ONTAP Hardware

AD integration in 7 mode and C mode

lachu
2,676 Views

Hello Team,

 

I have both 7 mode and C mode in my environment. I need to do the AD integration of my controllers. Can anybody help me with the steps for the same.

3 REPLIES 3

GidonMarcus
2,661 Views

Hi

 

can you confirm the:

1. OS version (i think that in Cdot 8.3 they changed the methood)

2. if you have CIFS licenced

3. if CIFS already in use on the same domain?

 

if already have them you likelly have very few steps to go forward. if not - you likelly need to complete some pre-requist depand on the situation.

 

Gidi.

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

lachu
2,651 Views

OS Version is 8.3.1.

 

CIFS is licensed.

 

CIFS not in use in domain

GidonMarcus
2,640 Views

that's the tricky bit:

 

As you don't have CIFS and enabling it might not be straight forward (main consideration is if your network connectivity is ready. and a  extra use of CPU resources).. i would have just use the LDAP functionality and not the AD CIFS integration:

 

https://library.netapp.com/ecmdocs/ECMLP2348035/html/GUID-725D9074-9A70-437C-A348-7281DF12E5AD.html  for Cdot

https://library.netapp.com/ecmdocs/ECMP1155684/html/GUID-8BE8ADEB-466A-4838-A27D-BB213661BF59.html  for 7 mode

 

---------------------

 

 

if you had a CIFS configured. you would have only need to run the following on the Cdot

     security login domain-tunnel create -vserver <your CIFS SVM>

and start using it with:

     security login create -user-or-group-name domain\group -application ontapi -authmethod domain -role admin

     security login create -user-or-group-name domain\group-application http -authmethod domain -role admin

 

and the following on the 7-mode:

useradmin domainuser add domain\group -g administrators

 

 

if you think it's straight forward for you to create CIFS SVM and add the 7-mode to a domain - do it and complete the above, it will be also more secure then LDAP (as it will use Kerberos or NTLM. and not send the password over as LDAP do)

 

 

 

 

 

 

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
Public