Solved: Re: When to use security.admin.authentication internal or nsswitch?

InvalidCharacter · ‎2015-11-13

I have a question about the use of the “options security.admin.authentication” configuration. In what context is the “internal” option used? If I’m only interested in the use of the passwd for authentication and the nsswitch.conf has the following:

passwd: files nis ldap

Doesn’t the “passwd: files” serve the same purpose as the “internal” option? I’m setting up a 8.2.2, 7-mode, filer for SFTP and it appears the common setting for the security.admin.authentication is either “nsswitch” or “nsswitch, internal”. I’m trying to understand the logic since currently I’m functioning in a CIFS and NFS environment under the “internal” option.

thanks

Sorry for the incorrect label, I'm a newbie to this.

GidonMarcus · ‎2015-11-17

internal = useradmin commands (saved internally in a db)

nsswitch.conf look like the following, and defines the order of search for each entity. "Files" refer to a filename in etc with same name as the configuration title. /etc/hosts for 'hosts:, /etc/passwd to 'passwd:'

filer*> rdfile /etc/nsswitch.conf
#Auto-generated by setup Sat Mar 24 10:02:44 GMT 2012
hosts: files       nis     dns
passwd: files      nis     ldap
netgroup: files    nis ldap
group: files       nis     ldap
shadow: files      nis
filer*>

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

View solution in original post

GidonMarcus · ‎2015-11-15

HI,

internal means for the users configured with the context of "useradmin" command.

nsswitch refer to all the external (files, name & directory services).

Gidi

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

InvalidCharacter · ‎2015-11-16

Thanks Gidi,

But according to TR-3490, NetApp Storage System Multiprotocol User Guide, in the nsswitch.conf the "files" option refers to "local files", hence my question about what is "internal" on the security.admin.authentication doing that is different than a "files" configuration on the nsswitch.conf?

Al

aborzenkov · ‎2015-11-16

Good question. My understanding is, "files" refers to /etc/passwd, and users added by useradmin are kept elsewhere (directly in registry). But I love to be proved correct (or wrong 🙂 )

GidonMarcus · ‎2015-11-17

internal = useradmin commands (saved internally in a db)

nsswitch.conf look like the following, and defines the order of search for each entity. "Files" refer to a filename in etc with same name as the configuration title. /etc/hosts for 'hosts:, /etc/passwd to 'passwd:'

filer*> rdfile /etc/nsswitch.conf
#Auto-generated by setup Sat Mar 24 10:02:44 GMT 2012
hosts: files       nis     dns
passwd: files      nis     ldap
netgroup: files    nis ldap
group: files       nis     ldap
shadow: files      nis
filer*>

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

InvalidCharacter · ‎2015-11-17

Thanks Gidi,

So the security.admin.authentication “internal” is for administrators that can have access to the NetApp and its internal configuration. "Internal" has its account via the “useradmin user add …” command and resides in an internal db.

The security.admin.authentication “nsswitch” can point to the configuration of the /etc/passwd file via “passwd:files”, and is for access to shares/exports and can also point a user to their home directory, such as a designated directory for FTP access.

Is this the gist of it?

Nice explanation of <filename>:files=/etc/<filename> in nsswitch.conf.

Al