CIFS access Issues on NetApp systems with domain and non-domain windows clients
Applies to
- ONTAP 9
- CIFS
- Windows clients (both domain-joined and non-domain-joined)
Issue
- Domain-joined windows clients can access CIFS shares using both FQDN and IP address.
- Non-domain-joined windows clients can only access shares using FQDN and not by IP address.
- Packet trace shows NTLM authentication is failing with error: STATUS_NO_LOGON_SERVERS (0xc000005e).
11011 2024-12-06 11:46:17.421342 0.022644 XXX XXX SMB2 648 1129 Session Setup Request, NTLMSSP_AUTH, User: XXX
11973 2024-12-06 11:46:39.498860 0.000507 XXX XXX SMB2 131 1129 Session Setup Response, Error: STATUS_NO_LOGON_SERVERS
- Secd log records indicating a failure to connect to the LDAP servers.
0000001b.00112f35 00ecb63e Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.359.137] ERR : LDAP SASL bind failed using GSSAPI and channel binding. Error: -2 (Local error) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:671 }
0000001b.00112f36 00ecb63e Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.359.142] ERR : Additional Error Message: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:672 }
0000001b.00112f37 00ecb63e Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.359.146] debug: Retrying bind without channel binding { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:675 }
0000001b.00112fd3 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.172] info : [krb5 context 09364200] Received error from KDC: -1765328360/Preauthentication failed
0000001b.00112fd4 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.201] ERR : Could not authenticate as 'XXX': Invalid Credentials (KRB5KDC_ERR_PREAUTH_FAILED). { in getKerberosAdminCredentials() at src/utils/secd_krb_utils.cpp:426 }
0000001b.00112fd5 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.213] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in getKerberosAdminCredentials() at src/utils/secd_krb_utils.cpp:429
0000001b.00112fd6 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.219] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:595
0000001b.00112fd7 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.243] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in ldapSaslBind() at src/connection_manager/secd_connection.cpp:1131
0000001b.00112fd8 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.248] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in ldapConnectAD() at src/connection_manager/secd_connection.cpp:1276
0000001b.00112fd9 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.252] ERR : RESULT_ERROR_KERBEROS_PREAUTH_FAILED:7525 in connect() at src/connection_manager/secd_connection.cpp:2535
0000001b.00112fda 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.258] ERR : Vserver 3 could not connect or authenticate to ldap server (XXX) at address XXX with error Local error. { in connect() at src/connection_manager/secd_connection.cpp:2655 }
0000001b.00112fdb 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.265] info : Unable to start LDAPS: Local error { in connect() at src/connection_manager/secd_connection.cpp:2665 }
0000001b.00112fdc 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.270] info : Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) { in connect() at src/connection_manager/secd_connection.cpp:2668 }
0000001b.00112fdd 00ecb63f Fri Dec 06 2024 11:45:42 +09:00 [kern_secd:info:10826] | [011.613.311] debug: LDAP TLS Alert generated is 'warning:close notify'
