Microsoft Virtualization Discussions

Security Login Create

drwoodberry
10,118 Views

All, I am trying to configure AD group authentication for my controllers. When I run the following command below from the CLI it works with no issues and the group is added:

 

security login create -user-or-group-name "PIE\PIE Storage Admin" -application ssh -authentication-method domain -role admin -vserver CLUSTERNAME

 

However when I try the same syntax using poweshell, I get an error stating that "storage" is not a "-application" parameter. The code I am using for the powershell is:

 

 

Invoke-NcSsh security login create -user-or-group-name "PIE\PIE Storage Admin" -application ssh -authentication-method domain -role admin -vserver $clustername

 

Any help on this would be great. 

 

1 ACCEPTED SOLUTION

asulliva
10,106 Views

Hello @drwoodberry,

 

Why not use the New-NcUser cmdlet?

 

New-NcUser -UserName 'PIE\PIE Storage Admin' -Application ssh -AuthMethod domain -Role admin -Vserver $clusername

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

7 REPLIES 7

asulliva
10,107 Views

Hello @drwoodberry,

 

Why not use the New-NcUser cmdlet?

 

New-NcUser -UserName 'PIE\PIE Storage Admin' -Application ssh -AuthMethod domain -Role admin -Vserver $clusername

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

JGPSHNTAP
10,097 Views

^^

 

Agree, use built-in cmdlet's when possible

drwoodberry
10,094 Views

I did not even think about that. I was looking in the wrong place for the commandlets and just brain farted. That was simple to use.

 

I appreciate the assist. 

Andre_Clark
9,992 Views

The other thing to note in your scripting is that you had a single backslach '\'.  In most scripting languages the backslash is interpreted as the start of an escape sequence.  In order to have a backslash be interpreted not as the escape sequence, you need to use a double backslash '\\'.

windycity_1
9,958 Views

Hello everyone, thanks in advance for your assistance.  I hope someone can assist me here. I am also running into the same issue here, I am trying to create an admin user here with full previleages, I keppt running into these errors. I have tried multiple ways, still getting the smae errors. Can someone be kind enough to help here These are my errors.

 

 

cluster1::> security login create -vserver -vserver vs1 John.Doe monitor -application ontapi -authmethod password -role vsadmin

 

Error: Missing value for -vserver.

 

cluster1::> security login create -vserver -vserver1 John.Doe monitor -application ontapi -authmethod password -role vsadmin

 

Error: Vserver name: Invalid. The Vserver name must begin with a letter or an underscore. Maximum supported length: 41 if Vserver is type

       "sync-source", 47 otherwise.

 

 

cluster1::> security login create -vserver vs1 John.Doe monitor -application http -authmethod cert -role admin

 

Error: "monitor" is an invalid value for field "-application <text>"

 

 

cluster1::> security login create -vserver vs1 John.Doe admin -application http -authmethod cert -role admin

 

Error: "admin" is an invalid value for field "-application <text>"

 

ucluster1::> security login create -vserver vs1 John.Doe administrator -application ssh -authmethod cert -role admin

 

Error: "administrator" is an invalid value for field "-application <text>"

 

ucluster1::> security login create -vserver vs1 John.Doe vsadmin -application ssh cert -role admin

 

Error: "vsadmin" is an invalid value for field "-application <text>"

 

ucluster1

 

Thanks everyone for your assistance

Aparajita
10,099 Views

The CLI command needs to be within quotes - here the problem is PowerShell thinks "Application" is a parameter for Invoke-NcSSH cmdlet.

 

Try using it like this - should work.

 

$cmd = "security login create -user-or-group-name `"PIE\PIE Storage Admin`" -application ssh -authentication-method domain -role admin -vserver $clustername"
Invoke-NcSSH $cmd

I second Andrew's suggestion of using the New-NcUser cmdlet instead though - it's always better to use a PSTK cmdlet than use the passthrough.

drwoodberry
10,084 Views

It appears that sometimes it assumes a parameter is part of the command and other times it does not. I use InVoke-NcSsh a few times in my scripts and usually any options within the command are not seen as a parameter to the InVoke-NcSsh commandlet. 

 

I apprecuate the help.

Public