While creating Add User/User Login Methods why authentication method is readonly to 'password' ? why I can't set it as 'domain'
Addition - How to create domain user in ontap??
Solved! See The Solution
7 REPLIES 7
Could you please eloborate on that 'readonly' where do you get this ? You mentioned 'ontap' I am assuming this is a cDOT you are dealing with ?
To create domain user:
Cluster::> security login create -user-or-group-name DOMAN\USER -application <options:ssh,ontapi etc> -authentication-method domain -role <options are: admin,backup,vsadmin,readonly etc>
Also, create the domain tunnel so that AD login sessions can be authenticated by the cluster:
cluster1::> security login domain-tunnel create -vserver <vserver>
That's look alright. The password is for the application authmethod for i.e ontapi/ssh , which is by defualt. This is locally created on the SVM. However, if you wish to have a user in AD login to system manager or use zapi then that user can have a authentication method as 'domain'.
I am considering 'zapi' as NetApp zoom, and using command 'security login modify' to modify user authetication method as 'domain' (User is created from system manager with auth method as 'password'.)
But it is giving an error: Authentication method not found.
Please correct me if I am wrong.
1) Log in to the cluster using SSH
2) Validate no tunnel exists by running the following command:
::>security login domain-tunnel show
Note: You can only have one domain tunnel.
3) If a tunnel does not exist, create one by running the following command:
::>security login domain-tunnel create –vserver <CIFS Vserver Name>
4) Add the 'zapi/zoom' service account with API rights:
To add an account, run the following command:
::>security login create –vserver <Cluster Name> -username <domainService_account> –application ontapi –authmethod domain
To add additional rights such as SSH, change the application seting:
security login create -username <domainService_account> –application SSH -authmethod domain