Network Storage Protocols Discussions

ONTAP 9 System Manager, Active Directory Authentication

mabentele

Hello

I'm running a Cdot 9 simulator.

setup ldap + ldap client + nsswitch . Disabled NIS.

Want to map win-name to the same name in unix, without using nis

 

ldap client show -client-config ldapsvm01 -ad-domain fn2.XXXXX.com

                                  Vserver: fnxdeb100_svm01
                Client Configuration Name: ldapsvm01
                         LDAP Server List: -
                  Active Directory Domain: fn2.XXXXX.com
       Preferred Active Directory Servers: 10.96.81.249
Bind Using the Vserver's CIFS Credentials: true
                          Schema Template: RFC-2307
                         LDAP Server Port: 389
                      Query Timeout (sec): 3
        Minimum Bind Authentication Level: sasl
                           Bind DN (User): myuser
                                  Base DN: DC=fn2,DC=XXXXX,DC=com
                        Base Search Scope: subtree
                                  User DN: -
                        User Search Scope: subtree
                                 Group DN: -
                       Group Search Scope: subtree
                              Netgroup DN: -
                    Netgroup Search Scope: subtree
               Vserver Owns Configuration: true
      Use start-tls Over LDAP Connections: false
           Enable Netgroup-By-Host Lookup: false
                      Netgroup-By-Host DN: -
                   Netgroup-By-Host Scope: subtree
                  Client Session Security: none

 

###############

ldapsearch on client shows fields uid uidnumber gidnumber etc :

 

sAMAccountName: bentele_test


uid: 2019
gidNumber: 123456
uidNumber: 2019

####

 

 

 diag secd authentication translate -node fnxdeb100-01 -vserver fnxdeb100_svm01 -uid 2019

Vserver: fnxdeb100_svm01 (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
  [  5 ms] Successfully connected to ip 10.96.81.249, port 389 using
           TCP
**[    10] FAILURE: User ID '2019' not found in UNIX authorization
**         source LDAP.
  [    10] Entry for user-id: 2019 not found in the current source:
           LDAP. Ignoring and trying next available source
  [    11] Entry for user-id: 2019 not found in the current source:
           FILES. Entry for user-id: 2019 not found in any of the
           available sources
  [    11] Unable to retrieve UNIX username for UID 2019

 

 

 

vserver services name-service ns-switch show
                               Source
Vserver         Database       Order
--------------- ------------   ---------
fnxdeb100       hosts          files,
                               dns
fnxdeb100       group          files
fnxdeb100       passwd         files
fnxdeb100_svm01 hosts          dns,
                               files
fnxdeb100_svm01 group          ldap,
                               files
fnxdeb100_svm01 passwd         ldap,
                               files
fnxdeb100_svm01 netgroup       files
fnxdeb100_svm01 namemap        ldap

 

QUESTION : How do I activate

UNIX authorization  source LDAP.

 

so , that instead of

 

diag secd authentication show-creds -node fnxdeb100-01 -vserver fnxdeb100_svm01 -win-name bentele_test -list-name  true

 UNIX UID: pcuser <> Windows User: FN2\bentele_test (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:


  pcuser

 

 

UNIX UID : bentele_test Windows User: FN2\bentele_test

is mapped

 

?

 

Thank you

 

 

2 REPLIES 2

hariprak

Hi,

 

Hope this document helps https://library.netapp.com/ecm/ecm_download_file/ECMLP2496262 

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mabentele

Hi

 

Thank you very much for the reply.

I'm sorry  thats not the solution i've searched,

 

I don't want an admin user key but a "normal" windows user being mapped.

 

best Regards

Markus

 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public