Alright my mates, time to shine.
Here is the Background:
FAS2040-4, Ontap 8.2.3P3 in 7-Mode.
Was up and running fine with a pair of Win 2008 R2 DCs serving CIFS and NFS, the build and entire enterprise is actually only a couple of weeks old so sure to be some unknowns and not done yets.
Here is the problem:
Last week the team built two new Win 2012 DCs, they are AGM builds so really locked down tight security wise. On a scan they are pulling over 90% on a STIG eval out of the box.
But when they demoted the old 2008 R2 DCs my filers went to hell. No connections for CIFS or NFS. Turns out, I wasn't configured for LDAP for one reason but the new DCs require it, and are running NTLMv2.
So after work with NetApp all day I think I have the LDAP issue worked out, problem is, I can connect to a share by hostname, but when I try and connect by IP, the password comes back incorrect for the first 3 attempts and as the attempts run their course to the full 10, it locks my user account in AD and I have to reset it.
Kerberos looks OK, no time mismatch. And I am under the gun for a solution.
Any ideas ?
OH, and it's a military dev network so no connections to the world so no tech support except what I can get over the phone.
Here is the Background:
FAS2040-4, Ontap 8.2.3P3 in 7-Mode.
Was up and running fine with a pair of Win 2008 R2 DCs serving CIFS and NFS, the build and entire enterprise is actually only a couple of weeks old so sure to be some unknowns and not done yets.
Here is the problem:
Last week the team built two new Win 2012 DCs, they are AGM builds so really locked down tight security wise. On a scan they are pulling over 90% on a STIG eval out of the box.
But when they demoted the old 2008 R2 DCs my filers went to hell. No connections for CIFS or NFS. Turns out, I wasn't configured for LDAP for one reason but the new DCs require it, and are running NTLMv2.
So after work with NetApp all day I think I have the LDAP issue worked out, problem is, I can connect to a share by hostname, but when I try and connect by IP, the password comes back incorrect for the first 3 attempts and as the attempts run their course to the full 10, it locks my user account in AD and I have to reset it.
Kerberos looks OK, no time mismatch. And I am under the gun for a solution.
Any ideas ?
OH, and it's a military dev network so no connections to the world so no tech support except what I can get over the phone.