2015-11-13 08:50 AM
I have a question about the use of the “options security.admin.authentication” configuration. In what context is the “internal” option used? If I’m only interested in the use of the passwd for authentication and the nsswitch.conf has the following:
passwd: files nis ldap
Doesn’t the “passwd: files” serve the same purpose as the “internal” option? I’m setting up a 8.2.2, 7-mode, filer for SFTP and it appears the common setting for the security.admin.authentication is either “nsswitch” or “nsswitch, internal”. I’m trying to understand the logic since currently I’m functioning in a CIFS and NFS environment under the “internal” option.
Sorry for the incorrect label, I'm a newbie to this.
Solved! SEE THE SOLUTION
2015-11-15 12:57 PM
internal means for the users configured with the context of "useradmin" command.
nsswitch refer to all the external (files, name & directory services).
2015-11-16 12:55 PM
But according to TR-3490, NetApp Storage System Multiprotocol User Guide, in the nsswitch.conf the "files" option refers to "local files", hence my question about what is "internal" on the security.admin.authentication doing that is different than a "files" configuration on the nsswitch.conf?
2015-11-16 08:41 PM
2015-11-17 03:29 AM
internal = useradmin commands (saved internally in a db)
nsswitch.conf look like the following, and defines the order of search for each entity. "Files" refer to a filename in etc with same name as the configuration title. /etc/hosts for 'hosts:, /etc/passwd to 'passwd:'
filer*> rdfile /etc/nsswitch.conf
#Auto-generated by setup Sat Mar 24 10:02:44 GMT 2012
hosts: files nis dns
passwd: files nis ldap
netgroup: files nis ldap
group: files nis ldap
shadow: files nis
2015-11-17 02:08 PM
So the security.admin.authentication “internal” is for administrators that can have access to the NetApp and its internal configuration. "Internal" has its account via the “useradmin user add …” command and resides in an internal db.
The security.admin.authentication “nsswitch” can point to the configuration of the /etc/passwd file via “passwd:files”, and is for access to shares/exports and can also point a user to their home directory, such as a designated directory for FTP access.
Is this the gist of it?
Nice explanation of <filename>:files=/etc/<filename> in nsswitch.conf.