Data Infrastructure Management Software Discussions

LDAP Authentication

Can Anyone help me with setting up LDAP authentication on on Command System Manager? I want my AD users to login to system manager using their ad credentials and make configuration changes or monitor as per the permissions given to them.

I have done the following step

cluster1::> security login domain-tunnel create -vserver vs0
cluster1::> security login create -vserver cluster1 -user-or-group-name DOMAIN1\Administrator -application ssh -authmethod domain

After these also i am not able to login to the cluster via ssh using the administrator user
Can anyone help


Re: LDAP Authentication

What you've provided looks correct given you have set the role where they have access to do what they need.


Double check your cifs settings (cifs show) on the svm and make sure everything is correct there.

Re: LDAP Authentication

Hi @Anirban


Please also create http and ontapapi accounts.


security login create -user-or-group-name DOMAIN1\Administrator -application http -authmethod domain -role admin -vserver Cluster1


security login create -user-or-group-name DOMAIN1\Administrator -application ontapi -authmethod domain -role admin -vserver Cluster1


Please try the above commands. After that you can able to log in using system manager.

View solution in original post

Re: LDAP Authentication

Hi @Anirban


You will not use ssh to login to the cluster via system manager. SSH is only for command line.

Re: LDAP Authentication

When you add the other two roles to security login, when you login via the webbrowser you need to login as 




Re: LDAP Authentication

Thanks for the help everyone. finally got it to work

Re: LDAP Authentication

I am getting the same problem but with ssh from the command line. Everything seemed to work while craeting the cif server etc but I cannot log in using domain and username. Any ideas anyone?

Re: LDAP Authentication

Domain authencation works from SSH, but not with keys


You need to do the following


security login show -vserver vservername


add the domain group to the cluster vserver with ssh as the application


security login create blah


Then when you login use this




enter password, you should be good to go

Re: LDAP Authentication

he solution did help and i was able to setup AD authentication in most of my Cmode FAS. However it is not happening for 1 particular FAS. AFF8020,

I am able to login to cluster shell via ssh using my domain id/pass but in GUI its not happening , always showing the message invalid userid and Admin.

i am using domain\username to login to GUI..but its always showing invalid credentials...using same creds i can login ia putty

Yes i used the security login for hhtp and ontapi as well.

Any help would be appreciated..really stuck here.

Re: LDAP Authentication

Hi @Anirban


Can you please post the output of


sec login show

Re: LDAP Authentication

Re: LDAP Authentication

"Console" Application type is missing.




"You must have a cluster user account configured with the admin role and the http, ontapi, and console application types."

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.
Cloud Volumes ONTAP
Review Banner
All Community Forums