How to use a (g)MSA for ONTAP antivirus services
Applies to
- ONTAP 9
- (Group) Managed Service Account ((g)MSA)
- ONTAP antivirus (AV) services
Description
- A (g)MSA can be used for ONTAP antivirus (AV) services as a normal domain user account
- If a (g)MSA (machine account) is used, it will be treated as a NULL user (ANONYMOUS LOGON) during authentication
- If access to a NULL user for authentication is not granted, access will be denied and below events are reported in the Security Daemon (SECD):
Treating machine account '...$' as a NULL user
Attempting to map name ANONYMOUS LOGON
RESULT_ERROR_SECD_DOMAIN_NAME_NOT_SET
Attempting to map name ANONYMOUS LOGON
RESULT_ERROR_SECD_IN_DISCOVERY
RESULT_ERROR_GENERAL_INVALID_PTR
Trying to map 'ANONYMOUS LOGON' to UNIX user 'pii_encrypt/.../pii_encrypt' using implicit mapping
Get UserId and Group Id for UserName = anonymous logon
RESULT_ERROR_SECD_USER_NOT_FOUND
Unable to map Windows Anonymous user. Mapping to UNIX user 'pii_encrypt/.../pii_encrypt'