We're having authentication issues with SCCM pointed at a CIFS share on a filer running ONTAP 8.0.x. SCCM uses a domain computer account to authenticate (our filer is also joined to our domain).
We've added the computer account at the share level (as well as "Domain Computers") with full permissions, but continue to get authentication denied errors back from the filer.
Speficially:
Fri Feb 1 16:28:27 PST [red-str-napc2-p2: auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user red-inf-cm-p01$ of domain DOMAIN from client machine 1.1.1.1 (RED-INF-CM-P01). Fri Feb 1 16:28:27 PST [red-str-napc2-p2: auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \REDDC1. Fri Feb 1 16:28:27 PST [red-str-napc2-p2: auth.trace.authenticateUser.loginRejected:info]: AUTH: Login attempt by user rejected by the domain controller with error 0xc0000199: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. Fri Feb 1 16:28:28 PST [red-str-napc2-p2: auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user red-inf-cm-p01$ of domain DOMAIN from client machine 1.1.1.1 (RED-INF-CM-P01).
This reads like the problem is with AD rejecting the login, but when we point to another CIFS share on a real Windows box we don't get the same problem, so we don't think that's the case.
We came across this KB article[1] which seems to disable the use of the computer account for authentication. However, this seems to send *no* authentication information at all (anonymous?) which of course is rejected as well.
Help?
We'll be reaching out to support as well.
Thanks, Ray
[1] https://kb.netapp.com/support/index?page=content&id=2013374