Asymmetric LDAP name mapping to a trusted domain fails to resolve user
Applies to
- ONTAP 9
- LDAP name mapping
- CIFS and NFS
Issue
- LDAP search attempts to match windows user against
sAMaccountname and results in the following SECD log when mapping from UNIX to Windows:
[000.511.556] debug: Calling LsaLookupNames2... { inlookupName() at src/utils/secd_cifs_utils.cpp:323 }
0000001e.000ff3a000f82604 Thu Jun 26 2025 11:55:49 +00:00 [kern_secd:info:13269] |[000.612.509] debug: LsaLookupNames2 returned NtStatus:NT_STATUS_NONE_MAPPED(0xc0000073) { inlookupName() at src/utils/secd_cifs_utils.cpp:341 }
0000001e.002ff3ff02f00004 Thu Jun 26 2025 11:55:49 +00:00 [kern_secd:info:13269] |[000.612.538] debug: LSA returned NT status NT_STATUS_NONE_MAPPED(0xC0000073), which was converted to result RESULT_ERROR_SECD_USER_NOT_FOUND { inconvertLsaErrorToResult() at src/include/secd_connection_utils.h:48 }
0000001e.002fff3ff02f82604 Thu Jun 26 2025 11:55:49 +00:00 [kern_secd:info:13269] |[000.612.543] ERR : RESULT_ERROR_SECD_USER_NOT_FOUND:6909 in lookupName() atsrc/utils/secd_cifs_utils.cpp:420
0000001e.000ff0ff02ff2000 Thu Jun 26 2025 11:55:49 +00:00 [kern_secd:info:13269] |[000.612.553] ERR : RESULT_ERROR_SECD_USER_NOT_FOUND:6909 in getSidFromName() atsrc/authorization/secd_cifs_authorization.cpp:347
0000001e.000ff3ff02f80004 Thu Jun 26 2025 11:55:49 +00:00 [kern_secd:info:13269] |[000.612.559] info : Could not find Windows name'TRUSTEDDOMAIN\windowsUser' { in getSidFromName() atsrc/authorization/secd_cifs_authorization.cpp:377 }