2017-09-20 11:29 AM
ONTAP Recipes: Did you know you can…?
Easily manage NetApp Storage with your corporate (NIS or LDAP) login credentials
This recipe will help you setup NetApp Storage admin accounts that are based on your current login accounts served by your corp LDAP or NIS Directory server. Such users can login to ONTAP for management access, using the same credentials that allow them to access the corporate network.
a. Ensure that the required network settings [ipaddr, netmask, route, DNS et.al] are in place and the NIS/LDAP server is reachable from the interface(s) configured for the SVM [administrative and/or data SVM]
b. Ensure that the directory server [LDAP/NIS] is configured for the SVM
c. Ensure that the lookup for password database in the name services’ ns-switch settings for the SVM, includes the NIS/LDAP as source and is in the preferred order for lookup
d. The ONTAP user account to be created has to be a valid user account defined at the NIS/LDAP directory server
2. Create the admin account in ONTAP choosing appropriate application protocol [http, console, ssh etc] and choose the authentication method as “nsswitch”
Example: Creating the user “user_nis_ssh” for SSH application with “admin” role privileges for cluster SVM “cluster-1_2” specifying the source of authentication as NIS server.
a. Create the ONTAP user account in the security login table choosing the application, authentication method, role and SVM
Cluster-1_2::> security login create -user-or-group-name user_nis_ssh -authentication-method nsswitch -application ssh -role admin -vserver Cluster-1_2
b. Verify the user is created for the SVM
Cluster-1_2::> security login show
User/Group Authentication Acct
Name Application Method Role Name Locked
-------------- ----------- ------------- ------ --------
admin console password admin no
admin http password admin no
admin ontapi password admin no
admin service-processor password admin no
admin ssh password admin no
user_nis_ssh ssh nsswitch admin -
c. Verify the login from a client machine using the created user’s credentials
Client-host-machine>ssh ssh user_nis_ssh@ Cluster-1_2
Cluster-1_2::> security login whoami
Note: Often, authentication does not work as expected due to incomplete/wrong name-services configuration. Ensure you have the right DNS, NIS/LDAP, ns-switch settings.
For more information, see the ONTAP 9 documentation center
2017-09-24 10:09 PM
Thanks for sharing this information.