How to use a (g)MSA for ONTAP antivirus services

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 297

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
(Group) Managed Service Account ((g)MSA)
ONTAP antivirus (AV) services

Description

A (g)MSA can be used for ONTAP antivirus (AV) services as a normal domain user account
If a (g)MSA (machine account) is used, it will be treated as a NULL user (ANONYMOUS LOGON) during authentication
If access to a NULL user for authentication is not granted, access will be denied and below events are reported in the Security Daemon (SECD):

Treating machine account '...$' as a NULL user Attempting to map name ANONYMOUS LOGON RESULT_ERROR_SECD_DOMAIN_NAME_NOT_SET Attempting to map name ANONYMOUS LOGON RESULT_ERROR_SECD_IN_DISCOVERY RESULT_ERROR_GENERAL_INVALID_PTR Trying to map 'ANONYMOUS LOGON' to UNIX user 'pii_encrypt/.../pii_encrypt' using implicit mapping Get UserId and Group Id for UserName = anonymous logon RESULT_ERROR_SECD_USER_NOT_FOUND Unable to map Windows Anonymous user. Mapping to UNIX user 'pii_encrypt/.../pii_encrypt'