Skip to main content
NetApp Knowledge Base

Failed to resolve the SID for the account named "domain/group" while adding security group to cifs share

Views:
3,567
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Issue

Error observed while adding Domain group/user to share ACL on storage:

::*> cifs share access-control create -share cifstest -user-or-group Test\group1234 -user-group-type windows -permission Full_Control

Error: command failed: Failed to resolve the security identifier (SID) for the account named "Test\group1234". Reason: Object name either does not exist or could not be resolved using the available servers. Check the event log for additional information.

  • EMS may point to issues such as domain name service (DNS) not reachable to discover domain controller or domain contoller is not responding to request.

​​​Wed Jan 08 01:05:20 -0100 [hostname: secd: secd.unexpectedFailure:debug]: vserver (vserver) Unexpected failure. 
Error: Lookup of CIFS account name procedure failed   
[  5 ms] Failed to connect to 10.1.1.2 for DNS via Source Address 10.3.3.3: No route to host   
[     5] Failed to connect to 10.2.3.4 for DNS via Source Address 10.3.3.3: No route to host   
[     5] Failed to connect to 10.1.3.5 for DNS via Source Address 10.3.3.3: No route to host 
**[     5] FAILURE: Unable to contact DNS to discover domain controllers.   
[     5] Unable to make a connection (LSA:DOMAIN.COM), result: 6812      
[     5] Could not find Windows name 'DOMAIN\GROUP NAME'   
[     5] CIFS name lookup failed 

4/5/2022 06:59:02   hostname: 02 ERROR         secd.cifsAuth.problem: vserver (svm_euw4asv001clu) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.120.1.1
  [  0 ms] Login attempt by domain user 'EU\user1' using NTLMv2 style security
  [  2011] TCP connection to ip 10.5.38.39, port 445 failed: Operation timed out.
  [  2011] Unable to connect to NetLogon service on euiadvs01.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  4019] TCP connection to ip 10.30.0.217, port 445 failed: Operation timed out.
  [  4019] Unable to connect to NetLogon service on grcorvs101.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  6030] TCP connection to ip 10.30.0.220, port 445 failed: Operation timed out.
  [  6030] Unable to connect to NetLogon service on grcorvs001.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  8041] TCP connection to ip 10.31.1.43, port 445 failed: Operation timed out.
  [  8041] Unable to connect to NetLogon service on nlrtmvs001.eu.bm.net (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
**[  8041] FAILURE: Unable to make a connection (NetLogon:EU.BM.NET), result: 6942
  [  8041] CIFS authentication failed
  [  8041] Retry requested, but the retry window (7000 ms) has expired; giving up.

  • Packet trace shows DC response is STATUS_NONE_MAPPED when storage sends lookup for group name.

No        Source         Destination    Protocol  String            Info
2310    10.216.41.154   10.216.41.30    LSARPC    naslab\group1234    lsa_LookupNames2 request
2314    10.216.41.30    10.216.41.154   LSARPC    NASLAB              lsa_LookupNames2 response, STATUS_NONE_MAPPED, Error: STATUS_NONE_MAPPED

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.