ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Login over SSH - missing required capability

rozle_palcar
‎2015-01-21 06:42 AM
7,969 Views

Hello,

 

On one of our systems (FAS2040, DOT 8.1.3) we started to get errors about missing 'login-ssh' capability. Even if we create new user with administrative privileges we can't connect over SSH. Only 'root' and 'administrator' users are capable of connecting to system.

 

Here is overview of one of users with which we have problems:

 

User:

Name: splunkuser
Info:
Rid: 131081
Groups: Administrators

 

Group:

Name: Administrators
Info: Members can fully administer the filer
Rid: 544
Roles: root,admin

 

Roles:

Name:    admin
Info:    Default role for administrator privileges.
Allowed Capabilities: login-*,cli-*,api-*,security-*

 

 

Any ideas what could be problem? I tried to manually add 'login-ssh' role to this and other users, but it is the same. I also tried creating new user, but we hit same issue.

 

On partner node there is the same configuration of users, groups and roles and everything is working ok.

 

 

Best Regards,

Rozle

 

 

0 Kudos
View By:
4 REPLIES 4

MOHIT_FUJITSU
‎2015-01-23 05:29 AM
7,844 Views

First, login directly to the filer and then try SSH from the unix host.

0 Kudos

rozle_palcar
‎2015-01-23 05:41 AM
In response to MOHIT_FUJITSU
7,842 Views

It is the same - looks like it doesn't even recognize password. I am 100% sure password entered was correct, because I changed it with 'passwd' 10s before:

 

[xxx: sshd_2:info]: Failed password for splunkuser from xxxxxxxxxxx port 60446ssh2

 

And when we have login with key, we got:

 

[xxx:useradminx.unauthorized.user:warning]: User 'splunkuser' denied access - missing required capability: 'login-ssh'

 

 

0 Kudos

JGPSHNTAP
‎2015-01-23 07:33 AM
In response to rozle_palcar
7,831 Views

Your splunkuser role is messed up... 

 

You need to follow the splunk document for the app for splunk to make sure that you give it the rights perms for the app to work properly.

Vidhs
‎2017-11-02 02:23 PM
5,366 Views

Noticed the same issue for me too.

 

User created in administrator group couldn't login while it can on the partner node without issues.

 

Upon all comparisions, noticed this change in options for 'security.admin.authentication'

 

 

Not working : security.admin.authentication nsswitch

 

working one : security.admin.authentication internal

 

 

changed this option to internal and could see user loggin in without any issues and resolves the problem.

0 Kudos
All Community Forums
Public