Yup - that is called 'passthrough authentication'. It is sometimes required with SnapDrive as well (when no domain is used).

It does work, and it works well. It isn't as secure as using domain authentication, but it still has a password that must be supplied.

Quick note - if you try to use passthrough authentication from a windows machine that IS a member of a domain, you must enable 'unencrypted passwords for third party SMB servers' - shouldn't matter here though.

Glenn

________________________________

From: Glenn Dekhayser [mailto:gdekhayser@voyantinc.com] Sent: Wednesday, March 29, 2006 7:28 AM To: Glenn Walker; Dean, Phil (ITO); toasters@mathworks.com Subject: RE: cifs username to map as a domain\username

I know this sounds nuts, but you should try adding an account to the Netapp's local user db (useradmin user add), with the same username and password as the domain account. I've done this in the past and it has worked for other apps.

Glenn (another Glenn)

________________________________

From: owner-toasters@mathworks.com on behalf of Glenn Walker Sent: Wed 3/29/2006 12:32 AM To: Dean, Phil (ITO); toasters@mathworks.com Subject: RE: cifs username to map as a domain\username

I fear your options may be limited.

I know little about the Ricoh product, but would suspect that they have documentation on getting this to function in a domain (any domain). I would also suspect that you would need to create a machine account for the printer in the domain to enable this functionality, but I could be wrong. A quick search turns up some promising evidence of this, but I do not know your specific device type. I'd definitely recommend a healthy dose of 'google' before continuing too deeply here...

Barring the above, I fear that the passthru authentication may be your only hope, specifically given the fact that the device does not prepend the username with a domain (at least not correctly).

One thing that would be immensely helpful: a snippet of the cifs trace login info and perhaps a packet trace to help understand exactly what is going on. At this juncture, you may be wary to share this information with the 'group' here (and the rest of the world as the data is archived on a web-host somewhere) - I'd recommend opening a case with NetApp support if packet trace is the only path you can take.

Glenn

-----Original Message----- From: Dean, Phil (ITO) [mailto:deanph@cba.com.au] Sent: Wednesday, March 29, 2006 12:25 AM To: Glenn Walker; Dean, Phil (ITO); toasters@mathworks.com Subject: RE: cifs username to map as a domain\username

Glenn thanks,

As the Ricoh is acting as the printer for another of its function I do not believe it needed a machine account in the domain.

I'm trying for the passthrough authentication but as the account when it hits the filer is just a username, I don't want to create a local account on the filer at all, as other parties control the domain and we just look after the data storage.

Phil.

-----Original Message----- From: Glenn Walker [mailto:ggwalker@mindspring.com] Sent: Wednesday, 29 March 2006 4:15 PM To: Dean, Phil (ITO); toasters@mathworks.com Subject: RE: cifs username to map as a domain\username

Phil,

Does the RICOH even handle NTLM\KRB authentication with a domain?? If it doesn't have a machine account in the domain, then it's not going to do KRB authentication because it won't be able to get a ticket (no SPN, no ticket). As far as that goes, even NTLM would likely cause problems.

With what little information I have, I'm tempted to recommend looking into the 'passthrough authentication' portion of the ONTAP documentation - it should do the trick and allow you to authenticate (though you'll be creating an account on the filer via useradmin user add).

Glenn

-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Dean, Phil (ITO) Sent: Tuesday, March 28, 2006 11:11 PM To: toasters@mathworks.com Subject: cifs username to map as a domain\username

Ricoh are setting up a function of there multifunction devices to allow scanning a document to a folder on the filer.

A domain account has been setup for this user ID for access and is permissioned on the filer both for share and folder access.

The ricoh setup does not have a separte entry for domain and user name so I'm getting them to DOMAIN\username but when the filer sees the attempted login it domain\username where normal users the filer sees them as DOMAIN\username.

I assume that the filer is seeing the ricoh username as just that a username, instead of a Domain nad Username.

So is there anyway to force at least this one account to sent the authenication as a domain account?

I attempted placing an entry in usermap.cfg think it might be seeing it as a unix username with no success.

Any Ideas?

Thanks in advance.

Phil.

************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ***************************************************************