Skip to main content
NetApp Knowledge Base

Unable to access files because the user account is locked out in Active Directory

Views:
204
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • Active Directory

Issue

  • Clients are not able to interact with file/folders and may get permissions issues when Active Directory user account is locked.
    • We can confirm by running below command:
::> set advanced
::*> vserver services access-check authentication show-creds -node node-01 -vserver svm -unix-user-name <root>

Vserver: sbm1 (internal ID: 40)

Error: Get user credentials procedure failed
[ 0 ms] Determined UNIX id 0 is UNIX user 'root'
[ 0] UNIX user 'root' mapped to Windows user 'DOMAIN\root'
[ 0] Using cached 'DOMAIN\root' SID mapping.
[ 11] Successfully connected to ip 10.20.40.80, port 88 using TCP
**[ 16] FAILURE: Could not get credentials via S4U2Self based on
** full Windows user name 'root@DOMAIN.LOCAL'. A  'root' or SID
'S-2-8-21-338539323-9078145449-725348543-25819'

Error: command failed: Failed to get user credentials. Reason: "Kerberos Error: Clients credentials have been revoked".

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support