"Failed to resolve the security identifier (SID) for the account named" when using name of AD group
Applies to
- ONTAP 9
- SMB/CIFS
- Active Directory
Issue
- When trying to add Active Directory group named
USofA
to CIFS share ACL, ONTAP is unable to resolve the AD group's SID-
::*> cifs share access-control create -share cifstest -user-or-group USofA -user-group-type windows -permission Full_Control Error: command failed: Failed to resolve the security identifier (SID) for the account named "USofA". Reason: Object name either does not exist or could not be resolved using the available servers. Check the event log for additional information.
-
- SECD log says that domain controller could not find group named
USofA
-
Failure Summary: Error: Lookup of CIFS account name procedure failed [ 9 ms] Successfully connected to ip x.x.x.x, port 445 using TCP [ 32] Successfully authenticated with DC hostname.domainname.local [ 50] Encountered NT error (NT_STATUS_PIPE_NOT_AVAILABLE) for SMB command Create [ 136] Successfully retried Smb2NtCreateAndXFile for pipe \lsarpc 9 times within 95201 usecs to overcome STATUS_PIPE_NOT_AVAILABLE error from DC hostname.domainname.local [ 191] Could not find Windows name 'USofA' **[ 50] FAILURE: Unexpected state: Error 6763 at file:src/Commands/Commands.cpp func:CheckSmbStatusWrapper line:1129 **[ 191] FAILURE: Error case not correctly journaled
-
- Packet trace of traffic between ONTAP and domain controller shows that the DC's LSARPC reply is
-
lsa_LookupNames2 response, STATUS_NONE_MAPPED, Error: STATUS_NONE_MAPPED
-