Network and Storage Protocols
Network and Storage Protocols
Dear NetApp Users,
I have a problem with the Data ONTAP built in HTTP Web Server.
The authentication is not working properly. For example: Once that the user was authenticated he can access any folder independent of the share permission configuration, or be, the user can access folders which they wouldn´t.
The following message is shown:
Wed Jul 13 11:15:34 BRT [HTTPPool00:warning]: HTTP Authentication from XXX.XXX.XXX.XXX using NTLM failed
I use the CIFS Authentication which works without problems.
Some usefull information:
NETFAS 2020
NetApp Release 7.3.2
Domain type: Windows 2003
Authentication type: Active Directory
Security Style: NTFS Only
*The domain server firewall is disabled for now.
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on
httpd.admin.top-page.authentication on
httpd.autoindex.enable on
httpd.bypass_traverse_checking off
httpd.enable on
httpd.ipv6.enable off
httpd.log.format common
httpd.method.trace.enable on
httpd.rootdir /vol/rdstorage1/
httpd.timeout 900
httpd.timewait.enable off
cifs.LMCompatibilityLevel 1
cifs.audit.account_mgmt_events.enable on
cifs.audit.autosave.file.extension
cifs.audit.autosave.file.limit 0
cifs.audit.autosave.onsize.enable off
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable off
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable off
cifs.audit.file_access_events.enable on
cifs.audit.liveview.allowed_users
cifs.audit.liveview.enable off
cifs.audit.logon_events.enable on
cifs.audit.logsize 1048576
cifs.audit.nfs.enable off
cifs.audit.nfs.filter.filename
cifs.audit.saveas /etc/log/adtlog.evt
cifs.bypass_traverse_checking on
cifs.client.dup-detection ip-address
cifs.comment Storage Comment
cifs.enable_share_browsing on
cifs.gpo.enable off
cifs.gpo.trace.enable off
cifs.grant_implicit_exe_perms off
cifs.guest_account
cifs.home_dir_namestyle ntname
cifs.home_dirs_public_for_admin on
cifs.idle_timeout 1800
cifs.ipv6.enable off
cifs.max_mpx 50
cifs.ms_snapshot_mode xp
cifs.netbios_aliases XXX.XXX.XXX.XXX
cifs.netbios_over_tcp.enable on
cifs.nfs_root_ignore_acl off
cifs.oplocks.enable on
cifs.oplocks.opendelta 0
cifs.per_client_stats.enable off
cifs.perm_check_ro_del_ok off
cifs.perm_check_use_gid on
cifs.preserve_unix_security off
cifs.restrict_anonymous 0
cifs.restrict_anonymous.enable off
cifs.save_case on
cifs.scopeid
cifs.search_domains
cifs.show_dotfiles on
cifs.show_snapshot on
cifs.shutdown_msg_level 2
cifs.sidcache.enable on
cifs.sidcache.lifetime 1440
cifs.signing.enable off
cifs.smb2.client.enable off
cifs.smb2.durable_handle.enable on
cifs.smb2.durable_handle.timeout 16m
cifs.smb2.enable off
cifs.smb2.signing.required off
cifs.snapshot_file_folding.enable off
cifs.symlinks.cycleguard on
cifs.symlinks.enable on
cifs.trace_dc_connection on
cifs.trace_login off
cifs.universal_nested_groups.enable on
cifs.weekly_W2K_password_change off
cifs.widelink.ttl 10m
I´ve tried to change some values unsuccessfully.
Do you have any tip about the problem?
Regards,
Leonardo Maia
Solved! See The Solution
Share permissions only come into effect when you access data through that share. Have you tried NTFS permissions?
Share permissions only come into effect when you access data through that share. Have you tried NTFS permissions?
Yes, it worked fine with the NTFS permissions.
I thought that DATA ONTAP Share Configurations should works with the HTTP authentication, however in my case, the HTTP authentication only worked properly with the NTFS permissions.
Thank you!