I know this sounds nuts, but you should try adding an account to the Netapp's local user db (useradmin user add), with the same username and password as the domain account.  I've done this in the past and it has worked for other apps.
 
Glenn (another Glenn)
 

From: owner-toasters@mathworks.com on behalf of Glenn Walker
Sent: Wed 3/29/2006 12:32 AM
To: Dean, Phil (ITO); toasters@mathworks.com
Subject: RE: cifs username to map as a domain\username

I fear your options may be limited.

I know little about the Ricoh product, but would suspect that they have
documentation on getting this to function in a domain (any domain).  I
would also suspect that you would need to create a machine account for
the printer in the domain to enable this functionality, but I could be
wrong.  A quick search turns up some promising evidence of this, but I
do not know your specific device type.  I'd definitely recommend a
healthy dose of 'google' before continuing too deeply here...

Barring the above, I fear that the passthru authentication may be your
only hope, specifically given the fact that the device does not prepend
the username with a domain (at least not correctly).

One thing that would be immensely helpful:  a snippet of the cifs trace
login info and perhaps a packet trace to help understand exactly what is
going on.  At this juncture, you may be wary to share this information
with the 'group' here (and the rest of the world as the data is archived
on a web-host somewhere) - I'd recommend opening a case with NetApp
support if packet trace is the only path you can take.

Glenn

-----Original Message-----
From: Dean, Phil (ITO) [mailto:deanph@cba.com.au]
Sent: Wednesday, March 29, 2006 12:25 AM
To: Glenn Walker; Dean, Phil (ITO); toasters@mathworks.com
Subject: RE: cifs username to map as a domain\username

Glenn thanks,

As the Ricoh is acting as the printer for another of its function I do
not
believe it needed a machine account in the domain.

I'm trying for the passthrough authentication but as the account when it
hits the filer is just a username, I don't want to create a local
account on
the filer at all, as other parties control the domain and we just look
after
the data storage.

Phil.


-----Original Message-----
From: Glenn Walker [mailto:ggwalker@mindspring.com]
Sent: Wednesday, 29 March 2006 4:15 PM
To: Dean, Phil (ITO); toasters@mathworks.com
Subject: RE: cifs username to map as a domain\username

Phil,

Does the RICOH even handle NTLM\KRB authentication with a domain??  If
it doesn't have a machine account in the domain, then it's not going to
do KRB authentication because it won't be able to get a ticket (no SPN,
no ticket).  As far as that goes, even NTLM would likely cause problems.

With what little information I have, I'm tempted to recommend looking
into the 'passthrough authentication' portion of the ONTAP documentation
- it should do the trick and allow you to authenticate (though you'll be
creating an account on the filer via useradmin user add).

Glenn

-----Original Message-----
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com]
On Behalf Of Dean, Phil (ITO)
Sent: Tuesday, March 28, 2006 11:11 PM
To: toasters@mathworks.com
Subject: cifs username to map as a domain\username

Ricoh are setting up a function of there multifunction devices to allow
scanning a document to a folder on the filer.

A domain account has been setup for this user ID for access and is
permissioned on the filer both for share and folder access.

The ricoh setup does not have a separte entry for domain and user name
so
I'm getting them to DOMAIN\username but when the filer sees the
attempted
login it domain\username where normal users the filer sees them as
DOMAIN\username.

I assume that the filer is seeing the ricoh username as just that a
username, instead of a Domain nad Username.

So is there anyway to force at least this one account to sent the
authenication as a domain account?

I attempted placing an entry in usermap.cfg think it might be seeing it
as a
unix username with no success.

Any Ideas?

Thanks in advance.

Phil.



**************   IMPORTANT MESSAGE  **************
This e-mail message is intended only for the addressee(s) and contains
information which may be confidential.
If you are not the intended recipient please advise the sender by return
email, do not use or disclose the contents, and delete the message and
any attachments from your system. Unless specifically indicated, this
email does not constitute formal advice or commitment by the sender or
the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us,
please reply to this e-mail by typing Unsubscribe in the subject line.
***************************************************************