Can I use a Windows Group Managed Service Account (GMSA) to access a NetApp CIFS share?

Lee_Buskey · ‎2021-03-24

So we have a few Windows scheduled tasks that run on local windows servers, and eventually need to shave their output on a folder on a CIFS share off a fairly modern NetApp filer. (version 9 ) We want to use a Windows Group Managed Service Account (GMSA) to run this task so we don't have to manage that accounts password. When you create a GMSA, you tell Active Directory which security principals can use it. In our case we specified a AD group, in which we put the machine accounts we wanted to have the ability to use this GMSA. We added the machine account of the Netapp CIFS VM to this group, and we made sure the ACL on the CIFS share included the correct access for the groups the GMSA is in. However, it doesn't work. If I point the setup to a conventional Windows server share, it works. If I create a symlink to the NetApp CIFS share inside that Windows share, that works as well, though performance is pretty bad, or seems so.

So the question is, can we expect a GMSA to be able to do business with a NetApp CIFS share?

Lee

Mjizzini · ‎2021-03-31

I will recommending you testing it in the lab.

Group Managed Service Accounts (gMSA) is supported on some features like snapdrive, snapmanager.

group Managed Service Accounts (gMSA) is not supported on AV connector.

Can the ONTAP AV Connector use Group Managed Service Accounts?

Lee_Buskey · ‎2021-04-01

Thanks,

We did some testing, and have mixed results. Thus the reason I posted. The question is does it work with a CIFS share, in terms of typical windows file access. Can an GMSA access a CIFS share from a Netapp VM provided the GMSA has been given permission?

Can I use a Windows Group Managed Service Account (GMSA) to access a NetApp CIFS share?

Portfolio Updates | NetApp ONAIR