New-NAUser on vfiler

PAUL_SANDERS87 · ‎2012-07-19

Hello All,

I have written a script that will create a vfiler and then configure based on a number of params. Once the vfiler has been created, I run teh following:

connect-nacontroller $controller -vfiler $vfilerhost

And then try to run:

New-NaUser Support $passwd Administrators

This then fails with New-NaUser : Could not add user <Support>. Error: User cannot access group(s)

However it does work when I connect using

connect-nacontroller $vfilerhost -HTTP

I have read on another forum post that may be down to me tunneling through the controller to the vfiler. Will this issue be resolved in later versions?

In my environment, my orchestration/automation host will not be in the same vlan as the vfiler, so connecting directly will not be possible. Unless of course I put it into a provisioning network first. Reconfigs will be a nightmare though.

Thanks

Paul

sizemore · ‎2012-07-19

Hey Paul,

What version of Data ONTAP are you running? It's working on the latest build.

[0:419]≥ Connect-NaController starbuck

Name Address Ontapi Version

---- ------- ------ -------

starbuck 10.58.92.217 1.15 NetApp Release 8.1 7-Mode: Thu Mar 29 13:56:17 PDT 2012

[0:420]≥ Get-NaVfiler

Name Status Ipspace VfnetCount VfstoreCount AdminHost

---- ------ ------- ---------- ------------ ---------

vfiler0 running default-ipspace 5 1

vfstarbuck0 running default-ipspace 3 1

vfstarbuck1 running default-ipspace 3 1

[0:421]≥ Connect-NaController starbuck -Vfiler vfstarbuck0

Name Address Ontapi Version

---- ------- ------ -------

starbuck 10.58.92.217 1.15 NetApp Release 8.1 7-Mode: Thu Mar 29 13:56:17 PDT 2012 Multistore

[0:422]≥ Get-NaGroup

Name Comment Roles

---- ------- -----

Administrators Members can fully administer the filer {admin}

Backup Operators Members can bypass file security to b... {backup}

Compliance Admini... Members can perform compliance operat... {compliance}

Guests Users granted Guest Access {none}

Power Users Members that can share directories {power}

Replicators not supported {none}

Users Ordinary Users {audit}

[0:423]≥ New-NaUser support -Password Password123 -Groups Administrators

Name Comment Groups

---- ------- ------

support {Administrators}

Hope that helps,

~Glenn

PAUL_SANDERS87 · ‎2012-07-20

Hi Glen,

I am running 1.31 :

Name Address Ontapi Version

---- ------- ------ -------

Filer 192.168.10.80 1.13 NetApp Release 8.0.2 7-Mode: Mon Jun 13 14:13:45 PDT 2011

I get the following issues:

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> get-nagroup

Name                 Comment                                  Roles
----                 -------                                  -----
Administrators       Members can fully administer the filer   {admin}
Backup Operators     Members can bypass file security to b... {backup}
Compliance Admini... Members can perform compliance operat... {compliance}
Guests               Users granted Guest Access               {none}
Power Users          Members that can share directories       {power}
Replicators          not supported                            {none}
Users                Ordinary Users                           {audit}

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> get-navfiler

Name                      Status         Ipspace              VfnetCount VfstoreCount AdminHost
----                      ------         -------              ---------- ------------ ---------
TEST                   running        default-ipspace               1            1
SCOM-FILER                running        default-ipspace               1            2
vfiler0                   running        default-ipspace               5            1

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> connect-nacontroller 192.168.10.80 -vfiler SCOM-FILER

Name                 Address           Ontapi   Version
----                 -------           ------   -------
192.168.10.80        192.168.10.80     1.13     NetApp Release 8.0.2 7-Mode: Mon Jun 13 14:13:45 PDT 2011 Multistore

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> get-nagroup

Name                 Comment                                  Roles
----                 -------                                  -----
Administrators       Members can fully administer the filer   {admin}
Backup Operators     Members can bypass file security to b... {backup}
Compliance Admini... Members can perform compliance operat... {compliance}
Guests               Users granted Guest Access               {none}
Power Users          Members that can share directories       {power}
Replicators          not supported                            {none}
Users                Ordinary Users                           {audit}

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1> new-nauser Test Letmein123 Administrators
New-NaUser : Could not add user <Test>. Error: User cannot access group(s)
At line:1 char:11
+ new-nauser <<<< Test Letmein123 Administrators
+ CategoryInfo : InvalidOperation: (192.168.10.80:NaController) [New-NaUser], EINTERNALERROR
+ FullyQualifiedErrorId : ApiException,DataONTAP.PowerShell.SDK.Cmdlets.Useradmin.NewNaUser

PS C:\Users\psanders\Downloads\cifs_vfiler_create_script.ps1>

So I should be updating to 1.51?

Thanks

Paul

timothyn · ‎2012-07-23

Hi Paul,

The version you show is just the ONTAP API version (1.13 corresponds to ONTAP 8.0.x btw). You can get the version of the PowerShell Toolkit you are running with the Get-Module cmdlet:

PS C:\> get-module dataontap | ft Name, Version

Name Version

---- -------

DataOntap 2.0.0

Running the current version of the toolkit definitely helps us support you quicker.

Cheers,

Eric

PAUL_SANDERS87 · ‎2012-07-23

Hi Eric,

I am running 2.0.0:

Name Version

---- -------

DataONTAP 2.0.0

Thanks

Paul

timothyn · ‎2012-07-23

Paul that looks like a permissions issue. If you are tunneling through the physical controller, you may need to make sure that your user ID has administrative privileges on the physical controller.

I'm not sure from your script if you are using your Windows credential (via RPC) or a cached credential (i.e. that you added with Add-NaCredential).

PAUL_SANDERS87 · ‎2012-07-23

Ahh it could be permissions. I basically connect using RPC, which will then run as the windows account I am logged in as (in this case System Centre Orchestrator account).

I will add that account to the administrators group and give that a try.

Cheers

Paul