ONTAP Discussions

NetApp LDAP hashes

SNAKE2000
3,294 Views

Hi,

I've configured NetApp with LDAP as I found in the TR-3464. I can login into the NetApp through LDAP correctly. The problem starts when a user with the SHA password hash try to login; he doesn't. Only can login if the password is stored with CRYPT hash.

Is possible to login with another password hashes? Are there any netapp configuration I forgot?

Thanks.

2 REPLIES 2

clilescapario
3,294 Views

Hi David,

I never checked into the different hashes, but I can tell you that I encountered the same problem, and my directory uses SSHA1 as the password hash. While not optimal, I worked around it by using ssh keys for each user stored in ldap. In a nutshell the ssh key is the authentication and ldap is used for authorization.

It would be awesome is someone from netapp could help clarify this.

clilescapario
3,294 Views

Yes I can confirm that CRYPT will work!!

Would love to see an update that supports SSHA, since this has been a defacto hashing standard in a few directories for some time.

What is super important that whatever administrative username you are using needs to have the ability to read the password hash attribute. You can easily test to see if you have the permissions to the password attribute with getXXbyYY.

filer9*>  getXXbyYY getpwbyname_r gunn
pw_name = gunn
pw_passwd = saltsaltABCDEF
pw_uid = 1000, pw_gid = 1000
pw_gecos = Paul gunn
pw_dir = /home/gunn
pw_shell = /bin/bash

If you don't have the correct permissions, the pw_passwd will always show up as pw_passwd = {{******}}


--

Chris

Public