Re: Is it possible to replace user lookup in /etc/passwd by ldap (7-Mode)?

USER_2000 · ‎2019-07-04

We urgently needed some storage, so I decided to reinstall an old Netapp FAS2240-4 with Ontap 8.2.5 in 7-Mode. I do not have any newer licenses and there is no support for this FAS anymore.

I have configured the FAS for access with CIFS and NFS in an Active Directory Domain. I created a volume with NTFS Security Style and I can mount and access it from Windows and NFS, as long as the Unix user is created in the /etc/passwd file on the filer. Since we have Unix information added in our Active Directory, I thought I could use LDAP to retrieve the information that I now have to manuallay add to /etc/passwd, but I can not get it to work. When I set

options ldap.enable on

and remove the user information from /etc/passwd, I get an error like this:

auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: Error in passwd look up of uid 75080 during login from 10.1.3.34

We have attributes uid and uidnumber in AD, which hold the username (which is identical to the samAccountName) and the integer id number of the user. Is it possible to replace lookup of user ids in /etc/passwd by using LDAP?

Here is my configuration:

ldap.ADdomain office.example.com
ldap.base dc=example,dc=com
ldap.enable on
ldap.port 3268
All other values are the default values.

rdfile /etc/nsswitch.conf

hosts: files       nis     dns
passwd: files    nis    ldap
netgroup: files    nis  ldap
group: files    nis     ldap
shadow: files      nis

/etc/usermap.cfg is empty. All Unix usernames are identical to the Windows/AD user names.

Thank you for your help,

Andreas

RajeshPanda · ‎2019-11-05

@USER_2000 Are you still looking for a solution?

Is it possible to replace user lookup in /etc/passwd by ldap (7-Mode)?

NetApp Support Site Wins Silver Stevie® Award

Sign-up for Software Release Notifications!