Solved: Re: Add domain user to predefined group Adminstrators

USER_2000 · ‎2015-07-07

I have added my user to the predefined group of Administrators:

useradmin domainuser add smith -g Administrators

The command completed successfully: Domain User <smith> successfully added to Administrators.

Then I tried to login with ssh to the Filer with usrname smith, but access is denied. Why?

Thank you,

Andreas

rwelshman · ‎2015-07-07

it might be treating smith as a local user during log in. Can you try logging in with "domain\userid"?

View solution in original post

rwelshman · ‎2015-07-07

it might be treating smith as a local user during log in. Can you try logging in with "domain\userid"?

mbeattie · ‎2015-07-07

Hi Andreas,

Have you setup authorized keys for the user to enable you ssh to controller?

https://kb.netapp.com/support/index?page=content&id=1010841&locale=en_US&access=s

If so and this is not working have you checked if you can login to console as the domain user? EG:

login as: testlab\User1
testlab\User1@testns01's password:

TESTNS01> useradmin domainuser list -g Administrators
List of SIDS in Administrators
S-1-5-21-2023032884-559416622-1423020307-500
S-1-5-21-3150332139-2813398079-754052488-512
S-1-5-32-544
S-1-5-21-3150332139-2813398079-754052488-1110

For more information about a user, use the 'cifs lookup' and 'useradmin user list' commands.
TESTNS01> cifs lookup S-1-5-21-3150332139-2813398079-754052488-1110
name = TESTLAB\User1

Verify the users SID and sAMAccountName in AD.

C:\>dsquery user -samid user1 | dsget user -samid -sid
samid sid
User1 S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

When setting up authorized keys for SSH access consider the case of the username.

EG "User1" in AD (uppercase first letter) is not "user1" in ONTAP (lowercase first letter)

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.