ONTAP Discussions

Highlighted

Windows 2003 access CIFS share folder

We have some legacy software on Windows 2003 server unable to go higher.
Made a share on 2070 cluster with local user access to it and all anonimous blocked.
When windows 10 / 2019 tries get in - no problems. Security logs get NTLMv2 auth.
With Windows 2003, logs show guest authentication attempt that fails.

 

When I try to get in parent \\10.10.10.10\ - authentication goes as planned with local netApp credentials.

<Data Name="TargetUserIsLocal">true</Data>

<Data Name="TargetDomainName">5NETAPP-SVMSH</Data>

<Data Name="AuthenticationPackageName">NTLM_V2</Data>

After that on clicking a folder and etnering credentials - error on "wrong password\user" and guest attemts in log.

<Data Name="IpPort">1090</Data>

<Data Name="TargetUserSid">S-1-0-0</Data>

<Data Name="TargetUserName">Guest</Data>

<Data Name="TargetDomainName">NoDomain</Data>

<Data Name="Status">0xc0000001</Data>

<Data Name="FailureReason">%%2313</Data>

<Data Name="FailureReasonString">The requested operation was unsuccessful</Data>

<Data Name="AuthenticationPackageName">NONE</Data>

<Data Name="LogonType">3</Data>

UPD:  SMBv1 is enabled

9 REPLIES 9
Highlighted

Re: Windows 2003 access CIFS share folder

Windows 2003 supports SMB v 1.0 only, so I'd check the cluster to see if you have SMB 1.0 enabled.

Highlighted

Re: Windows 2003 access CIFS share folder

It is enabled and checked.

 

vserver cifs options show -vserver 

                            Client Session Timeout: 900
                              Copy Offload Enabled: false
                                Default Unix Group: -
                                 Default Unix User: pcuser
                                   Guest Unix User: -
               Are Administrators mapped to 'root': true
           Is Advanced Sparse File Support Enabled: true
                  Is Fsctl File Level Trim Enabled: true
                  Direct-Copy Copy Offload Enabled: false
                           Export Policies Enabled: false
            Grant Unix Group Permissions to Others: false
                          Is Advertise DFS Enabled: true
     Is Client Duplicate Session Detection Enabled: true
               Is Client Version Reporting Enabled: true
                                    Is DAC Enabled: false
                      Is Fake Open Support Enabled: false
                         Is Hide Dot Files Enabled: false
                              Is Large MTU Enabled: false
                             Is Local Auth Enabled: true
                 Is Local Users and Groups Enabled: true
                           Is Multichannel Enabled: false
            Is NetBIOS over TCP (port 139) Enabled: true
               Is NBNS over UDP (port 137) Enabled: false
                               Is Referral Enabled: false
             Is Search Short Names Support Enabled: false
  Is Trusted Domain Enumeration And Search Enabled: true
                        Is UNIX Extensions Enabled: false
          Is Use Junction as Reparse Point Enabled: true
                               Max Multiplex Count: 255
          Max Connections per Multichannel Session: 32
                 Max LIFs per Multichannel Session: 256
              Max Same User Session Per Connection: 2500
                 Max Same Tree Connect Per Session: 5000
                      Max Opens Same File Per Tree: 1000
                          Max Watches Set Per Tree: 500
                   Is Path Component Cache Enabled: true
    NT ACLs on UNIX Security Style Volumes Enabled: true
                                  Read Grants Exec: disabled
                                  Read Only Delete: disabled
                  Reported File System Sector Size: 4096
                                Restrict Anonymous: no-restriction
                              Shadowcopy Dir Depth: 5
                                Shadowcopy Enabled: true
                                      SMB1 Enabled: true
                  Max Buffer Size for SMB1 Message: 65535
                                      SMB2 Enabled: true
                                      SMB3 Enabled: true
                                    SMB3.1 Enabled: false
            Map Null User to Windows User or Group: nodoby
                                      WINS Servers: -
         Report Widelink as Reparse Point Versions: SMB1
                              Max Credits to Grant: 128
Highlighted

Re: Windows 2003 access CIFS share folder

What user is "nodoby"?

 

    Map Null User to Windows User or Group: nodoby

 

I'm guessing that was a fat finger/typo.

 

This link covers configuring the NULL user for access:

 

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-76186CB7-BFD0-4EA1-9CA5-07DC8D6A2BAF.html 

Highlighted

Re: Windows 2003 access CIFS share folder

Changed that, thanks. Still no go

 

Highlighted

Re: Windows 2003 access CIFS share folder

Did you also set up the name mapping rules as per the doc link?

 

What do you see in "event log show"?

Highlighted

Re: Windows 2003 access CIFS share folder

Actually no, as there's no anonimous login option. Only authenticatred users.

 

Highlighted

Re: Windows 2003 access CIFS share folder

You may want to open up a support ticket for this, then.

Highlighted

Re: Windows 2003 access CIFS share folder

I wish I could. The system allways tells me to contact a reseller instead of creating a case.

Highlighted

Re: Windows 2003 access CIFS share folder

Hi DiVRa,

 

As @parisi mentioned, you must create a Windows to UNIX name-mapping rule for the "nodoby" user that the NULL/Anonymous user is being mapped. The "nodoby" Windows user must now be mapped to a UNIX user specified in ONTAP or you can use one of the default users called "pcuser". 

 

Command to create a local UNIX user:

::> vserver services name-service unix-user create -vserver vserver_name -user user_name -id integer -primary-gid integer -full-name full_name

 

Here is a reference document on creating a local Unix user:

Creating a local UNIX user 

 

Here is a KB you can follow that addresses the allowing NULL user access:

How to grant access to NULL (Anonymous) user in Clustered Data ONTAP 

 

Here is a reference document for name-mapping:

Creating a name mapping 

 

More reference documentation on null user access:

How the storage system provides null session access 

 

 

Regards,

 

Team NetApp

Team NetApp
Cloud Volumes ONTAP
Review Banner
All Community Forums
Public