Active IQ Unified Manager Discussions

LDAP Authentication

Anirban
16,554 Views

Can Anyone help me with setting up LDAP authentication on on Command System Manager? I want my AD users to login to system manager using their ad credentials and make configuration changes or monitor as per the permissions given to them.

I have done the following step

cluster1::> security login domain-tunnel create -vserver vs0
cluster1::> security login create -vserver cluster1 -user-or-group-name DOMAIN1\Administrator -application ssh -authmethod domain

After these also i am not able to login to the cluster via ssh using the administrator user
Can anyone help

1 ACCEPTED SOLUTION

Naveenpusuluru
16,536 Views

Hi @Anirban

 

Please also create http and ontapapi accounts.

 

security login create -user-or-group-name DOMAIN1\Administrator -application http -authmethod domain -role admin -vserver Cluster1

 

security login create -user-or-group-name DOMAIN1\Administrator -application ontapi -authmethod domain -role admin -vserver Cluster1

 

Please try the above commands. After that you can able to log in using system manager.

View solution in original post

11 REPLIES 11

bsnyder27
16,375 Views

What you've provided looks correct given you have set the role where they have access to do what they need.

 

Double check your cifs settings (cifs show) on the svm and make sure everything is correct there.

Naveenpusuluru
16,537 Views

Hi @Anirban

 

Please also create http and ontapapi accounts.

 

security login create -user-or-group-name DOMAIN1\Administrator -application http -authmethod domain -role admin -vserver Cluster1

 

security login create -user-or-group-name DOMAIN1\Administrator -application ontapi -authmethod domain -role admin -vserver Cluster1

 

Please try the above commands. After that you can able to log in using system manager.

Naveenpusuluru
16,360 Views

Hi @Anirban

 

You will not use ssh to login to the cluster via system manager. SSH is only for command line.

JGPSHNTAP
16,329 Views

When you add the other two roles to security login, when you login via the webbrowser you need to login as 

 

domain\userid

password

Anirban
16,275 Views

Thanks for the help everyone. finally got it to work

DarrenB
16,011 Views

I am getting the same problem but with ssh from the command line. Everything seemed to work while craeting the cif server etc but I cannot log in using domain and username. Any ideas anyone?

JGPSHNTAP
16,003 Views

Domain authencation works from SSH, but not with keys

 

You need to do the following

 

security login show -vserver vservername

 

add the domain group to the cluster vserver with ssh as the application

 

security login create blah

 

Then when you login use this

 

domain\username

 

enter password, you should be good to go

Anirban
15,912 Views

he solution did help and i was able to setup AD authentication in most of my Cmode FAS. However it is not happening for 1 particular FAS. AFF8020,

I am able to login to cluster shell via ssh using my domain id/pass but in GUI its not happening , always showing the message invalid userid and Admin.

i am using domain\username to login to GUI..but its always showing invalid credentials...using same creds i can login ia putty


Yes i used the security login for hhtp and ontapi as well.

Any help would be appreciated..really stuck here.

Naveenpusuluru
15,889 Views

Hi @Anirban

 

Can you please post the output of

 

sec login show

Anirban
10,837 Views

georgevj
10,713 Views

"Console" Application type is missing.

 

 

 

"You must have a cluster user account configured with the admin role and the http, ontapi, and console application types."

 

 

https://library.netapp.com/ecmdocs/ECMLP2348035/html/frameset.htmlt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.
Public