Subscribe
Highlighted
Accepted Solution

LDAP Authentication

Can Anyone help me with setting up LDAP authentication on on Command System Manager? I want my AD users to login to system manager using their ad credentials and make configuration changes or monitor as per the permissions given to them.

I have done the following step

cluster1::> security login domain-tunnel create -vserver vs0
cluster1::> security login create -vserver cluster1 -user-or-group-name DOMAIN1\Administrator -application ssh -authmethod domain

After these also i am not able to login to the cluster via ssh using the administrator user
Can anyone help

Re: LDAP Authentication

What you've provided looks correct given you have set the role where they have access to do what they need.

 

Double check your cifs settings (cifs show) on the svm and make sure everything is correct there.

Re: LDAP Authentication

Hi @Anirban

 

Please also create http and ontapapi accounts.

 

security login create -user-or-group-name DOMAIN1\Administrator -application http -authmethod domain -role admin -vserver Cluster1

 

security login create -user-or-group-name DOMAIN1\Administrator -application ontapi -authmethod domain -role admin -vserver Cluster1

 

Please try the above commands. After that you can able to log in using system manager.

Re: LDAP Authentication

Hi @Anirban

 

You will not use ssh to login to the cluster via system manager. SSH is only for command line.

Re: LDAP Authentication

When you add the other two roles to security login, when you login via the webbrowser you need to login as 

 

domain\userid

password

Re: LDAP Authentication

Thanks for the help everyone. finally got it to work

Re: LDAP Authentication

I am getting the same problem but with ssh from the command line. Everything seemed to work while craeting the cif server etc but I cannot log in using domain and username. Any ideas anyone?

Re: LDAP Authentication

Domain authencation works from SSH, but not with keys

 

You need to do the following

 

security login show -vserver vservername

 

add the domain group to the cluster vserver with ssh as the application

 

security login create blah

 

Then when you login use this

 

domain\username

 

enter password, you should be good to go

Re: LDAP Authentication

he solution did help and i was able to setup AD authentication in most of my Cmode FAS. However it is not happening for 1 particular FAS. AFF8020,

I am able to login to cluster shell via ssh using my domain id/pass but in GUI its not happening , always showing the message invalid userid and Admin.

i am using domain\username to login to GUI..but its always showing invalid credentials...using same creds i can login ia putty


Yes i used the security login for hhtp and ontapi as well.

Any help would be appreciated..really stuck here.

Re: LDAP Authentication

Hi @Anirban

 

Can you please post the output of

 

sec login show