Subscribe

New-NAUser on vfiler

Hello All,

I have written a script that will create a vfiler and then configure based on a number of params. Once the vfiler has been created, I run teh following:

connect-nacontroller $controller -vfiler $vfilerhost

And then try to run:

New-NaUser Support $passwd Administrators

This then fails with New-NaUser : Could not add user <Support>. Error: User cannot access group(s)

However it does work when I connect using

connect-nacontroller $vfilerhost -HTTP

I have read on another forum post that may be down to me tunneling through the controller to the vfiler. Will this issue be resolved in later versions?

In my environment, my orchestration/automation host will not be in the same vlan as the vfiler, so connecting directly will not be possible. Unless of course I put it into a provisioning network first. Reconfigs will be a nightmare though.

Thanks

Paul

Re: New-NAUser on vfiler

Hey Paul,

What version of Data ONTAP are you running? It's working on the latest build.

[0:419]≥ Connect-NaController starbuck

Name                 Address           Ontapi   Version

----                 -------           ------   -------

starbuck             10.58.92.217      1.15     NetApp Release 8.1 7-Mode: Thu Mar 29 13:56:17 PDT 2012

[0:420]≥ Get-NaVfiler

Name                      Status         Ipspace              VfnetCount VfstoreCount AdminHost

----                      ------         -------              ---------- ------------ ---------

vfiler0                   running        default-ipspace               5            1

vfstarbuck0               running        default-ipspace               3            1

vfstarbuck1               running        default-ipspace               3            1

[0:421]≥ Connect-NaController starbuck -Vfiler vfstarbuck0

Name                 Address           Ontapi   Version

----                 -------           ------   -------

starbuck             10.58.92.217      1.15     NetApp Release 8.1 7-Mode: Thu Mar 29 13:56:17 PDT 2012 Multistore

[0:422]≥ Get-NaGroup

Name                 Comment                                  Roles

----                 -------                                  -----

Administrators       Members can fully administer the filer   {admin}

Backup Operators     Members can bypass file security to b... {backup}

Compliance Admini... Members can perform compliance operat... {compliance}

Guests               Users granted Guest Access               {none}

Power Users          Members that can share directories       {power}

Replicators          not supported                            {none}

Users                Ordinary Users                           {audit}

[0:423]≥ New-NaUser support -Password Password123 -Groups Administrators

Name                 Comment                                  Groups

----                 -------                                  ------

support                                                       {Administrators}

Hope that helps,

~Glenn

Re: New-NAUser on vfiler

Hi Glen,


I am running 1.31 :

Name                 Address           Ontapi   Version

----                 -------           ------   -------

Filer       192.168.10.80     1.13     NetApp Release 8.0.2 7-Mode: Mon Jun 13 14:13:45 PDT 2011

I get the following issues:

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> get-nagroup

Name                 Comment                                  Roles
----                 -------                                  -----
Administrators       Members can fully administer the filer   {admin}
Backup Operators     Members can bypass file security to b... {backup}
Compliance Admini... Members can perform compliance operat... {compliance}
Guests               Users granted Guest Access               {none}
Power Users          Members that can share directories       {power}
Replicators          not supported                            {none}
Users                Ordinary Users                           {audit}


PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> get-navfiler

Name                      Status         Ipspace              VfnetCount VfstoreCount AdminHost
----                      ------         -------              ---------- ------------ ---------
TEST                   running        default-ipspace               1            1
SCOM-FILER                running        default-ipspace               1            2
vfiler0                   running        default-ipspace               5            1


PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> connect-nacontroller 192.168.10.80 -vfiler SCOM-FILER

Name                 Address           Ontapi   Version
----                 -------           ------   -------
192.168.10.80        192.168.10.80     1.13     NetApp Release 8.0.2 7-Mode: Mon Jun 13 14:13:45 PDT 2011 Multistore


PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> get-nagroup

Name                 Comment                                  Roles
----                 -------                                  -----
Administrators       Members can fully administer the filer   {admin}
Backup Operators     Members can bypass file security to b... {backup}
Compliance Admini... Members can perform compliance operat... {compliance}
Guests               Users granted Guest Access               {none}
Power Users          Members that can share directories       {power}
Replicators          not supported                            {none}
Users                Ordinary Users                           {audit}


PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> new-nauser Test Letmein123 Administrators
New-NaUser : Could not add user <Test>. Error: User cannot access group(s)
At line:1 char:11
+ new-nauser <<<<  Test Letmein123 Administrators
    + CategoryInfo          : InvalidOperation: (192.168.10.80:NaController) [New-NaUser], EINTERNALERROR
    + FullyQualifiedErrorId : ApiException,DataONTAP.PowerShell.SDK.Cmdlets.Useradmin.NewNaUser

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1>

So I should be updating to 1.51?

Thanks

Paul

Re: New-NAUser on vfiler

Hi Paul,

The version you show is just the ONTAP API version (1.13 corresponds to ONTAP 8.0.x btw).  You can get the version of the PowerShell Toolkit you are running with the Get-Module cmdlet:

PS C:\> get-module dataontap | ft Name, Version

Name             Version

----             -------

DataOntap        2.0.0

Running the current version of the toolkit definitely helps us support you quicker.

Cheers,

Eric

Re: New-NAUser on vfiler

Hi Eric,

I am running 2.0.0:

Name                                                        Version

----                                                        -------

DataONTAP                                                   2.0.0

Thanks

Paul

Re: New-NAUser on vfiler

Paul that looks like a permissions issue.  If you are tunneling through the physical controller, you may need to make sure that your user ID has administrative privileges on the physical controller.

I'm not sure from your script if you are using your Windows credential (via RPC) or a cached credential (i.e. that you added with Add-NaCredential).

Re: New-NAUser on vfiler

Ahh it could be permissions. I basically connect using RPC, which will then run as the windows account I am logged in as (in this case System Centre Orchestrator account).

I will add that account to the administrators group and give that a try.

Cheers

Paul