We have some legacy software on Windows 2003 server unable to go higher.
Made a share on 2070 cluster with local user access to it and all anonimous blocked.
When windows 10 / 2019 tries get in - no problems. Security logs get NTLMv2 auth.
With Windows 2003, logs show guest authentication attempt that fails.
When I try to get in parent \\10.10.10.10\ - authentication goes as planned with local netApp credentials.
After that on clicking a folder and etnering credentials - error on "wrong password\user" and guest attemts in log.
<Data Name="FailureReasonString">The requested operation was unsuccessful</Data>
UPD: SMBv1 is enabled
Windows 2003 supports SMB v 1.0 only, so I'd check the cluster to see if you have SMB 1.0 enabled.
It is enabled and checked.
vserver cifs options show -vserver Client Session Timeout: 900 Copy Offload Enabled: false Default Unix Group: - Default Unix User: pcuser Guest Unix User: - Are Administrators mapped to 'root': true Is Advanced Sparse File Support Enabled: true Is Fsctl File Level Trim Enabled: true Direct-Copy Copy Offload Enabled: false Export Policies Enabled: false Grant Unix Group Permissions to Others: false Is Advertise DFS Enabled: true Is Client Duplicate Session Detection Enabled: true Is Client Version Reporting Enabled: true Is DAC Enabled: false Is Fake Open Support Enabled: false Is Hide Dot Files Enabled: false Is Large MTU Enabled: false Is Local Auth Enabled: true Is Local Users and Groups Enabled: true Is Multichannel Enabled: false Is NetBIOS over TCP (port 139) Enabled: true Is NBNS over UDP (port 137) Enabled: false Is Referral Enabled: false Is Search Short Names Support Enabled: false Is Trusted Domain Enumeration And Search Enabled: true Is UNIX Extensions Enabled: false Is Use Junction as Reparse Point Enabled: true Max Multiplex Count: 255 Max Connections per Multichannel Session: 32 Max LIFs per Multichannel Session: 256 Max Same User Session Per Connection: 2500 Max Same Tree Connect Per Session: 5000 Max Opens Same File Per Tree: 1000 Max Watches Set Per Tree: 500 Is Path Component Cache Enabled: true NT ACLs on UNIX Security Style Volumes Enabled: true Read Grants Exec: disabled Read Only Delete: disabled Reported File System Sector Size: 4096 Restrict Anonymous: no-restriction Shadowcopy Dir Depth: 5 Shadowcopy Enabled: true SMB1 Enabled: true Max Buffer Size for SMB1 Message: 65535 SMB2 Enabled: true SMB3 Enabled: true SMB3.1 Enabled: false Map Null User to Windows User or Group: nodoby WINS Servers: - Report Widelink as Reparse Point Versions: SMB1 Max Credits to Grant: 128
What user is "nodoby"?
Map Null User to Windows User or Group: nodoby
I'm guessing that was a fat finger/typo.
This link covers configuring the NULL user for access:
Changed that, thanks. Still no go
Did you also set up the name mapping rules as per the doc link?
What do you see in "event log show"?
Actually no, as there's no anonimous login option. Only authenticatred users.
You may want to open up a support ticket for this, then.
I wish I could. The system allways tells me to contact a reseller instead of creating a case.
As @parisi mentioned, you must create a Windows to UNIX name-mapping rule for the "nodoby" user that the NULL/Anonymous user is being mapped. The "nodoby" Windows user must now be mapped to a UNIX user specified in ONTAP or you can use one of the default users called "pcuser".
Command to create a local UNIX user:
::> vserver services name-service unix-user create -vserver vserver_name -user user_name -id integer -primary-gid integer -full-name full_name
Here is a reference document on creating a local Unix user:
Here is a KB you can follow that addresses the allowing NULL user access:
How to grant access to NULL (Anonymous) user in Clustered Data ONTAP
Here is a reference document for name-mapping:
More reference documentation on null user access:
How the storage system provides null session access
How to grant access to NULL (Anonymous) user in Clustered Data ONTAP.
Make sure that you are not using flexgroup volume. SMB1 is not supported on it yet.