ONTAP Discussions

Add domain user to predefined group Adminstrators

USER_2000
4,997 Views

I have added my user to the predefined group of Administrators:

 

useradmin domainuser add smith -g Administrators

 

The command completed successfully: Domain User <smith> successfully added to Administrators.

 

Then I tried to login with ssh to the Filer with usrname smith, but access is denied. Why?

 

Thank you,

 

Andreas

1 ACCEPTED SOLUTION

rwelshman
4,956 Views

it might be treating smith as a local user during log in. Can you try logging in with "domain\userid"?

View solution in original post

2 REPLIES 2

rwelshman
4,957 Views

it might be treating smith as a local user during log in. Can you try logging in with "domain\userid"?

mbeattie
4,912 Views

Hi Andreas,

 

Have you setup authorized keys for the user to enable you ssh to controller?

 

https://kb.netapp.com/support/index?page=content&id=1010841&locale=en_US&access=s

 

If so and this is not working have you checked if you can login to console as the domain user? EG:

 

login as: testlab\User1
testlab\User1@testns01's password:

TESTNS01> useradmin domainuser list -g Administrators
List of SIDS in Administrators
S-1-5-21-2023032884-559416622-1423020307-500
S-1-5-21-3150332139-2813398079-754052488-512
S-1-5-32-544
S-1-5-21-3150332139-2813398079-754052488-1110

For more information about a user, use the 'cifs lookup' and 'useradmin user list' commands.
TESTNS01> cifs lookup S-1-5-21-3150332139-2813398079-754052488-1110
name = TESTLAB\User1

Verify the users SID and sAMAccountName in AD.


C:\>dsquery user -samid user1 | dsget user -samid -sid
  samid       sid
  User1    S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

 

When setting up authorized keys for SSH access consider the case of the username.

EG "User1" in AD (uppercase first letter) is not "user1" in ONTAP (lowercase first letter)

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Public