https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112173#M23768 <P>We have 20+ cmode clusters spread across the Enterprise. &nbsp;Has anyone came up with a way to change admin passwords using some form of scripting. &nbsp;On 7mode we used to used DFM to coordiate the password change across the globe. &nbsp;However with Cmode we have not come up with a way to change the passwords easily without connecting to each machine. &nbsp;</P><P>&nbsp;</P><P>Our requirements are:</P><P>&nbsp;</P><P>Must be auditable, we must provide proof of password change success (We use command log)</P><P>we are talking the cluster admin, not vserver admin</P><P>We do the change every 30 days.</P><P>We run it on 20+ clusters.</P><P>&nbsp;</P><P>The entire environment is Cmode Ontap 8.3.</P><P>&nbsp;</P><P>Throwing this out here so I dont have to recreate the wheel.</P> Wed, 04 Nov 2015 20:28:36 GMT mrcwillis 2015-11-04T20:28:36Z https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112173#M23768 <P>We have 20+ cmode clusters spread across the Enterprise. &nbsp;Has anyone came up with a way to change admin passwords using some form of scripting. &nbsp;On 7mode we used to used DFM to coordiate the password change across the globe. &nbsp;However with Cmode we have not come up with a way to change the passwords easily without connecting to each machine. &nbsp;</P><P>&nbsp;</P><P>Our requirements are:</P><P>&nbsp;</P><P>Must be auditable, we must provide proof of password change success (We use command log)</P><P>we are talking the cluster admin, not vserver admin</P><P>We do the change every 30 days.</P><P>We run it on 20+ clusters.</P><P>&nbsp;</P><P>The entire environment is Cmode Ontap 8.3.</P><P>&nbsp;</P><P>Throwing this out here so I dont have to recreate the wheel.</P> Wed, 04 Nov 2015 20:28:36 GMT https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112173#M23768 mrcwillis 2015-11-04T20:28:36Z https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112182#M23771 <P>Since we don't have that many clusters, we still do ours by hand, so, in that sense, I have nothing to help you with here (You're welcome!) other than to say I'd probably write something in `expect` to do it.</P><P>&nbsp;</P><P>Though, for the paranoia level of 'every 30 days' demonstrates, there's probably a lot of changes you'd want to do.</P><P>* change admin's password</P><P>* audit the allowed keys against an external key repo</P><P>* change diag's password</P><P>* change DFM/oncommand's password</P><P>* change VSC's password (if applicable)</P><P>* change the cluster switch passwords</P> Wed, 04 Nov 2015 22:45:47 GMT https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112182#M23771 FULLSTEAM 2015-11-04T22:45:47Z https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112184#M23772 <P>Via powershell or WFA ...</P><P>&nbsp;</P><P>every 30 days is kind of crazy...I assume you only mean the admin account</P> Wed, 04 Nov 2015 23:49:38 GMT https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/112184#M23772 JGPSHNTAP 2015-11-04T23:49:38Z https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/155583#M35054 <P>how to set this up with the WFA tool?</P> Thu, 16 Apr 2020 08:47:05 GMT https://community.netapp.com/t5/ONTAP-Discussions/Scripted-password-change/m-p/155583#M35054 Stefan_K 2020-04-16T08:47:05Z