Solved: Re: LDAP Authentication

Anirban · ‎2017-01-25

Can Anyone help me with setting up LDAP authentication on on Command System Manager? I want my AD users to login to system manager using their ad credentials and make configuration changes or monitor as per the permissions given to them.

I have done the following step

cluster1::> security login domain-tunnel create -vserver vs0
cluster1::> security login create -vserver cluster1 -user-or-group-name DOMAIN1\Administrator -application ssh -authmethod domain

After these also i am not able to login to the cluster via ssh using the administrator user
Can anyone help

Naveenpusuluru · ‎2017-01-25

Hi @Anirban

Please also create http and ontapapi accounts.

security login create -user-or-group-name DOMAIN1\Administrator -application http -authmethod domain -role admin -vserver Cluster1

security login create -user-or-group-name DOMAIN1\Administrator -application ontapi -authmethod domain -role admin -vserver Cluster1

Please try the above commands. After that you can able to log in using system manager.

View solution in original post

bsnyder27 · ‎2017-01-25

What you've provided looks correct given you have set the role where they have access to do what they need.

Double check your cifs settings (cifs show) on the svm and make sure everything is correct there.

Naveenpusuluru · ‎2017-01-25

Hi @Anirban

Please also create http and ontapapi accounts.

security login create -user-or-group-name DOMAIN1\Administrator -application http -authmethod domain -role admin -vserver Cluster1

security login create -user-or-group-name DOMAIN1\Administrator -application ontapi -authmethod domain -role admin -vserver Cluster1

Please try the above commands. After that you can able to log in using system manager.

Naveenpusuluru · ‎2017-01-25

Hi @Anirban

You will not use ssh to login to the cluster via system manager. SSH is only for command line.

JGPSHNTAP · ‎2017-01-25

When you add the other two roles to security login, when you login via the webbrowser you need to login as

domain\userid

password

Anirban · ‎2017-01-25

Thanks for the help everyone. finally got it to work

DarrenB · ‎2017-03-14

I am getting the same problem but with ssh from the command line. Everything seemed to work while craeting the cif server etc but I cannot log in using domain and username. Any ideas anyone?

JGPSHNTAP · ‎2017-03-14

Domain authencation works from SSH, but not with keys

You need to do the following

security login show -vserver vservername

add the domain group to the cluster vserver with ssh as the application

security login create blah

Then when you login use this

domain\username

enter password, you should be good to go

Anirban · ‎2017-03-21

he solution did help and i was able to setup AD authentication in most of my Cmode FAS. However it is not happening for 1 particular FAS. AFF8020,

I am able to login to cluster shell via ssh using my domain id/pass but in GUI its not happening , always showing the message invalid userid and Admin.

i am using domain\username to login to GUI..but its always showing invalid credentials...using same creds i can login ia putty

Yes i used the security login for hhtp and ontapi as well.

Any help would be appreciated..really stuck here.

Naveenpusuluru · ‎2017-03-22

Hi @Anirban

Can you please post the output of

sec login show

Anirban · ‎2017-03-22

@Naveenpusuluru

georgevj · ‎2017-05-29

"Console" Application type is missing.

"You must have a cluster user account configured with the admin role and the http, ontapi, and console application types."

https://library.netapp.com/ecmdocs/ECMLP2348035/html/frameset.htmlt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.