Network Storage Protocols Discussions

ONTAP 9 System Manager, Active Directory Authentication



I'm running a Cdot 9 simulator.

setup ldap + ldap client + nsswitch . Disabled NIS.

Want to map win-name to the same name in unix, without using nis


ldap client show -client-config ldapsvm01 -ad-domain

                                  Vserver: fnxdeb100_svm01
                Client Configuration Name: ldapsvm01
                         LDAP Server List: -
                  Active Directory Domain:
       Preferred Active Directory Servers:
Bind Using the Vserver's CIFS Credentials: true
                          Schema Template: RFC-2307
                         LDAP Server Port: 389
                      Query Timeout (sec): 3
        Minimum Bind Authentication Level: sasl
                           Bind DN (User): myuser
                                  Base DN: DC=fn2,DC=XXXXX,DC=com
                        Base Search Scope: subtree
                                  User DN: -
                        User Search Scope: subtree
                                 Group DN: -
                       Group Search Scope: subtree
                              Netgroup DN: -
                    Netgroup Search Scope: subtree
               Vserver Owns Configuration: true
      Use start-tls Over LDAP Connections: false
           Enable Netgroup-By-Host Lookup: false
                      Netgroup-By-Host DN: -
                   Netgroup-By-Host Scope: subtree
                  Client Session Security: none



ldapsearch on client shows fields uid uidnumber gidnumber etc :


sAMAccountName: bentele_test

uid: 2019
gidNumber: 123456
uidNumber: 2019




 diag secd authentication translate -node fnxdeb100-01 -vserver fnxdeb100_svm01 -uid 2019

Vserver: fnxdeb100_svm01 (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
  [  5 ms] Successfully connected to ip, port 389 using
**[    10] FAILURE: User ID '2019' not found in UNIX authorization
**         source LDAP.
  [    10] Entry for user-id: 2019 not found in the current source:
           LDAP. Ignoring and trying next available source
  [    11] Entry for user-id: 2019 not found in the current source:
           FILES. Entry for user-id: 2019 not found in any of the
           available sources
  [    11] Unable to retrieve UNIX username for UID 2019




vserver services name-service ns-switch show
Vserver         Database       Order
--------------- ------------   ---------
fnxdeb100       hosts          files,
fnxdeb100       group          files
fnxdeb100       passwd         files
fnxdeb100_svm01 hosts          dns,
fnxdeb100_svm01 group          ldap,
fnxdeb100_svm01 passwd         ldap,
fnxdeb100_svm01 netgroup       files
fnxdeb100_svm01 namemap        ldap


QUESTION : How do I activate

UNIX authorization  source LDAP.


so , that instead of


diag secd authentication show-creds -node fnxdeb100-01 -vserver fnxdeb100_svm01 -win-name bentele_test -list-name  true

 UNIX UID: pcuser <> Windows User: FN2\bentele_test (Windows Domain User)

 GID: pcuser
 Supplementary GIDs:




UNIX UID : bentele_test Windows User: FN2\bentele_test

is mapped




Thank you







Hope this document helps 



If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.




Thank you very much for the reply.

I'm sorry  thats not the solution i've searched,


I don't want an admin user key but a "normal" windows user being mapped.


best Regards



NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner