ONTAP Discussions
ONTAP Discussions
We utilize an authentication source that produces passwd and netgroup files for unix based authentication. We are currently manually importing the files via the following commands from the ontapp console:
vserver services name-service unix-user load-from-uri -vserver <vserver> -uri <path to file>
vserver services name-service unix-group load-from-uri -vserver <vserver> -uri <path to file>
I would like to automate this process in some form, but so far I have not been able to comeup with a solution. Looking for any thoughts. REST, local scripts that can be scheduled...etc.....
Hi there! There is an API endpoint, detailed at https://docs.netapp.com/us-en/ontap-restapi/ontap/name-services_unix-users_endpoint_overview.html#creating-a-unix-user-configuration-with-all-fields-s...- however it looks like you'd need to develop something to retrieve a list of users and then update/delete as necessary.
Another option would be to just CLI passthrough to the same command you're using now - https://docs.netapp.com/us-en/ontap-restapi//ontap/getting_started_with_the_ontap_rest_api.html#Tagging_Resources_for_Tracking_Purposes:~:text=4d37%2D... - but it is not the recommended way to do things.
And finally, the most old-school way would be to setup SSH key authentication and run the command whenever the passwd/group file is detected as updated - https://docs.netapp.com/us-en/ontap/system-admin/access-cluster-ssh-task.html - but there are security risks inherent here
Hope this helps!
Thank you for the information. I should have been a little more discriptive. We are not using local accounts, but loading them from a file:
Option 1: API Endpoint: Call: https://XXX/api/name-services/unix-users/<UID of SVM>
Returns:
"error": {
"message": "Cannot display the UNIX users because file-only configuration is enabled. Use the CLI to view the UNIX user file.",
"code": "1264685"
}
B: CLI passthough. Same thing, no opttion for the file loaded users: error:
Cannot display the UNIX users because file-only configuration is enabled. "Use the CLI to view the UNIX user file"
Looks like Passthrough might be the only option.
Quite likely. Or you could look at setting up NIS or NIS+.. although it's now 2025 and I can't believe I'm suggesting that 😉
I agree, our security department went back in time on an authentication provider.