Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Start a New Post

Active Directory LDAP authentication

tatlee
NetApp Alumni
‎2010-12-01 08:15 PM

Hi All,


Can I use AD domain user a/c to login filer console to manage filer through AD LDAP authentication?



Regards

0 Kudos
View By:
4 REPLIES 4

cory_mckee
‎2010-12-01 09:10 PM

You certanly can. Run "cifs setup" from the command line. And dont worry if you dont have a cifs license as its not a requirement.

-C-

0 Kudos

tatlee
NetApp Alumni
‎2010-12-01 10:04 PM
In response to cory_mckee

thanks cory.mckee

but on cifs setup, I have choose the option (1) Active Directory domain authentication.

Also I configure the options of ldap

ldap.ADdomain XXX.XXX.COM

ldap.base         cn=group,dc=xxx,dc=xxx,dc=com

ldap.name        service a/c name

ldap.passwd     userpasswd

Can these settings satisfy to login console use AD ldap authentication?

Regards,

Terrence Lee

0 Kudos

cory_mckee
‎2010-12-02 08:05 AM
In response to tatlee

From a login perspective you need to assign the account to a group on your filer using the useradmin command

useradmin domainuser add <user_name>
        -g <group1>[,<group2>,...,<groupN>]
useradmin domainuser delete <user_name>
        -g <group1>[,<group2>,...,<groupN>]
useradmin domainuser list -g <group_name>
useradmin domainuser load <filename>

0 Kudos

audifreakjim
‎2012-07-10 05:32 PM

Reviving this to see if anyone has found a workaround to this very annoying issue.

You cannot log into the SP using a Domain account.  This is documented by NetApp that it must be a local account and verified at customers and our labs.  This makes sense because the SP is not running CIFS.

Has anyone found a solution to let you log into the "system console" either from the SP, or physically connected to the back of the controller using a AD domain account?

This is assuming CIFS is running, and the user can log into the filer via SSH using an AD domain account.

This leaves customers that are subject to audits in a very difficult place because it undermines all RBAC when physical connectivity is required.  Even though DFM makes it easier, maintaining local user accounts in large enterprises is not acceptable in my opinion.

0 Kudos
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2022 NetApp Cookies settings
Let us know
Public