Microsoft Virtualization Discussions

Set-NaVfilerPassword does not work.

sjallabais
4,904 Views

I want to set up all details for cifs vfilers from a script non-interactive.

The Filerview vFiler wizard asks for the root password, and creates the root user.

The root user is also created if you run the "passwd" command interactivly in the vfiler

context.

I thougth that the Set-NaVfilerPassword Cmdlet was designed for this, but it just returns

without creating the root user.

How can this be done? I need a working root user for other setup needs.

Regards

Sjalla.

6 REPLIES 6

beam
4,904 Views

Hi Sjalla,

You are correct, the Set-NaVfilerPassword cmdlet should set the password for the vfiler root user.  I have a few questions:

- What version of Data ONTAP are you using?

- Are you creating the vfiler using the New-NaVfiler cmdlet?  If not, how are you creating the vfiler?

- Are you using any other Set-NaVfiler* cmdlets in your process?  If so, which ones?

Thanks,

Steven

***Edit (with a little more information)***

This is a known issue with ONTAP where the API that Set-NaVfilerPassword uses does not update the password if the root user already exists.  There is no short-term resolution plan.  You can workaround this by connecting directly to the vfiler and using Set-NaUserPassword.

sjallabais
4,903 Views

I have tested with Toolkit 1.3 against  7.3.5.1 and 8.0.1P3 (and also earlier releases) with the same result,

no root user.

example script:

------------------

$naCred = (get-credential root)
Connect-NaController fas2040a -credential $naCred
New-NaVol -name testvf_root -aggregate aggr0 -size 100m
New-NaVol -name testvf_vol1 -aggregate aggr0 -size 100m
Set-NaQtree /vol/testvf_vol1 -SecurityStyle "ntfs"

New-NaVfiler testvf -addresses 10.1.1.100 -storage /vol/testvf_root,/vol/testvf_vol1
Set-NaVfilerPassword testvf secret1234
Set-NaVfilerProtocol testvf -DisallowProtocols nfs,iscsi,rsh
Invoke-NaSsh vfiler run testvf secureadmin setup -q ssh 768 512 768

$ipb = New-Object NetApp.Ontapi.Filer.Vfiler73.IpbindingInfo
$ipb.Interface = "e0a"
$ipb.Ipaddress = "10.1.1.100"
$ipb.Netmask = "255.255.255.0"
Set-NaVfilerAddress testvf -IpBindingInfo $ipb
Set-NaVfilerDns testvf -DnsDomain test.local -DnsServerAddresses 10.1.1.50

beam
4,903 Views

Thank you for the sample script.  With that, I was able to reproduce the behavior you are describing.  The Set-NaVfilerPassword cmdlet makes use of the vfiler-setup API, which allows us to set up several properties of the vfiler (Set-NaVfilerAddress, Set-NaVfilerAdminHost, Set-NaVfilerDns, and Set-NaVfilerNis also make use of vfiler-setup).  In order for the vfiler-setup API to create the root account, the IP bindings must be passed along in the same API call.  This is not currently how the Set-NaVfilerPassword cmdlet works, so the root account is not created.

The good news is, the forthcoming toolkit 1.4 includes a cmdlet Invoke-NaSystemApi which allows you to send raw API requests to Data ONTAP.  I've copied a sample script below that I have used to successfully create a vfiler with a root account.

$vfiler = "testvf"
$ip = "10.10.10.25"
$interface = "e0a"
$netmask = "255.255.255.0"
$password = "password2"
$xml = "<vfiler-setup>
    <vfiler>$vfiler</vfiler>
    <ipbindings>
        <ipbinding-info>
            <ipaddress>$ip</ipaddress>
            <interface>$interface</interface>
            <netmask>$netmask</netmask>
        </ipbinding-info>
    </ipbindings>
    <password>$password</password>
  </vfiler-setup>"
New-NaVfiler $vfiler -Addresses $ip -Storage /vol/vol3
Invoke-NaSystemApi -Request $xml

Because of the issue I mentioned in my previous post, it is recommended that any subsequent password changes are accomplished by connecting directly to the vfiler and using Set-NaUserPassword.

I hope that helps,

Steven

sjallabais
4,903 Views

OK!

Invoke-NaSystemApi is a great addition to the kit.

Does this mean that it is not possible to do this with PowerShell only before tollkit 1.4 is out?

(any estimates on when 1.4 will be out?)

Regards

Sjalla

cknight
4,903 Views

Hi, Sjalla.  We weren't aware that ONTAP's vfiler-setup API had this bug you identified, so thanks for pointing it out.  Steven's suggestion should work with Toolkit 1.4, due "soon".  You might also try his suggestion of connecting directly to the vfiler and issuing Set-NaUserPassword.  I've also captured an enhancement request to add a vfiler setup cmdlet to a future release that would let you more fully configure a vfiler in one call.

cknight
4,903 Views

Sjalla, Toolkit 1.4 is available now.  Please let us know how it goes with Invoke-NaSystemApi.

Public