topic Windows LDAP Authentication for Cluster Admin in ONTAP Discussions https://community.netapp.com/t5/ONTAP-Discussions/Windows-LDAP-Authentication-for-Cluster-Admin/m-p/440975#M41668 <P>Hello,</P><P>&nbsp;</P><P>Customer want to use AD ldap for cluster admin login follow KB&nbsp;<A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_configure_LDAP_Authentication_for_Cluster_(Admin)_SVM" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_configure_LDAP_Authentication_for_Cluster_(Admin)_SVM</A>&nbsp;but failed. Customer exist AD ldap auth Hitachi storage admin login no problem, they did not want to use CIFS tunnel.</P><P>&nbsp;</P><P>I test KB in my simulator still failed with below setting.</P><P>-&nbsp;schema copy AD-IDMU to AD-IDMU-lab and change groupOfUniqueNames, uniqueMember and Name Mapping windowsAccount</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_1-1673859781306.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24991iE97ADE5693D3F9F7/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_1-1673859781306.png" alt="chinchillaking_1-1673859781306.png" /></span></P><P>- setup ldap client as below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_0-1673859689788.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24990i888FAD0BD205D79F/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_0-1673859689788.png" alt="chinchillaking_0-1673859689788.png" /></span></P><P>- modify name-services as below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_2-1673859948849.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24992iF5156B7706E7B1C3/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_2-1673859948849.png" alt="chinchillaking_2-1673859948849.png" /></span></P><P>- t<SPAN>est UNIX credentials are pulled correctly from Windows AD LDAP</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_3-1673860040040.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24993iB4597EDF37F547C1/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_3-1673860040040.png" alt="chinchillaking_3-1673860040040.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_4-1673860115963.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24994i7D13FD970DCABBED/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_4-1673860115963.png" alt="chinchillaking_4-1673860115963.png" /></span></P><P>- check the ldap status no problem</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_5-1673860181330.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24995iAF99CF9BC94AC5B5/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_5-1673860181330.png" alt="chinchillaking_5-1673860181330.png" /></span></P><P>- security login account add in cluster</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_6-1673860237218.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24996i9062980800CF6A23/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_6-1673860237218.png" alt="chinchillaking_6-1673860237218.png" /></span></P><P>-&nbsp;Install Identity Management for UNIX, Server for NIS and Password Synchronization</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_7-1673860449829.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24997i5D6CBD672BBBCC6B/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_7-1673860449829.png" alt="chinchillaking_7-1673860449829.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_8-1673860465366.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24998iF556D829C23EF631/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_8-1673860465366.png" alt="chinchillaking_8-1673860465366.png" /></span></P><P>- reset hvadmin password trigger password synchronization, the unixUserPassword update</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_9-1673860522571.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24999i0A8624AD161BD121/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_9-1673860522571.png" alt="chinchillaking_9-1673860522571.png" /></span></P><P>- try login ssh display "Access denied" or system manager and display "<SPAN>Sign In Failed. Please verify Username and Password."</SPAN></P><P><SPAN>- when login with hvadmin,&nbsp;wireshark display it will query ldap but event log not much info troubleshoot</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_10-1673861028053.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/25000i2DF262DBB731EABF/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_10-1673861028053.png" alt="chinchillaking_10-1673861028053.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_11-1673861170335.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/25001i528E8F2CE04CE7D1/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_11-1673861170335.png" alt="chinchillaking_11-1673861170335.png" /></span></P><P>&nbsp;</P><P>any advise?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 04 Jun 2025 09:54:11 GMT chinchillaking 2025-06-04T09:54:11Z Windows LDAP Authentication for Cluster Admin https://community.netapp.com/t5/ONTAP-Discussions/Windows-LDAP-Authentication-for-Cluster-Admin/m-p/440975#M41668 <P>Hello,</P><P>&nbsp;</P><P>Customer want to use AD ldap for cluster admin login follow KB&nbsp;<A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_configure_LDAP_Authentication_for_Cluster_(Admin)_SVM" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_configure_LDAP_Authentication_for_Cluster_(Admin)_SVM</A>&nbsp;but failed. Customer exist AD ldap auth Hitachi storage admin login no problem, they did not want to use CIFS tunnel.