ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Unable to log in using AD account on.

Linux1987
‎2025-08-04 08:19 PM
1,601 Views

security login create -user-or-group-name domain\group -application ssh -authentication-method domain -role admin.

security login create -user-or-group-name domain\group -application ontapi -authentication-method domain -role admin.

security login create -user-or-group-name domain\group -application http -authentication-method domain -role admin. 

 

For the user-or-group name should I use the Admin SVM or Data SVM ? 

For vserver active-directory create -vserver should I use Admin SVM or Data SVM ? 

0 Kudos
1 ACCEPTED SOLUTION

TMACMD
NetApp A-Team
‎2025-08-05 03:37 PM
1,463 Views

Not sure but there are likely hundreds of fixes and firmware updates that you are missing. I’d update and try again first

View solution in original post

0 Kudos
12 REPLIES 12

Sanaman
‎2025-08-04 08:36 PM
1,597 Views

If your user is cluster wide admin, then vserver=cluster_name 

If you user is vserver (vsadmin) then vserver=svm_name

0 Kudos

Linux1987
‎2025-08-04 10:20 PM
1,580 Views

Let's say my cluster name is letos, the domain name is netapp.los, and the Active Directory group name is red.

I ran the following commands to create logins for the group:

security login create -user-or-group-name NETAPP\red -vserver letos -application ssh -authentication-method domain -role admin
security login create -user-or-group-name NETAPP\red -vserver letos -application ontapi -authentication-method domain -role admin
security login create -user-or-group-name NETAPP\red -vserver letos -application http -authentication-method domain -role admin

After that, when I run the command:

vserver active-directory create -vserver <TAB>
I don’t see letos or an option that looks like the admin vserver for my cluster. Instead, I see other vsadmin users listed. I'm unsure which one to select for this step. How do I identify the correct vserver to use when joining the domain?

0 Kudos

TMACMD
NetApp A-Team
‎2025-08-05 03:32 AM
1,558 Views

In order to create the Active Directory svm in the admin svm you must be on 9.16 or higher. Anything earlier than 9.16 you must create the Active Directory (or cifs) svm in a data svm and then create a domain tunnel ( security login domain-tunnel create -vserver xxxx)

0 Kudos

Linux1987
‎2025-08-05 05:57 AM
In response to TMACMD
1,541 Views

I'm running NetApp ONTAP version 9.16. 

#security login create -vserver letos -user-or-group-name netapp\red -application http -authmethod domain -role admin
#security login create -vserver letos -user-or-group-name netapp\red -application ontapi -authmethod domain -role admin
#security login create -vserver letos -user-or-group-name netapp\red -application ssh -authmethod domain -role admin
#vserver active-directory create -vserver ras -account-name ras-gx -domain NETAPP.los -ou 'OU=NetApp Servers,DC=leos,DC=eos'

After running these commands, I'm unable to log in with my Active Directory account (netapp\red) and receive an error. What could I be missing?

0 Kudos

TMACMD
NetApp A-Team
‎2025-08-05 09:45 AM
In response to Linux1987
1,504 Views

You are mixing vservers

 the user accounts are being created in vserver letos and the active-directory svm is being created in ras

 

 Which is the admin svm?

 You create the users in the admin svm. 
you create the Active Directory in the admin svm

 

 that’s likely your issue

0 Kudos

Linux1987
‎2025-08-05 11:20 AM
In response to TMACMD
1,495 Views

The admin SVM (Cluster) is named letos. 

when I try to run: vserver active-directory create -vserver letos it doesn’t work for me that's why I was trying to use ras(Data SVM). 

0 Kudos

TMACMD
NetApp A-Team
‎2025-08-05 11:43 AM
In response to Linux1987
1,491 Views

Are you SURE you are on 9.16? Every install I have done, with 9.16, this has worked without incident.

If you want to keep what you have: 

 

security login domain-tunnel create ras

 

That will allow the admin SVM to tunnel through. If it is 9.16 and it is NOT working, something may be blocking you. Has anyone turned on any kind of Role-based access control? You may wish to open a ticket to correct.

verify: version

 

 

0 Kudos

Linux1987
‎2025-08-05 02:51 PM
In response to TMACMD
1,478 Views

Yes, I’m running version 9.16.1RC1. I’ll verify the role-based access and provide an update tomorrow.

0 Kudos

TMACMD
NetApp A-Team
‎2025-08-05 03:19 PM
1,472 Views

OMG. please please update

 9.16.1P6 is and has been out for a little while. Please get off the release candidate code!

0 Kudos

Linux1987
‎2025-08-05 03:35 PM
In response to TMACMD
1,467 Views

Haha, I'll update it first thing in the morning. Does the update fix the issue I was experiencing?

0 Kudos

TMACMD
NetApp A-Team
‎2025-08-05 03:37 PM
1,464 Views

Not sure but there are likely hundreds of fixes and firmware updates that you are missing. I’d update and try again first

0 Kudos

Linux1987
‎2025-08-05 04:03 PM
In response to TMACMD
1,461 Views

Got it. I’ll update to that version and see if it resolves the issue. If it does, I’ll share the solution here for others. Thank you!

0 Kudos
All Community Forums
Public