"Doctor, it hurts when I do it" ...

If you are using plain text password authentication, you need to enable plain text passwords. It has always been this way. If you do not want to do it, use local users authentication - then passwords are not stored directly, only hashes. You will need to manually create each user on NetApp. If you need to grant access to a couple of users, it is acceptable.

Отправлено с iPhone

05 сент. 2014 г., в 8:54, "Fletcher Cocquyt" <fcocquyt@stanford.edu> написал(а):

Here is the doc (below)

is it saying, in effect,  to enable plaintext passwords to fix the issue?

I don’t think that is a reasonable solution security-wise - not willing to do that

Opening a case

Symptoms

/etc/passwd authentication

Encrypted or plain text passwords

No PDC / BDC controlling authentication

Client cannot send a plain text password to the filer

Cannot authenticate users

Error message: Password rejected

Error message: The account is not authorized to login from this station

Error message: Permission denied

Error message: Password not authenticated

Error message: incorrect passwd unknown login

Error message: Invalid password

Cause

In Data ONTAP 6.0.x and earlier, a Windows workgroup requires that Windows clients send unencrypted passwords to the filer. The filer used the /etc/passwd file which required UNIX authentication.
In Data ONTAP 6.1.x through 7G, Windows workgroups do not require that passwords be sent unencrypted because Common Internet File System protocol (CIFS) users accounts can be created on the filer.

Solution

Either enable plain text passwords on the Windows client and populate the filer's /etc/password file. Note that there is a DS client on the Windows 2000 server CD to fix this problem without lowering security by using plain-text passwords. Consult Windows support for details.

-Or-

In DATA ONTAP 6.1 through 7G, create user accounts with the useradmin command.

  1. Creating local users on the filer:
  2. Creating local user accounts with the filer's useradmin useradd command does not require that plain text passwords be enabled. Up to 96 filer local users can be created. See the useradmin man page for more details.

    Note:
    Currently User Manager cannot be used to manage filer local user accounts. User Manager in Windows NT 4.0 can only view the filer user accounts. However, User Manager in Windows 2000 cannot. Use the Group's menu to display local users.

  3. Enabling plain text passwords:
  4. Warning: When plain text passwords are enabled, passwords are no longer secure when they travel across the network during user authentication.

    Enable plain text passwords by using the respective MS article for your Windows client. To use plain text passwords, user accounts must be created in the filer's /etc/passwd file or be authenticated using NIS. For more information on creating users in the the /etc/passwd file, see Article 3010502:What is the format for /etc/passwd entries?

    Enabling plain text passwords on Windows 95 (Service Releases 1, 2 and 2.1):
    See MS Article Q165403

    Enabling plain text passwords on Windows NT 4.0 (Service Pack 3 and above):
    See MS Article Q166730

    Enabling plain text passwords on Windows 2000 clients:
    See MS Article Q244627

Warning:
In step 1 of the article above, if you cannot access Administrative Tools directly, check if Administrative Tools exists in the Control Panel.

Note: The following registry setting can be set for Windows 2000 through Windows 7:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkStation\parameters]
EnablePlainTextPassword=dword:00000001


 

Disclaimer

NetApp provides no representations or warranties regarding the accuracy, reliability, or serviceability of any information or recommendations provided in this publication, or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS, and the use of this information or the implementation of any recommendations or techniques herein is a customer’s responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.





On Sep 4, 2014, at 5:23 PM, tmac <tmacmd@gmail.com> wrote:

Oh Vey....

Please see the KB to fix:



--tmac

Tim McCarthy
Principal Consultant

          

        Clustered ONTAP                                                        Clustered ONTAP
 NCDA ID: XK7R3GEKC1QQ2LVD           RHCE6 110-107-141           NCSIE ID: C14QPHE21FR4YWD4
     Expires: 08 November 2014              Current until Aug 02, 2016         Expires: 08 November 2014



On Thu, Sep 4, 2014 at 7:46 PM, Fletcher Cocquyt <fcocquyt@stanford.edu> wrote:
So I specified the VFILER\username and instead of “unknown username or bad password” it hangs for multiple minutes
There is no firewall (same subnet)
And I don’t see anything on the server side

Any ideas?



On Sep 4, 2014, at 9:45 AM, Fletcher Cocquyt <fcocquyt@stanford.edu> wrote:

I created the user in the cifs-vf-01 context and gave it full control

When mapping I get “unknown username or bad password”

Do I need to create the user in the vfiler0 context?

thanks


On Sep 4, 2014, at 9:03 AM, Luke Sheldrick <luke@sheldrick.co.uk> wrote:

On 4 September 2014 16:43, Fletcher Cocquyt <fcocquyt@stanford.edu> wrote:
Ok, it was unix, I updated it to ntfs

cifs-vf-01@irt-na06> qtree security /vol/media1 ntfs
cifs-vf-01@irt-na06> Thu Sep  4 08:27:49 PDT [irt-na06:wafl.quota.sec.change:notice]: security style for /vol/media1/ changed from unix to ntfs  

I still get the same “write protected” error when attempting to copy to the remapped drive

Should I re-run cifs setup?
I want the simplest non-AD (since only one (service type) account will be accessing this share)

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication


Set it to 3, set the qtree to NTFS as you have done.

Create a local user for the account you want to use, and then give it access to the share you have setup...  




_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters



_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters