ONTAP 9 System Manager, Active Directory Authentication


I'm running a Cdot 9 simulator.

setup ldap + ldap client + nsswitch . Disabled NIS.

Want to map win-name to the same name in unix, without using nis


ldap client show -client-config ldapsvm01 -ad-domain

                                  Vserver: fnxdeb100_svm01
                Client Configuration Name: ldapsvm01
                         LDAP Server List: -
                  Active Directory Domain:
       Preferred Active Directory Servers:
Bind Using the Vserver's CIFS Credentials: true
                          Schema Template: RFC-2307
                         LDAP Server Port: 389
                      Query Timeout (sec): 3
        Minimum Bind Authentication Level: sasl
                           Bind DN (User): myuser
                                  Base DN: DC=fn2,DC=XXXXX,DC=com
                        Base Search Scope: subtree
                                  User DN: -
                        User Search Scope: subtree
                                 Group DN: -
                       Group Search Scope: subtree
                              Netgroup DN: -
                    Netgroup Search Scope: subtree
               Vserver Owns Configuration: true
      Use start-tls Over LDAP Connections: false
           Enable Netgroup-By-Host Lookup: false
                      Netgroup-By-Host DN: -
                   Netgroup-By-Host Scope: subtree
                  Client Session Security: none



ldapsearch on client shows fields uid uidnumber gidnumber etc :


sAMAccountName: bentele_test

uid: 2019
gidNumber: 123456
uidNumber: 2019




 diag secd authentication translate -node fnxdeb100-01 -vserver fnxdeb100_svm01 -uid 2019

Vserver: fnxdeb100_svm01 (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
  [  5 ms] Successfully connected to ip, port 389 using
**[    10] FAILURE: User ID '2019' not found in UNIX authorization
**         source LDAP.
  [    10] Entry for user-id: 2019 not found in the current source:
           LDAP. Ignoring and trying next available source
  [    11] Entry for user-id: 2019 not found in the current source:
           FILES. Entry for user-id: 2019 not found in any of the
           available sources
  [    11] Unable to retrieve UNIX username for UID 2019




vserver services name-service ns-switch show
Vserver         Database       Order
--------------- ------------   ---------
fnxdeb100       hosts          files,
fnxdeb100       group          files
fnxdeb100       passwd         files
fnxdeb100_svm01 hosts          dns,
fnxdeb100_svm01 group          ldap,
fnxdeb100_svm01 passwd         ldap,
fnxdeb100_svm01 netgroup       files
fnxdeb100_svm01 namemap        ldap


QUESTION : How do I activate

UNIX authorization  source LDAP.


so , that instead of


diag secd authentication show-creds -node fnxdeb100-01 -vserver fnxdeb100_svm01 -win-name bentele_test -list-name  true

 UNIX UID: pcuser <> Windows User: FN2\bentele_test (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:




UNIX UID : bentele_test Windows User: FN2\bentele_test

is mapped




Thank you



Re: ONTAP 9 System Manager, Active Directory Authentication



Hope this document helps 



If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: ONTAP 9 System Manager, Active Directory Authentication



Thank you very much for the reply.

I'm sorry  thats not the solution i've searched,


I don't want an admin user key but a "normal" windows user being mapped.


best Regards