How to Pass CIFS Server Password for AES Encryption | NetApp | Page 1

fiery knoll Jan 29, 2025, 4:06 PM

#

Hi everyone,

I’m trying to enable AES encryption for a CIFS server using the netapp.ontap.na_ontap_rest_cli module in Ansible. However, I’m encountering the following error:

Error: {'message': 'In order to enable CIFS AES encryption, the password for the CIFS server machine account must be reset. Enter the username and password for the CIFS domain "DOMAIN.NET".', 'code': '655605'}

Here is the relevant part of my playbook:

- name: Modify CIFS security
  netapp.ontap.na_ontap_rest_cli:
    hostname: "{{ cluster_fqdn }}"
    username: "{{ username }}"
    password: "{{ password }}"
    command: 'vserver/cifs/security'
    verb: 'PATCH'
    params:
      vserver: "{{ vserver_name }}"
      body: {'is_aes_encryption_enabled': true}
  register: result

I understand that there is na_ontap_vserver_cifs_security module available, but it requires ZAPI, which is no longer supported in higher versions of ONTAP. Because of this, I’m trying to use the REST CLI-based module instead.

How can I include the CIFS server account password in my playbook using the na_ontap_rest_cli module? Is there an additional parameter or workaround I need to use to pass these credentials successfully?

Thanks in advance for your guidance!

lusty mist Jan 30, 2025, 4:22 AM

#

@fiery knoll As you mentioned module na_ontap_vserver_cifs_security supports only ZAPI.
You can try na_ontap_cifs_server for REST.

fiery knoll Feb 4, 2025, 9:12 AM

#

it worked

#

kdc_encryption => is-aes-encryption-enabled

#How to Pass CIFS Server Password for AES Encryption