#Create CIFS Server

1 messages · Page 1 of 1 (latest)

lusty crag
#

Hello all,
I am trying to create a CIFS server via the na_ontap_cifs_server module and join it to the domain:

netapp.ontap.na_ontap_cifs_server:
  state: present
  vserver: 
  name: 
  domain: 
  ou: 
  admin_user_name: 
  admin_password: 
  kdc_encryption: True
  session_security: sign
  use_ldaps: False
  service_state: started
  https: true
  use_rest: always

However, I get an error message from AD:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error on creating cifs: calling: protocols/cifs/services: got {'message': 'Failed to create the Active Directory machine account "<SVM>". Reason: Kerberos Error: KDC has no support for encryption type Details: Error: Machine account creation procedure failed\n [ 308] Loaded the preliminary configuration.\n [ 349] Successfully connected to ip 10.150.0.2, port 88 using TCP\n**[ 530] FAILURE: Could not authenticate as\n** \'svc-domainjoin@AD.ABC.DE\': KDC has no support for\n** encryption type (KRB5KDC_ERR_ETYPE_NOSUPP)\n. ', 'code': '655914'}."}

If I run the following two commands on the CLI beforehand, I can then use the playbook to create the CIFS server and join it to the domain:

vserver cifs security modify -vserver <SVM> -session-security-for-ad-ldap sign
vserver cifs security modify -vserver <SVM> -is-aes-encryption-enabled true

What do I need to use as parameters for the module to set these options? I have already tried everything possible, but do not get it right

drowsy ravine
#

That should be correct.

https://docs.netapp.com/us-en/ontap-restmap-9131/cifs.html#cifs-security-get-iter
With the REST API session-security-for-ad-ldap is now session_security
And is-aes-encryption-enabled is now security.kdc_encryption

Could you try this again but enable our REST Debug log (https://github.com/ansible-collections/netapp.ontap/wiki/Debugging)
Which will product a file at this location /tmp/ontap_apis.log

Could you send that file to ng-ansibleteam ng-ansibleteam@netapp.com
This will help me see which API's and which order we called them in. IF the only API we called was the POST for /protcols/cifs/services this might be an issue with the REST API it self.

GitHub
Debugging

Ansible collection to support NetApp ONTAP configuration. - ansible-collections/netapp.ontap

cifs
lusty crag
#

Hello Chris,

I have sent you the requested logfile by mail

drowsy ravine
#

I responded by email but in case anyone else is interested this look like it an issue in the REST API it self. We don't do anything other than a POST, and the POST will created a Job and the job is failing. This look like something that will need to be brought up with teh #1063542514780475493 team