Opened a case with netapp - SOLVED - 3 things:
1 - map the \vfiler-name\sharename vs \vfiler-name\vol\volname\sharename 2 - customer wanted to map the share anonymously (no auth popup - access is IP restricted) as administrator - they needed to rename the administrator account to ‘admin’ to avoid matching netapp administrator account and the popup 3 - options cifs.guest_account pcuser
debug commands that helped:
options cifs.trace_dc_connection on options cifs.trace_login on
On Sep 6, 2014, at 3:01 PM, Borzenkov, Andrei andrei.borzenkov@ts.fujitsu.com wrote:
"Doctor, it hurts when I do it" ...
If you are using plain text password authentication, you need to enable plain text passwords. It has always been this way. If you do not want to do it, use local users authentication - then passwords are not stored directly, only hashes. You will need to manually create each user on NetApp. If you need to grant access to a couple of users, it is acceptable.
Отправлено с iPhone
05 сент. 2014 г., в 8:54, "Fletcher Cocquyt" fcocquyt@stanford.edu написал(а):
Here is the doc (below)
is it saying, in effect, to enable plaintext passwords to fix the issue? I don’t think that is a reasonable solution security-wise - not willing to do that
Opening a case Symptoms
/etc/passwd authentication
Encrypted or plain text passwords
No PDC / BDC controlling authentication
Client cannot send a plain text password to the filer
Cannot authenticate users
Error message: Password rejected
Error message: The account is not authorized to login from this station
Error message: Permission denied
Error message: Password not authenticated
Error message: incorrect passwd unknown login
Error message: Invalid password
Cause
In Data ONTAP 6.0.x and earlier, a Windows workgroup requires that Windows clients send unencrypted passwords to the filer. The filer used the /etc/passwd file which required UNIX authentication. In Data ONTAP 6.1.x through 7G, Windows workgroups do not require that passwords be sent unencrypted because Common Internet File System protocol (CIFS) users accounts can be created on the filer.
Solution
Either enable plain text passwords on the Windows client and populate the filer's /etc/password file. Note that there is a DS client on the Windows 2000 server CD to fix this problem without lowering security by using plain-text passwords. Consult Windows support for details.
-Or-
In DATA ONTAP 6.1 through 7G, create user accounts with the useradmin command.
Creating local users on the filer: Creating local user accounts with the filer's useradmin useradd command does not require that plain text passwords be enabled. Up to 96 filer local users can be created. See the useradmin man page for more details.
Note: Currently User Manager cannot be used to manage filer local user accounts. User Manager in Windows NT 4.0 can only view the filer user accounts. However, User Manager in Windows 2000 cannot. Use the Group's menu to display local users.
Enabling plain text passwords: Warning: When plain text passwords are enabled, passwords are no longer secure when they travel across the network during user authentication.
Enable plain text passwords by using the respective MS article for your Windows client. To use plain text passwords, user accounts must be created in the filer's /etc/passwd file or be authenticated using NIS. For more information on creating users in the the /etc/passwd file, see Article 3010502:What is the format for /etc/passwd entries?
Enabling plain text passwords on Windows 95 (Service Releases 1, 2 and 2.1): See MS Article Q165403
Enabling plain text passwords on Windows NT 4.0 (Service Pack 3 and above): See MS Article Q166730
Enabling plain text passwords on Windows 2000 clients: See MS Article Q244627
Warning: In step 1 of the article above, if you cannot access Administrative Tools directly, check if Administrative Tools exists in the Control Panel.
Note: The following registry setting can be set for Windows 2000 through Windows 7:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkStation\parameters] EnablePlainTextPassword=dword:00000001
Disclaimer
NetApp provides no representations or warranties regarding the accuracy, reliability, or serviceability of any information or recommendations provided in this publication, or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS, and the use of this information or the implementation of any recommendations or techniques herein is a customer’s responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
On Sep 4, 2014, at 5:23 PM, tmac tmacmd@gmail.com wrote:
Oh Vey....
Please see the KB to fix:
https://kb.netapp.com/support/index?page=content&id=2010648&locale=e...
--tmac
Tim McCarthy Principal Consultant
Clustered ONTAP Clustered ONTAPNCDA ID: XK7R3GEKC1QQ2LVD RHCE6 110-107-141 NCSIE ID: C14QPHE21FR4YWD4 Expires: 08 November 2014 Current until Aug 02, 2016 Expires: 08 November 2014
On Thu, Sep 4, 2014 at 7:46 PM, Fletcher Cocquyt fcocquyt@stanford.edu wrote: So I specified the VFILER\username and instead of “unknown username or bad password” it hangs for multiple minutes There is no firewall (same subnet) And I don’t see anything on the server side
Any ideas?
On Sep 4, 2014, at 9:45 AM, Fletcher Cocquyt fcocquyt@stanford.edu wrote:
I created the user in the cifs-vf-01 context and gave it full control
When mapping I get “unknown username or bad password”
Do I need to create the user in the vfiler0 context?
thanks
On Sep 4, 2014, at 9:03 AM, Luke Sheldrick luke@sheldrick.co.uk wrote:
On 4 September 2014 16:43, Fletcher Cocquyt fcocquyt@stanford.edu wrote: Ok, it was unix, I updated it to ntfs
cifs-vf-01@irt-na06> qtree security /vol/media1 ntfs cifs-vf-01@irt-na06> Thu Sep 4 08:27:49 PDT [irt-na06:wafl.quota.sec.change:notice]: security style for /vol/media1/ changed from unix to ntfs
I still get the same “write protected” error when attempting to copy to the remapped drive
Should I re-run cifs setup? I want the simplest non-AD (since only one (service type) account will be accessing this share)
(1) Active Directory domain authentication (Active Directory domains only) (2) Windows NT 4 domain authentication (Windows NT or Active Directory domains) (3) Windows Workgroup authentication using the filer's local user accounts (4) /etc/passwd and/or NIS/LDAP authentication
Set it to 3, set the qtree to NTFS as you have done.
Create a local user for the account you want to use, and then give it access to the share you have setup...
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters