Hi,

We have a fairly restricted environment where the SVMs are joined to a domain in a forest where the SMB users all reside. No other domains in the forest matter from a CIFS perspective. The problem is we have several multiprotocol shares and at some point someone created an AD account called "root" in a domain we have no control over, much less can tell whether is being used or not, but in every SVM I see non-stop secd messages such as these

ERROR secd.nfsAuth.noCifsCred: vserver (svm01) NFS authorization cannot retrieve CIFS credentials. Error: Get user credentials procedure failed

Determined UNIX id 0 is UNIX user 'root'

UNIX user 'root' mapped to Windows user 'THATOTHERDOMAIN\root'

Using cached 'THATOTHERDOMAIN\root' SID mapping.

Any legitimate root user has apparently zero access to shares it once was correctly mapped to Administrators.

I don't see anything "in the cache" which can be deleted, and I've tried creating what I thought would be "override" mappings to make THATOTHERDOMAIN\\root" map to a restricted or bogus local account, but it makes no diff.

How can I tell the SVM's when you see this account forget it exists or tell it to map to a defunct local account?

Or, as some articles seem to imply - having the trusts fully in place so tickets and such can be passed is the only way (that seems wrong in so many ways). All I know is this seems to really foil user mapping as it pertains to admins or proper root accounts we want to have full access by way of NTFS security.

9.14.1P11

thanks