CIFS share is visible but not accessible when export policy for CIFS is enabled
Applies to
- ONTAP 9
- CIFS
Issue
- When attempting to navigate into a share, a credential prompt appears and reports
Access is denied
when credentials are entered - Attempting to access the root of the CIFS server is initially successful
- i.e. when File Explorer navigates to the LIF IP address, all the CIFS shares are listed
- CIFS export policies are enabled:
::> set -privilege advanced
::*> vserver cifs options show -vserver <SVM_name> -fields is-exportpolicy-enabled
- Identify the policy and the index of the rule blocking access:
::> vserver export-policy check-access -vserver <SVM_name> -volume <Volume_name> -client-ip <Client_IP> -protocol cifs -access-type read-write -authentication-method [krb5|ntlm]
- The client IP address is not present in the export rules assigned to the volume/qtree.
- In a packet trace, you will see the server returning ACCESS_DENIED in the Tree Connect Response.