Unable to access files because the user account is locked out in Active Directory
Applies to
- ONTAP 9
- CIFS/SMB
Issue
- Clients are not able to interact with file/folders and may get permissions issues when Active Directory user account is locked.
- We can confirm by running below command:
::> set advanced
::*> vserver services access-check authentication show-creds -node node-01 -vserver svm -unix-user-name <root>
Vserver: sbm1 (internal ID: 40)
Error: Get user credentials procedure failed
[ 0 ms] Determined UNIX id 0 is UNIX user 'root'
[ 0] UNIX user 'root' mapped to Windows user 'DOMAIN\root'
[ 0] Using cached 'DOMAIN\root' SID mapping.
[ 11] Successfully connected to ip 10.20.40.80, port 88 using TCP
**[ 16] FAILURE: Could not get credentials via S4U2Self based on
** full Windows user name 'root@DOMAIN.LOCAL'. A 'root' or SID
'S-2-8-21-338539323-9078145449-725348543-25819'
Error: command failed: Failed to get user credentials. Reason: "Kerberos Error: Clients credentials have been revoked".