ONTAP Discussions

Vserver Login in c-mode

raovolvoadmin
20,291 Views

Hi All,

As per the document,Vserver Magament IP should be created for login  to  the Vserver.How to create this Vserver Mgmt IP?.While creating the Vserver,it's not asking any IP address.

--------------------------

UNIX or Linux operating

system

Enter the following command from the client application:

ssh vserver_admin_name@vserver_ip_address

vserver_admin_name is the user name.

vserver_ip_address is the management IP address of the Vserver.

Regards,

Rao

14 REPLIES 14

parisi
20,225 Views

You create a management LIF in the vserver and specify the data protocol to "none."

parisi
20,225 Views

raovolvoadmin
20,225 Views

Hi,

I have created the MgmgLIF

Clu1::> network interface create -vserver  DataServe02 -lif lifmgmt -role data -data-protocol none -home-node Clu1-01 -home-port e0c -address  192.168.xx.xxx -netmask 255.255.255.0  -status-admin up -failover-policy nextavail -firewall-policy mgmt

security login password -vserver DataServe02 -username vsadmin1

DataServe02

            lif02        up/up    192.168.xx.xxx/24  Clu1-01       e0c     false

            lifmgmt      up/up    192.168.xx.xxx/24  Clu1-01       e0c     true

Still i m not able ot login to vserver using the above IP address:-(.

Regard

rao.

parisi
20,225 Views

Try setting the password for and unlocking vsadmin. Then login using vsadmin.

Example:

::> security login unlock -username vsadmin -vserver nfs

Error: command failed: Use the "security login password" command to set the

       password before unlocking the user account.

::> security login password -username vsadmin -vserver nfs

Enter a new password:

Enter it again:

::> security login unlock -username vsadmin -vserver nfs

Once you have the vsadmin, login via SSH using vsadmin@vs_mgmt_lif.

raovolvoadmin
20,224 Views

Perfect.that's works.Thanks for help:-)

Regards

Rao.

avamaruser
20,224 Views

Hello,

I'm having some SSH issues to my vserver as well. I have unlocked the user account vsadmin by resetting the password and created a management LIF which i am attempting to SSH to. However upon providing the correct username/password in PuTTY, the session is immediately killed/rejected. Are there other configurations that need to be setup in order to enable SSH on the vserver?

Note: the vsadmin user has ontapi and ssh applications enabled already and set to authentication: password.

Thanks in advance!

Jeff

parisi
20,224 Views

Automatic session closure suggests there may be a network connectivity issue.

What firewall policy does the vsmgmt LIF have assigned to it?

::> net int show -vserver [vs0] -lif [vsmgmt] -fields firewall-policy

If your policy is anything other than mgmt, change it.

::> net int modify -vserver [vs0] -lif [vsmgmt] -firewall-policy mgmt

If that doesn't address your issue, try to migrate the LIF to another node in the cluster and re-try the SSH session.

::> net int migrate -vserver [vs0] -lif [vsmgmt] -destination-node [new-node] -destination-port [port]

avamaruser
20,224 Views

Hello thanks for the response!

I checked the firewall policy of that LIF and it says 'mgmt'. I have a 2-node cluster and have tried different ports on both nodes with no luck with the ssh session.

parisi
20,224 Views

Are you able to SSH to other vservers or to the cluster itself?

Are you sure you unlocked vsadmin? This line makes me think maybe you didn't:

"I have unlocked the user account vsadmin by resetting the password"

Resetting the password doesn't unlock the account. This does:

::> security login unlock -username vsadmin -vserver [vserver]

Check if it's unlocked with:

::> security login show vsadmin

When I lock the vsadmin account, I get instant disconnection as well:

::*> security login lock -username vsadmin -vserver flexvol

::*> net int show -vserver flexvol -lif vsmgmt -fields address

  (network interface show)

vserver lif    address     

------- ------ ------------

flexvol vsmgmt 10.63.57.240

When I try it from a terminal on my Mac, it tells me it's locked:

$ ssh vsadmin@10.63.57.240

The authenticity of host '10.63.57.240 (10.63.57.240)' can't be established.

RSA key fingerprint is 7f:e7:c3:64:dd:f6:0a:8e:6a:f3:8d:a0:2e:9e:a8:ce.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '10.63.57.240' (RSA) to the list of known hosts.

Password:

Error: Account currently locked. Contact the storage administrator to unlock it.

Connection to 10.63.57.240 closed.

avamaruser
13,715 Views

Hello thanks for the reply. I was able to solve my problem, and ill explain how below. Prior to the fix i was able to log into the cluster management but not any of the other vservers. The users I was attempting to log in with were unlocked.

It turns out that my vservers were set to -ns-switch ldap rather than file. As soon as I switched it to file, it was able to authenticate locally.

fas2246-cx::> vserver modify -vserver fas2246-vs1 -ns-switch file

fas2246-cx::vserver> vserver show -vserver fas2246-vs1

                                    Vserver: fas2246-vs1

                               Vserver Type: data

                               Vserver UUID: a930246a-da89-11e3-9584-123478563412

Root Volume: fas2246vs1_root

Aggregate: aggr1_01

Name Service Switch: file

Name Mapping Switch: ldap

NIS Domain: -

Root Volume Security Style: unix

LDAP Client: fas2246-vs1

Default Volume Language Code: en_US.UTF-8

Snapshot Policy: default

Comment:

Antivirus On-Access Policy: default

Quota Policy: default

List of Aggregates Assigned: aggr1_01, aggr1_02,

aggr0_fas2246_cx_01,

aggr0_fas2246_cx_02

Limit on Maximum Number of Volumes allowed: unlimited

Vserver Admin State: running

Allowed Protocols: nfs, cifs, fcp, iscsi, ndmp

Disallowed Protocols: -

            Is Vserver with Infinite Volume: false

QoS Policy Group: -

A side note, if the user isn't able to SSH you can't create NDMP passwords for a vserver aware environment. Which was what i was trying to do as a end result.

Thanks again for the support guys!

parisi
13,715 Views

Thanks for the update. Good find!

CASTROJSEC
13,715 Views

I tried all of these and my putty session is still killed when I try to log into the vserver.  Here are my settings.  I can login as vsadmin thru putty just fine.

aborzenkov
13,715 Views

"San admins" sounds like a group, not a user. Is it correct? Also I'd try with AD user name without spaces first.

parisi
13,715 Views

Good catch. AD groups are not supported currently for cluster administration. Must be an AD user via domain tunnel.

Public