3 Replies Latest reply: Jun 26, 2013 5:00 AM by cecil RSS

Computer account from other forest can't access installation share on netapp cifs share

mbernards Novice
Currently Being Moderated

This is driving me nuts.

 

We have moved our installation sources from a regular W2K3 server to a NetApp filer

We have a special in house created tool to let our Windows 7 user elevate their rights to "NT Autority\Local System" and run specific setups from the NetApp

The computer then uses it's computer account to access the resources.

 

This works fine, except for computers which belongs to another forest. We have full trust between the forests.

 

I tried to add OTHERDOMAIN\Domain Computers to the share and even OTHERDOMAIN\PCNAME$ and the netapp accepts that as valid account.

 

I enabled cifs.guest account and added that to the share permissions, still not workin.

 

I enabled autiting and the autit log seems to give event ID 537 (Unexpected Error) when trying to access the share.:

 

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date:  20-4-2011
Time:  10:47:59
User:  N/A
Computer: NAS00
Description:
Logon Failure:
  Reason:  An unexpected error occurred during logon
  User Name: -
  Domain:  -
  Logon Type: 3
  Logon Process: Data ONTAP
  Authentication Package: Extended Security
  Workstation Name: -
  Status code: -
  Substatus code: -
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: 0
  Transited Services: -
  Source Network Address: 192.168.1.111

  Source Port: 0
  Caller Process Name: -

 

I tried to access the share using a remote command session on the PC and it reports 1223: Invalid Password.

 

Is it even possible to let computer accounts from other forest access an application share ?

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points