The following message is shown:

Wed Jul 13 11:15:34 BRT [HTTPPool00:warning]: HTTP Authentication from XXX.XXX.XXX.XXX using NTLM failed

I use the CIFS Authentication which works without problems.

Some usefull information:


NETFAS 2020

NetApp Release 7.3.2

Domain type: Windows 2003

Authentication type: Active Directory

Security Style: NTFS Only

*The domain server firewall is disabled for now.

httpd.access                 legacy    

httpd.admin.access           legacy    

httpd.admin.enable           on        

httpd.admin.hostsequiv.enable off       

httpd.admin.max_connections  512      

httpd.admin.ssl.enable       on        

httpd.admin.top-page.authentication on        

httpd.autoindex.enable       on        

httpd.bypass_traverse_checking off       

httpd.enable                 on        

httpd.ipv6.enable            off       

httpd.log.format             common    

httpd.method.trace.enable    on       

httpd.rootdir                /vol/rdstorage1/

httpd.timeout                900       

httpd.timewait.enable        off   

cifs.LMCompatibilityLevel    1        

cifs.audit.account_mgmt_events.enable on        

cifs.audit.autosave.file.extension           

cifs.audit.autosave.file.limit 0         

cifs.audit.autosave.onsize.enable off       

cifs.audit.autosave.onsize.threshold 75%       

cifs.audit.autosave.ontime.enable off       

cifs.audit.autosave.ontime.interval 1d        

cifs.audit.enable            off       

cifs.audit.file_access_events.enable on        

cifs.audit.liveview.allowed_users           

cifs.audit.liveview.enable   off      

cifs.audit.logon_events.enable on        

cifs.audit.logsize           1048576   

cifs.audit.nfs.enable        off       

cifs.audit.nfs.filter.filename           

cifs.audit.saveas            /etc/log/adtlog.evt

cifs.bypass_traverse_checking on        

cifs.client.dup-detection    ip-address

cifs.comment                 Storage Comment

cifs.enable_share_browsing   on       

cifs.gpo.enable              off       

cifs.gpo.trace.enable        off       

cifs.grant_implicit_exe_perms off       

cifs.guest_account                     

cifs.home_dir_namestyle      ntname   

cifs.home_dirs_public_for_admin on        

cifs.idle_timeout           1800      

cifs.ipv6.enable             off       

cifs.max_mpx                 50        

cifs.ms_snapshot_mode        xp        

cifs.netbios_aliases         XXX.XXX.XXX.XXX

cifs.netbios_over_tcp.enable on        

cifs.nfs_root_ignore_acl     off      

cifs.oplocks.enable          on        

cifs.oplocks.opendelta       0         

cifs.per_client_stats.enable off       

cifs.perm_check_ro_del_ok    off      

cifs.perm_check_use_gid      on       

cifs.preserve_unix_security  off      

cifs.restrict_anonymous      0        

cifs.restrict_anonymous.enable off       

cifs.save_case               on        

cifs.scopeid                           

cifs.search_domains                    

cifs.show_dotfiles           on        

cifs.show_snapshot           on        

cifs.shutdown_msg_level      2        

cifs.sidcache.enable         on        

cifs.sidcache.lifetime       1440      

cifs.signing.enable          off       

cifs.smb2.client.enable      off      

cifs.smb2.durable_handle.enable on        

cifs.smb2.durable_handle.timeout 16m       

cifs.smb2.enable             off       

cifs.smb2.signing.required   off      

cifs.snapshot_file_folding.enable off       

cifs.symlinks.cycleguard     on       

cifs.symlinks.enable         on        

cifs.trace_dc_connection     on       

cifs.trace_login             off       

cifs.universal_nested_groups.enable on        

cifs.weekly_W2K_password_change off       

cifs.widelink.ttl            10m       

I´ve tried to change some values unsuccessfully.

Do you have any tip about the problem?

Regards,

Leonardo Maia

1 ACCEPTED SOLUTION

muhammad_i_pasha
4,691 Views

Share permissions only come into effect when you access data through that share. Have you tried NTFS permissions?

View solution in original post

2 REPLIES 2

muhammad_i_pasha
4,692 Views

Share permissions only come into effect when you access data through that share. Have you tried NTFS permissions?

leonardo_m
4,691 Views

Yes, it worked fine with the NTFS permissions.

I thought that DATA ONTAP Share Configurations should works with the HTTP authentication, however in my case, the HTTP authentication only worked properly with the NTFS permissions.

Thank you!

Public