Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Microsoft Virtualization Discussions

Security Login Create

drwoodberry

All, I am trying to configure AD group authentication for my controllers. When I run the following command below from the CLI it works with no issues and the group is added:

 

security login create -user-or-group-name "PIE\PIE Storage Admin" -application ssh -authentication-method domain -role admin -vserver CLUSTERNAME

 

However when I try the same syntax using poweshell, I get an error stating that "storage" is not a "-application" parameter. The code I am using for the powershell is:

 

 

Invoke-NcSsh security login create -user-or-group-name "PIE\PIE Storage Admin" -application ssh -authentication-method domain -role admin -vserver $clustername

 

Any help on this would be great. 

 

1 ACCEPTED SOLUTION

asulliva

Hello @drwoodberry,

 

Why not use the New-NcUser cmdlet?

 

New-NcUser -UserName 'PIE\PIE Storage Admin' -Application ssh -AuthMethod domain -Role admin -Vserver $clusername

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

7 REPLIES 7

Aparajita

The CLI command needs to be within quotes - here the problem is PowerShell thinks "Application" is a parameter for Invoke-NcSSH cmdlet.

 

Try using it like this - should work.

 

$cmd = "security login create -user-or-group-name `"PIE\PIE Storage Admin`" -application ssh -authentication-method domain -role admin -vserver $clustername"
Invoke-NcSSH $cmd

I second Andrew's suggestion of using the New-NcUser cmdlet instead though - it's always better to use a PSTK cmdlet than use the passthrough.

drwoodberry

It appears that sometimes it assumes a parameter is part of the command and other times it does not. I use InVoke-NcSsh a few times in my scripts and usually any options within the command are not seen as a parameter to the InVoke-NcSsh commandlet. 

 

I apprecuate the help.

asulliva

Hello @drwoodberry,

 

Why not use the New-NcUser cmdlet?

 

New-NcUser -UserName 'PIE\PIE Storage Admin' -Application ssh -AuthMethod domain -Role admin -Vserver $clusername

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

Andre_Clark

The other thing to note in your scripting is that you had a single backslach '\'.  In most scripting languages the backslash is interpreted as the start of an escape sequence.  In order to have a backslash be interpreted not as the escape sequence, you need to use a double backslash '\\'.

windycity_1

Hello everyone, thanks in advance for your assistance.  I hope someone can assist me here. I am also running into the same issue here, I am trying to create an admin user here with full previleages, I keppt running into these errors. I have tried multiple ways, still getting the smae errors. Can someone be kind enough to help here These are my errors.

 

 

cluster1::> security login create -vserver -vserver vs1 John.Doe monitor -application ontapi -authmethod password -role vsadmin

 

Error: Missing value for -vserver.

 

cluster1::> security login create -vserver -vserver1 John.Doe monitor -application ontapi -authmethod password -role vsadmin

 

Error: Vserver name: Invalid. The Vserver name must begin with a letter or an underscore. Maximum supported length: 41 if Vserver is type

       "sync-source", 47 otherwise.

 

 

cluster1::> security login create -vserver vs1 John.Doe monitor -application http -authmethod cert -role admin

 

Error: "monitor" is an invalid value for field "-application <text>"

 

 

cluster1::> security login create -vserver vs1 John.Doe admin -application http -authmethod cert -role admin

 

Error: "admin" is an invalid value for field "-application <text>"

 

ucluster1::> security login create -vserver vs1 John.Doe administrator -application ssh -authmethod cert -role admin

 

Error: "administrator" is an invalid value for field "-application <text>"

 

ucluster1::> security login create -vserver vs1 John.Doe vsadmin -application ssh cert -role admin

 

Error: "vsadmin" is an invalid value for field "-application <text>"

 

ucluster1

 

Thanks everyone for your assistance

drwoodberry

I did not even think about that. I was looking in the wrong place for the commandlets and just brain farted. That was simple to use.

 

I appreciate the assist. 

JGPSHNTAP

^^

 

Agree, use built-in cmdlet's when possible

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public