Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

NetAppDocs not able to authenticate due to insufficient role error: user account has admin role

mpedigo_usda
‎2019-02-08 03:16 PM
2,940 Views

Hello,

 

I'm new to this environment and trying to set up NetAppDocs 3.4 in an ONTAP 9.3P5 environment.  In order to authenticate in this environment I have a username which includes doman\io.firstname.lastname with a length of  22 characters.    My username in ONTAP is domain method with the admin role.  I have ssh, http, and ontapi enabled.  I can putty or system manager into the controllers with no issues.

 

My syntax is:

 

Get-NtapClusterData -Name hostname -credential domain\io.firstname.lastname -verbose | Format-NtapClusterData | Out-NtapDocument -WordFile ***.Docx' -ExcelFile ***.xlsx'

 

The error is:

 

VERBOSE: Initializing function: Get-NtapClusterData (netappdocs v3.4.0.547)
VERBOSE: Validating connectivity to system: hostname
VERBOSE: Using supplied credentials
VERBOSE: Trying HTTP/HTTPS
VERBOSE: Connected to hostname using HTTPS
VERBOSE: Skipping EMS logging
VERBOSE: Validating successful connection
VERBOSE: Validating user roles
Get-NtapClusterData : Unable to gather data from system. Reason: User account does not have the minimum access level
required. See the FAQ entry in the help files for more information.
At line:1 char:1
+ Get-NtapClusterData -Name hostname -credential domain\io.firstname.la ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (hostname:String) [Get-NtapClusterData], Exception
+ FullyQualifiedErrorId : ConnectionFailed,Test-NtapStorageSystemConnection,Get-NtapClusterData

 

Any suggestions on how to resolve this issue?  Please let me know if you need more data.

 

Thanks!

 

Mike

 

0 Kudos
1 ACCEPTED SOLUTION

cole
NetApp
‎2019-02-16 04:30 PM
In response to mpedigo_usda
2,659 Views

Yep, the console role is required and as you mentioned, a domain account cannot be assigned the console role. The issue is that for some of the data I need to use the CLI command instead of an API and this requires the console role.

View solution in original post

4 REPLIES 4

Vidyanand
‎2019-02-12 09:17 PM
2,737 Views

ontapi might be missing. use below command

 

 security login create -user-or-group-name <localusername> -application ontapi -authentication-method password -role admin

0 Kudos

mpedigo_usda
‎2019-02-13 07:22 AM
In response to Vidyanand
2,715 Views

As I stated in my original post.  My user account has ONTAPI application configured for admin role.   Thank you for your response!

0 Kudos

mpedigo_usda
‎2019-02-13 07:51 AM
2,710 Views

I tried to create a local account.  It required the console application in addition to ontapi and http, but it did work.  console is not an option for domain accounts.   The only difference between working and not working is a local account which includes console applicaiton and a domain account in the form domain\io.firstname.lastname.

 

Ideas?

0 Kudos

cole
NetApp
‎2019-02-16 04:30 PM
In response to mpedigo_usda
2,660 Views

Yep, the console role is required and as you mentioned, a domain account cannot be assigned the console role. The issue is that for some of the data I need to use the CLI command instead of an API and this requires the console role.

All Community Forums
Public