Ask The Experts

Ontap System Manager

JS_Patil
4,658 Views

While creating Add User/User Login Methods why authentication method is readonly to 'password' ? why I can't set it as 'domain'

 

Addition - How to create domain user in ontap??

1 ACCEPTED SOLUTION

Ontapforrum
4,583 Views

That's look alright. The password is for the application authmethod for i.e ontapi/ssh , which is by defualt. This is locally created on the SVM. However, if you wish to have a user in AD login to system manager or use zapi then that user can have a authentication method as 'domain'.

View solution in original post

7 REPLIES 7

Ontapforrum
4,645 Views

Could you please eloborate on that  'readonly' where do you get this ? You mentioned 'ontap' I am assuming this is a cDOT you are dealing with ?

 

To create domain user:

Cluster::> security login create -user-or-group-name DOMAN\USER -application <options:ssh,ontapi etc> -authentication-method domain -role <options are: admin,backup,vsadmin,readonly etc>

 

Also, create the domain tunnel so that AD login sessions can be authenticated by the cluster:
cluster1::> security login domain-tunnel create -vserver <vserver>

 

Kb for reference:
https://kb.netapp.com/app/answers/answer_view/a_id/1086185/loc/en_US
https://kb.netapp.com/app/answers/answer_view/a_id/1073902/loc/en_US

 

 

JS_Patil
4,619 Views

Thanks for domain user related information.

'Readonly' means I am not able to set authentication method as 'domain', it is set to 'password' already and it is not editable.

Ontapforrum
4,613 Views

Are you logged in to system manager as 'admin' ? 

 

Could you share the screenshot plz.

JS_Patil
4,611 Views

Added screenshot.

 

Ontapforrum
4,584 Views

That's look alright. The password is for the application authmethod for i.e ontapi/ssh , which is by defualt. This is locally created on the SVM. However, if you wish to have a user in AD login to system manager or use zapi then that user can have a authentication method as 'domain'.

JS_Patil
4,558 Views

I am considering 'zapi' as NetApp zoom, and using command 'security login modify' to modify user authetication method  as 'domain' (User is created from system manager with auth method as 'password'.)

But it is giving an error: Authentication method not found.

Please correct me if I am wrong.

Ontapforrum
4,546 Views

1) Log in to the cluster using SSH 
2) Validate no tunnel exists by running the following command:
::>security login domain-tunnel show
Note: You can only have one domain tunnel.
3) If a tunnel does not exist, create one by running the following command:
::>security login domain-tunnel create –vserver <CIFS Vserver Name>
4) Add the 'zapi/zoom' service account with API rights:
To add an account, run the following command:
::>security login create –vserver <Cluster Name> -username <domainService_account> –application ontapi –authmethod domain

 

To add additional rights such as SSH, change the application seting:
security login create -username <domainService_account> –application SSH -authmethod domain

Public