CIFS domain password schedule Q&A
Applies to
- ONTAP 9
- CIFS
Answer
- Since the schedule is disabled by default, what are the risks/impacts to get it enabled ?
No impact is expected assuming all systems (cluster, domain controller) are working correctly.
- Why is
cifs domain password schedule
not automatically enabled after CIFS server is created ?
It was determined to be the default behaviour.
- Will existing CIFS sessions be cut when the passwords are being reset ?
This feature is related to change password of the SVM’s machine account which is used to communicate with the DC, existing CIFS sessions are not affected by this change
- Will new CIFS sessions fail when the passwords are being reset ?
Depending on the authentication method it could lead to a delay in the client authentication (and maybe an authentication failure if the client needs to renew the kerberos ticket to access)
- Is there any risk of burst/fail if all requests are send at the same time for all CIFS servers across the organization ?
There is a random interval added on every password change schedule to avoid to overload the DCs with this activity
- What can happen if a password cannot be changed for a specific CIFS server during the defined time window ?
If the machine account password change fails the SVM is no longer able to communicate properly with the DC so the client authentication may fail