ONTAP is unable to create CIFS server with AcceptSecurityContext error data 80090346
Applies to
- ONTAP 9.9.1 and earlier
- Microsoft Active Directory
- CIFS
Issue
- ONTAP CLI Commands
cifs server create
orcifs server modify
return error
Example SECD / EMS error:
**[ 4201] FAILURE: Unable to SASL bind to LDAP server using GSSAPI:
** Invalid credentials
[ 4201] Additional info: 80090346: LdapErr: DSID-0C090597,
comment: AcceptSecurityContext error, data 80090346, v4563
Warning Regarding LdapEnforceChannelBinding, do not use enforce DWORD value 2 until ONTAP version updated or workaround implemented as per CONTAP-32765: LDAP connection failures when channel binding is enforced by the Windows LDAP server has been implemented. |
Active IQ System Risk Detection
- For customers who have enabled AutoSupport™ on their storage systems, the Active IQ Portal provides detailed System Risk reports at the customer and site and system levels. The reports show systems that have specific risks as well as severity levels and mitigation action plans. You may be reading this article as a result of one of those alerts. If AIQ detects the presence of the string described in this article 'AcceptSecurityContext error, data 80090346' then your system will be flagged appropriately.
- ONTAP does not support LDAP Channel Binding until 1136213 is implemented. Customers will need to ensure that the Domain Controller ONTAP is communicating with does not enforce, only allows LDAP Channel Binding as per the details in the article above.
- For more information, see KB Microsoft Security Advisory: ADV190023 impact on NetApp appliance running CIFS\NFS utilizing Microsoft Active Directory LDAP servers.