Microsoft Virtualization Discussions

NetAppDocs not able to authenticate due to insufficient role error: user account has admin role

mpedigo_usda

Hello,

 

I'm new to this environment and trying to set up NetAppDocs 3.4 in an ONTAP 9.3P5 environment.  In order to authenticate in this environment I have a username which includes doman\io.firstname.lastname with a length of  22 characters.    My username in ONTAP is domain method with the admin role.  I have ssh, http, and ontapi enabled.  I can putty or system manager into the controllers with no issues.

 

My syntax is:

 

Get-NtapClusterData -Name hostname -credential domain\io.firstname.lastname -verbose | Format-NtapClusterData | Out-NtapDocument -WordFile ***.Docx' -ExcelFile ***.xlsx'

 

The error is:

 

VERBOSE: Initializing function: Get-NtapClusterData (netappdocs v3.4.0.547)
VERBOSE: Validating connectivity to system: hostname
VERBOSE: Using supplied credentials
VERBOSE: Trying HTTP/HTTPS
VERBOSE: Connected to hostname using HTTPS
VERBOSE: Skipping EMS logging
VERBOSE: Validating successful connection
VERBOSE: Validating user roles
Get-NtapClusterData : Unable to gather data from system. Reason: User account does not have the minimum access level
required. See the FAQ entry in the help files for more information.
At line:1 char:1
+ Get-NtapClusterData -Name hostname -credential domain\io.firstname.la ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (hostname:String) [Get-NtapClusterData], Exception
+ FullyQualifiedErrorId : ConnectionFailed,Test-NtapStorageSystemConnection,Get-NtapClusterData

 

Any suggestions on how to resolve this issue?  Please let me know if you need more data.

 

Thanks!

 

Mike

 

1 ACCEPTED SOLUTION

cole

Yep, the console role is required and as you mentioned, a domain account cannot be assigned the console role. The issue is that for some of the data I need to use the CLI command instead of an API and this requires the console role.

View solution in original post

4 REPLIES 4

Vidyanand

ontapi might be missing. use below command

 

 security login create -user-or-group-name <localusername> -application ontapi -authentication-method password -role admin

mpedigo_usda

As I stated in my original post.  My user account has ONTAPI application configured for admin role.   Thank you for your response!

mpedigo_usda

I tried to create a local account.  It required the console application in addition to ontapi and http, but it did work.  console is not an option for domain accounts.   The only difference between working and not working is a local account which includes console applicaiton and a domain account in the form domain\io.firstname.lastname.

 

Ideas?

cole

Yep, the console role is required and as you mentioned, a domain account cannot be assigned the console role. The issue is that for some of the data I need to use the CLI command instead of an API and this requires the console role.

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public