Ask The Experts

Ontap System Manager

While creating Add User/User Login Methods why authentication method is readonly to 'password' ? why I can't set it as 'domain'

 

Addition - How to create domain user in ontap??

7 REPLIES 7

Re: Ontap System Manager

Could you please eloborate on that  'readonly' where do you get this ? You mentioned 'ontap' I am assuming this is a cDOT you are dealing with ?

 

To create domain user:

Cluster::> security login create -user-or-group-name DOMAN\USER -application <options:ssh,ontapi etc> -authentication-method domain -role <options are: admin,backup,vsadmin,readonly etc>

 

Also, create the domain tunnel so that AD login sessions can be authenticated by the cluster:
cluster1::> security login domain-tunnel create -vserver <vserver>

 

Kb for reference:
https://kb.netapp.com/app/answers/answer_view/a_id/1086185/loc/en_US
https://kb.netapp.com/app/answers/answer_view/a_id/1073902/loc/en_US

 

 

Re: Ontap System Manager

Thanks for domain user related information.

'Readonly' means I am not able to set authentication method as 'domain', it is set to 'password' already and it is not editable.

Re: Ontap System Manager

Are you logged in to system manager as 'admin' ? 

 

Could you share the screenshot plz.

Re: Ontap System Manager

Added screenshot.

 

Re: Ontap System Manager

That's look alright. The password is for the application authmethod for i.e ontapi/ssh , which is by defualt. This is locally created on the SVM. However, if you wish to have a user in AD login to system manager or use zapi then that user can have a authentication method as 'domain'.

Re: Ontap System Manager

I am considering 'zapi' as NetApp zoom, and using command 'security login modify' to modify user authetication method  as 'domain' (User is created from system manager with auth method as 'password'.)

But it is giving an error: Authentication method not found.

Please correct me if I am wrong.

Re: Ontap System Manager

1) Log in to the cluster using SSH 
2) Validate no tunnel exists by running the following command:
::>security login domain-tunnel show
Note: You can only have one domain tunnel.
3) If a tunnel does not exist, create one by running the following command:
::>security login domain-tunnel create –vserver <CIFS Vserver Name>
4) Add the 'zapi/zoom' service account with API rights:
To add an account, run the following command:
::>security login create –vserver <Cluster Name> -username <domainService_account> –application ontapi –authmethod domain

 

To add additional rights such as SSH, change the application seting:
security login create -username <domainService_account> –application SSH -authmethod domain

Forums