Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

TR-4513 Security Hardening Guide, 4.11 - "admin_ssh" role preventing HTTP access?

SMLocke

This is super specific, but I wonder if any of you folks have some insight into this.

 

The subject TR calls for creating a role called admin_ssh that is basically like the admin role, but restricts access to the service processor commands, like so:

 

cluster::> security login role create -role admin_ssh -cmddirname DEFAULT -access all -vserver <cluster SVM> 
cluster::> security login role create -role admin_ssh -cmddirname "system service-processor" -access none -vserver <cluster SVM>

 

I did this, and changed a user from admin to admin_ssh for all login methods, including ssh, http, and ontapi.

 

Prior to the change, the user was able to log in to OnCommand System Manager as per normal. After the change, the user cannot log in to OnCommand System Manager at all. All attempts result in an "invalid credentials" type message. Reverting the change results in the ability to log in to OCSM normally once more.

 

Any chance this is a bug? Worth filing a ticket to support?

 

 

1 ACCEPTED SOLUTION

Jeff_Yao

looks like u need to enable the access for system manager. use below cmd:

vserver services web access create -vserver vserver_name -name sysmgr -role role_name

hopefully helps

View solution in original post

2 REPLIES 2

Jeff_Yao

looks like u need to enable the access for system manager. use below cmd:

vserver services web access create -vserver vserver_name -name sysmgr -role role_name

hopefully helps

View solution in original post

SMLocke

That did the trick, brother, thanks!

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public