Ask The Experts

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Ask The Experts

Ask a Question

Ontap System Manager

JS_Patil
NetApp
‎2019-10-03 12:53 AM
6,277 Views

While creating Add User/User Login Methods why authentication method is readonly to 'password' ? why I can't set it as 'domain'

 

Addition - How to create domain user in ontap??

0 Kudos
1 ACCEPTED SOLUTION
JS_Patil has accepted the solution

Ontapforrum
‎2019-10-03 04:03 AM
In response to JS_Patil
6,202 Views

That's look alright. The password is for the application authmethod for i.e ontapi/ssh , which is by defualt. This is locally created on the SVM. However, if you wish to have a user in AD login to system manager or use zapi then that user can have a authentication method as 'domain'.

View solution in original post

0 Kudos
7 REPLIES 7

Ontapforrum
‎2019-10-03 01:48 AM
6,264 Views

Could you please eloborate on that  'readonly' where do you get this ? You mentioned 'ontap' I am assuming this is a cDOT you are dealing with ?

 

To create domain user:

Cluster::> security login create -user-or-group-name DOMAN\USER -application <options:ssh,ontapi etc> -authentication-method domain -role <options are: admin,backup,vsadmin,readonly etc>

 

Also, create the domain tunnel so that AD login sessions can be authenticated by the cluster:
cluster1::> security login domain-tunnel create -vserver <vserver>

 

Kb for reference:
https://kb.netapp.com/app/answers/answer_view/a_id/1086185/loc/en_US
https://kb.netapp.com/app/answers/answer_view/a_id/1073902/loc/en_US

 

 

0 Kudos

JS_Patil
NetApp
‎2019-10-03 03:13 AM
In response to Ontapforrum
6,238 Views

Thanks for domain user related information.

'Readonly' means I am not able to set authentication method as 'domain', it is set to 'password' already and it is not editable.

0 Kudos

Ontapforrum
‎2019-10-03 03:19 AM
In response to JS_Patil
6,232 Views

Are you logged in to system manager as 'admin' ? 

 

Could you share the screenshot plz.

0 Kudos

JS_Patil
NetApp
‎2019-10-03 03:29 AM
In response to Ontapforrum
6,230 Views

Added screenshot.

 

SYS_mngr.PNG
Preview file
24 KB
0 Kudos
JS_Patil has accepted the solution

Ontapforrum
‎2019-10-03 04:03 AM
In response to JS_Patil
6,203 Views

That's look alright. The password is for the application authmethod for i.e ontapi/ssh , which is by defualt. This is locally created on the SVM. However, if you wish to have a user in AD login to system manager or use zapi then that user can have a authentication method as 'domain'.

0 Kudos

JS_Patil
NetApp
‎2019-10-03 05:44 AM
In response to Ontapforrum
6,177 Views

I am considering 'zapi' as NetApp zoom, and using command 'security login modify' to modify user authetication method  as 'domain' (User is created from system manager with auth method as 'password'.)

But it is giving an error: Authentication method not found.

Please correct me if I am wrong.

0 Kudos

Ontapforrum
‎2019-10-03 06:03 AM
In response to JS_Patil
6,165 Views

1) Log in to the cluster using SSH 
2) Validate no tunnel exists by running the following command:
::>security login domain-tunnel show
Note: You can only have one domain tunnel.
3) If a tunnel does not exist, create one by running the following command:
::>security login domain-tunnel create –vserver <CIFS Vserver Name>
4) Add the 'zapi/zoom' service account with API rights:
To add an account, run the following command:
::>security login create –vserver <Cluster Name> -username <domainService_account> –application ontapi –authmethod domain

 

To add additional rights such as SSH, change the application seting:
security login create -username <domainService_account> –application SSH -authmethod domain

0 Kudos
Announcements
All Community Forums
Public