Subscribe

cDOT and na_server_style NA_STYLE_RPC

Hi all.

 

We have plenty own-developed NetApp management tools, which run on Windows clients and use the "NA_STYLE_RPC" authentication with the ONTAP 7-Mode systems.

The same tools do not work with cDOT. And also the SDK binary "apitest.exe" seems to confirm the problem:

 

C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r myold2040 system-get-version
<results status="passed">
        <version>NetApp Release 8.1.4P8 7-Mode: Wed Feb  4 02:09:24 PST 2015</version>
        <is-clustered>false</is-clustered>
</results>


C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r mynewer6240 system-get-version
<results status="passed">
        <version>NetApp Release 8.1.4P8 7-Mode: Wed Feb  4 02:08:52 PST 2015</version>
        <is-clustered>false</is-clustered>
</results>


C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r mynew8060 system-get-version
<results reason="RPC Error - The RPC server is unavailable. " errno="13011" status="failed"/>

 

 

In SDK --> "Session Management APIs" --> na_server_style we have this:

If style=NA_STYLE_RPC, your code should run on the Windows system so that a native Windows authentication based on remote procedure call is used. This is applicable for Data ONTAP APIs only.

 

Question: Can someone comment and/or confirm if the cDOT NA_STYPE_RPC auth should work (or does somewhere?!?!?) and if so, how (options, SMB versions, special/new API capabilities, Windows version on the client and AD server, ...)

 

Thanks a bunch

 Anton Oks

 

P.S.: No, we don't have WAN optimization in that environment Smiley Wink

 

 

Re: cDOT and na_server_style NA_STYLE_RPC

Hello NetApp SDK team and/or community....

 

We still need the same passwordless authentification on 7Mode AND cDOT. Any news about WinRPC/cDOT?! Or will you, NetApp, bring the cert-based auth to 7Mode?!

 

Regards

 Anton Oks

Re: cDOT and na_server_style NA_STYLE_RPC

from documentation, FYI.

api.PNG

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

Re: cDOT and na_server_style NA_STYLE_RPC

Thanks georgevj.

 

Well, strong indicator that it is not working, confirmed, but it's the APITEST docu only Smiley Wink So in theory it could be that only the tool doesn't support it, right :O

 

Could someone then send a statement how the same passwordless authentication can be done for both 7Mode and cDOT APIs? Because, you for sure understand, we talk "chicken/egg" here.. I can only know if the Netapp is 7Mode or cDOT AFTER I connected to it... and I cannot (passwordless) connect to check this because I don't know if WinRPC or CERT should work....

 

Regards

 Anton Oks

 

Re: cDOT and na_server_style NA_STYLE_RPC

Are you sure the same code will work for both 7 mode and cluster mode?

I think you may need a different set of api commands for them.

 

What about something like this?

 

connect via rpc and check version

if succeeded

{ 7mode_ok; }

Else

{

Connect via cert and check version

               If succeeded

                              { C-mode_ok; }

                              Else

                              { print error and exit; }

}

If  7mode_ok

               {

               Do your stuff for 7 mode

               }

If C-mode_ok

               {

               Do your stuff for C mode

               }

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

Re: cDOT and na_server_style NA_STYLE_RPC

That's exaactly what I do... I check with "na_results_errno" for "13011", which is "ERROR (13011): RPC Error - The RPC server is unavailable." and then try to talk to a cDOT again, check result and so on... BUT the tools run much longer now and this is an ugly hack and very error prone!

 

I think NetApp can and should do better then this (offer the same consistent "passwordless" way!)...