Re: Authentication & Authorization in CIFS - Ask The Expert - 7/16 to 7/30!

Hi Experts,

Could you please help in understanding what this error is pointing to.

This is a log from Security Daemon [SecD] from ONTAP 9.1, event log is recording these errors on day-2-day basis.

The erorr says very clear : FAILURE: CIFS authentication failed, is it the passsword with which CIFS server is joined to the AD ? It says - SMB_PASSWORD_MUST_CHANGE: Is it the AD password ?

ERROR:

RESULT_ERROR_CIFS_SMB_PASSWORD_MUST_CHANGE:335 in getFailureCode() at src/utils/secd_thread_task_journal.cpp:348

Security Daemon [secD log from cDOT 9.1]
+++++++++++++++++++++++++++++++++++++++++++++

00000012.00209282 0fea2360 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] CIFS SMB2 Share mapping - Client Ip = 10.x.x.x
00000012.00209283 0fea2360 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] [ 0 ms] Login attempt by domain user 'Dxxx\Administrator' using NTLMv1 style security
00000012.00209284 0fea2360 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] [ 1] Successfully connected to ip 10.x,x,x, port 445 using TCP
00000012.00209285 0fea2360 Fri Jul 20 2018 08:38:09 7 +01:00 [kern_secd:info:5480] [ 7] Successfully authenticated with DC

00000012.0020e41d 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.336] ERR : RESULT_ERROR_CIFS_SMB_PASSWORD_MUST_CHANGE:335 in handleAuthenticateMsg() at src/NtlmsspCtx.cpp:912
00000012.0020e41e 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.344] ERR : RESULT_ERROR_CIFS_SMB_PASSWORD_MUST_CHANGE:335 in acceptContext() at src/NtlmsspCtx.cpp:296
00000012.0020e41f 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.352] ERR : RESULT_ERROR_CIFS_SMB_PASSWORD_MUST_CHANGE:335 in acceptContext() at src/SpnegoCtx.cpp:244
00000012.0020e420 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.361] ERR : RESULT_ERROR_CIFS_SMB_PASSWORD_MUST_CHANGE:335 in secd_rpc_auth_extended_1_svc() at src/authentication/secd_rpc_auth.cpp:1168
00000012.0020e421 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.372] ERR : CIFS authentication failed { in secd_rpc_auth_extended_1_svc() at src/authentication/secd_rpc_auth.cpp:1196 }
00000012.0020e422 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.389] debug: SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended { in secdSendRpcResponse() at src/server/secd_rpc_server.cpp:1888 }
00000012.0020e423 0ff356d5 Fri Jul 20 2018 08:38:09 +01:00 [kern_secd:info:5480] | [000.015.564] ERR : RESULT_ERROR_CIFS_SMB_PASSWORD_MUST_CHANGE:335 in getFailureCode() at src/utils/secd_thread_task_journal.cpp:348

00000012.00209287 0fea2360 Thu Jul 19 2018 15:53:07 +01:00 [kern_secd:info:5480] [ 9] Login attempt by local user 'Dxxxx\Administrator' using NTLMv1 style security
00000012.00209288 0fea2360 Thu Jul 19 2018 15:53:07 +01:00 [kern_secd:info:5480] **[ 10] FAILURE: CIFS authentication failed

++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thanks,

-AP