Network and Storage Protocols

ONTAP 9 System Manager, Active Directory Authentication

mabentele
4,762 Views

Hello

I'm running a Cdot 9 simulator.

setup ldap + ldap client + nsswitch . Disabled NIS.

Want to map win-name to the same name in unix, without using nis

 

ldap client show -client-config ldapsvm01 -ad-domain fn2.XXXXX.com

                                  Vserver: fnxdeb100_svm01
                Client Configuration Name: ldapsvm01
                         LDAP Server List: -
                  Active Directory Domain: fn2.XXXXX.com
       Preferred Active Directory Servers: 10.96.81.249
Bind Using the Vserver's CIFS Credentials: true
                          Schema Template: RFC-2307
                         LDAP Server Port: 389
                      Query Timeout (sec): 3
        Minimum Bind Authentication Level: sasl
                           Bind DN (User): myuser
                                  Base DN: DC=fn2,DC=XXXXX,DC=com
                        Base Search Scope: subtree
                                  User DN: -
                        User Search Scope: subtree
                                 Group DN: -
                       Group Search Scope: subtree
                              Netgroup DN: -
                    Netgroup Search Scope: subtree
               Vserver Owns Configuration: true
      Use start-tls Over LDAP Connections: false
           Enable Netgroup-By-Host Lookup: false
                      Netgroup-By-Host DN: -
                   Netgroup-By-Host Scope: subtree
                  Client Session Security: none

 

###############

ldapsearch on client shows fields uid uidnumber gidnumber etc :

 

sAMAccountName: bentele_test


uid: 2019
gidNumber: 123456
uidNumber: 2019

####

 

 

 diag secd authentication translate -node fnxdeb100-01 -vserver fnxdeb100_svm01 -uid 2019

Vserver: fnxdeb100_svm01 (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
  [  5 ms] Successfully connected to ip 10.96.81.249, port 389 using
           TCP
**[    10] FAILURE: User ID '2019' not found in UNIX authorization
**         source LDAP.
  [    10] Entry for user-id: 2019 not found in the current source:
           LDAP. Ignoring and trying next available source
  [    11] Entry for user-id: 2019 not found in the current source:
           FILES. Entry for user-id: 2019 not found in any of the
           available sources
  [    11] Unable to retrieve UNIX username for UID 2019

 

 

 

vserver services name-service ns-switch show
                               Source
Vserver         Database       Order
--------------- ------------   ---------
fnxdeb100       hosts          files,
                               dns
fnxdeb100       group          files
fnxdeb100       passwd         files
fnxdeb100_svm01 hosts          dns,
                               files
fnxdeb100_svm01 group          ldap,
                               files
fnxdeb100_svm01 passwd         ldap,
                               files
fnxdeb100_svm01 netgroup       files
fnxdeb100_svm01 namemap        ldap

 

QUESTION : How do I activate

UNIX authorization  source LDAP.

 

so , that instead of

 

diag secd authentication show-creds -node fnxdeb100-01 -vserver fnxdeb100_svm01 -win-name bentele_test -list-name  true

 UNIX UID: pcuser <> Windows User: FN2\bentele_test (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:


  pcuser

 

 

UNIX UID : bentele_test Windows User: FN2\bentele_test

is mapped

 

?

 

Thank you

 

 

2 REPLIES 2

hariprak
4,717 Views

Hi,

 

Hope this document helps https://library.netapp.com/ecm/ecm_download_file/ECMLP2496262 

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mabentele
4,571 Views

Hi

 

Thank you very much for the reply.

I'm sorry  thats not the solution i've searched,

 

I don't want an admin user key but a "normal" windows user being mapped.

 

best Regards

Markus

 

Public