Hi All, We have recently installed NetApp IQ Unified Manager, and in this last week ive upgraded the system to the latest version at this time, 9.16P2. I'm trying to configure the system to use a ca generated certificate rather than the self-generated cert. - Now I dont claim to be any sort of PKI expert, but i have generated lots of certs in my time and got them working. However for this i am sort of stumped. I've used the GUI to generate the CSR file. I've submitted this to our internal CA and i've got a .cer file back. Ive converted it to a .pem file and when i try to upload the cert if gives me the following error. When i install the cert in windows I can see that there is a full chain on the cert. ActiveIQ doesn't appear to be able to see that. I'm guessing its something im doing wrong. Can anyone confirm the steps that do work and i can try again. Or is this a bug?
... View more
For 9.16 still it only shows this as validated providers Shibboleth Active Directory Federation Services (ADFS) When is support for Entra ID or any of the other providers coming for UM? Reason I ask is because we've tried (with less than stellar results) to make this work. Note the word "tried". It works for a bit, then fails for all users and has to be disabled. More or less wondering if SAML is one of those features which might work, but there's no real ongoing validation or testing going on to provide some sort of recommendations for making it reliable. If anyone's using this with no issues, there must be something the docs don't provide. thanks
... View more
Hi All - I have situation here (in C mode), Controller A is down and its sitting at "Waiting for Giveback". Controller B is completely dead. I cann't execute cf give here. In this case how I can make normal boot controller A. Kindly do the needful.
... View more
I'm looking for help on creating some powershell code that retrieves the current DACLs of a volume (or directory path) and stores it as a security descriptor. I had come across this page on the web (http://www.craig-tolley.co.uk/2016/02/09/assigning-permissions-to-a-volume-through-the-netapp-powershell-toolkit/) and it guided me through applying new permissions using the OnTap Powershell toolkit - however I cannot devise a way to modify the code so that an ACE can be removed or added to the ACL (Security Descriptor). I presume it's some combination of Get-NcFileDirectorySecurity and (New-NcFileDirectorySecurityNtfs or Add-NcFileDirectorySecurityNtfsDacl). I've investigated all of the *NcFileDirectorySecurity* cmdlets, and only Get-NCFileDirectorySecurity appears to retrieve currently applied permissions, but it cannot be pipe'd into another cmdlet 😞 My larger objective is to build a WFA command that allows a user to add/remove an AD Group from their volume. I've found the Powershell toolkit to be much quicker and straightforward than using (Get-Acl / Set-Acl) connect-NcController $ClusterName $volName = "vol_test_3" $Vserver = "svm-lab-a" Get-NcFileDirectorySecurity -Path "/$volName" -VserverContext $Vserver | New-NcFileDirectorySecurityNtfs -SecurityDescriptor $VolName #this part doesn't work! First cmdlet returns ACLs, but doesn't store it within SecurityDescriptor. Get-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $volName -Vserver $vserver #my output is {Administrators,Users,CREATOR OWNER, SYSTEM}. I'm hoping to capture the DACLs of "/$VolName" - such as displayed by (Get-NcFileDirectorySecurity -Path "/$volName" -VserverContext $Vserver).acls
... View more