Network and Storage Protocols

Active Directory LDAP authentication

tatlee
5,055 Views

Hi All,


Can I use AD domain user a/c to login filer console to manage filer through AD LDAP authentication?



Regards

4 REPLIES 4

cory_mckee
4,920 Views

You certanly can. Run "cifs setup" from the command line. And dont worry if you dont have a cifs license as its not a requirement.

-C-

tatlee
4,920 Views

thanks cory.mckee

but on cifs setup, I have choose the option (1) Active Directory domain authentication.

Also I configure the options of ldap

ldap.ADdomain XXX.XXX.COM

ldap.base         cn=group,dc=xxx,dc=xxx,dc=com

ldap.name        service a/c name

ldap.passwd     userpasswd

Can these settings satisfy to login console use AD ldap authentication?

Regards,

Terrence Lee

cory_mckee
4,920 Views

From a login perspective you need to assign the account to a group on your filer using the useradmin command

useradmin domainuser add <user_name>
        -g <group1>[,<group2>,...,<groupN>]
useradmin domainuser delete <user_name>
        -g <group1>[,<group2>,...,<groupN>]
useradmin domainuser list -g <group_name>
useradmin domainuser load <filename>

audifreakjim
4,920 Views

Reviving this to see if anyone has found a workaround to this very annoying issue.

You cannot log into the SP using a Domain account.  This is documented by NetApp that it must be a local account and verified at customers and our labs.  This makes sense because the SP is not running CIFS.

Has anyone found a solution to let you log into the "system console" either from the SP, or physically connected to the back of the controller using a AD domain account?

This is assuming CIFS is running, and the user can log into the filer via SSH using an AD domain account.

This leaves customers that are subject to audits in a very difficult place because it undermines all RBAC when physical connectivity is required.  Even though DFM makes it easier, maintaining local user accounts in large enterprises is not acceptable in my opinion.

Public