Get error "The username or password is incorrect" because user is in Protected Users group

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 229

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
CIFS/SMB
Active Directory

Issue

When a user navigates to a CIFS LIF IP in File Explorer, a credential prompt pops up with error: The username or password is incorrect

When authenticating the Windows user through the specified node using the specified Vserver's configuration, it returns error code 0xC000006E

::*> vserver services access-check authentication login-cifs -node node1 -vserver svm1 -user UserA

Note: Expected would be the user's Windows and UNIX credentials.

Affected user is a member of group Protected Users

::*> vserver services access-check authentication show-creds -node node1 -vserver svm1 -win-name UserA

Packet trace shows that NTLM authentication is failing

700   2024-02-06 15:42:05,721904    xx.xx.xx.xx      yy.yy.yy.yy     SMB2        Session Setup Request, NTLMSSP_NEGOTIATE
701   2024-02-06 15:42:05,722479    yy.yy.yy.yy      xx.xx.xx.xx     SMB2        Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, 
NTLMSSP_CHALLENGE
702   2024-02-06 15:42:05,722852    xx.xx.xx.xx      yy.yy.yy.yy     SMB2        Session Setup Request, NTLMSSP_AUTH, User: DOMAIN\UserA
703   2024-02-06 15:42:05,725141    yy.yy.yy.yy      xx.xx.xx.xx     SMB2        Session Setup Response, Error: STATUS_LOGON_FAILU