</P><P>&nbsp;</P><P>I test KB in my simulator still failed with below setting.</P><P>-&nbsp;schema copy AD-IDMU to AD-IDMU-lab and change groupOfUniqueNames, uniqueMember and Name Mapping windowsAccount</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_1-1673859781306.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24991iE97ADE5693D3F9F7/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_1-1673859781306.png" alt="chinchillaking_1-1673859781306.png" /></span></P><P>- setup ldap client as below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_0-1673859689788.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24990i888FAD0BD205D79F/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_0-1673859689788.png" alt="chinchillaking_0-1673859689788.png" /></span></P><P>- modify name-services as below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_2-1673859948849.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24992iF5156B7706E7B1C3/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_2-1673859948849.png" alt="chinchillaking_2-1673859948849.png" /></span></P><P>- t<SPAN>est UNIX credentials are pulled correctly from Windows AD LDAP</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_3-1673860040040.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24993iB4597EDF37F547C1/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_3-1673860040040.png" alt="chinchillaking_3-1673860040040.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_4-1673860115963.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24994i7D13FD970DCABBED/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_4-1673860115963.png" alt="chinchillaking_4-1673860115963.png" /></span></P><P>- check the ldap status no problem</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_5-1673860181330.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24995iAF99CF9BC94AC5B5/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_5-1673860181330.png" alt="chinchillaking_5-1673860181330.png" /></span></P><P>- security login account add in cluster</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_6-1673860237218.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24996i9062980800CF6A23/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_6-1673860237218.png" alt="chinchillaking_6-1673860237218.png" /></span></P><P>-&nbsp;Install Identity Management for UNIX, Server for NIS and Password Synchronization</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_7-1673860449829.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24997i5D6CBD672BBBCC6B/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_7-1673860449829.png" alt="chinchillaking_7-1673860449829.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_8-1673860465366.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24998iF556D829C23EF631/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_8-1673860465366.png" alt="chinchillaking_8-1673860465366.png" /></span></P><P>- reset hvadmin password trigger password synchronization, the unixUserPassword update</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_9-1673860522571.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/24999i0A8624AD161BD121/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_9-1673860522571.png" alt="chinchillaking_9-1673860522571.png" /></span></P><P>- try login ssh display "Access denied" or system manager and display "<SPAN>Sign In Failed. Please verify Username and Password."</SPAN></P><P><SPAN>- when login with hvadmin,&nbsp;wireshark display it will query ldap but event log not much info troubleshoot</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_10-1673861028053.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/25000i2DF262DBB731EABF/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_10-1673861028053.png" alt="chinchillaking_10-1673861028053.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="chinchillaking_11-1673861170335.png" style="width: 400px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/25001i528E8F2CE04CE7D1/image-size/medium?v=v2&amp;px=400" role="button" title="chinchillaking_11-1673861170335.png" alt="chinchillaking_11-1673861170335.png" /></span></P><P>&nbsp;</P><P>any advise?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 04 Jun 2025 09:54:11 GMT https://community.netapp.com/t5/ONTAP-Discussions/Windows-LDAP-Authentication-for-Cluster-Admin/m-p/440975#M41668 chinchillaking 2025-06-04T09:54:11Z Re: Windows LDAP Authentication for Cluster Admin https://community.netapp.com/t5/ONTAP-Discussions/Windows-LDAP-Authentication-for-Cluster-Admin/m-p/441100#M41687 <P>I found the problem, Windows AD Schema did not allow search unixUserPassword, change below problem fixed.</P><P>&nbsp;</P><P>ADSI editior &gt; select a well known naming context &gt; Schema &gt; OK &gt; searchFlags Attribute for CN=unixUserPassword change default 128 to 0<BR />right click Schema &gt; Update Schema Now</P> Sat, 21 Jan 2023 10:01:59 GMT https://community.netapp.com/t5/ONTAP-Discussions/Windows-LDAP-Authentication-for-Cluster-Admin/m-p/441100#M41687 chinchillaking 2023-01-21T10:01:59Z