ONTAP Discussions

Vserver Login in c-mode


Hi All,

As per the document,Vserver Magament IP should be created for login  to  the Vserver.How to create this Vserver Mgmt IP?.While creating the Vserver,it's not asking any IP address.


UNIX or Linux operating


Enter the following command from the client application:

ssh vserver_admin_name@vserver_ip_address

vserver_admin_name is the user name.

vserver_ip_address is the management IP address of the Vserver.




Re: Vserver Login in c-mode


You create a management LIF in the vserver and specify the data protocol to "none."

Re: Vserver Login in c-mode


Re: Vserver Login in c-mode



I have created the MgmgLIF

Clu1::> network interface create -vserver  DataServe02 -lif lifmgmt -role data -data-protocol none -home-node Clu1-01 -home-port e0c -address  192.168.xx.xxx -netmask  -status-admin up -failover-policy nextavail -firewall-policy mgmt

security login password -vserver DataServe02 -username vsadmin1


            lif02        up/up    192.168.xx.xxx/24  Clu1-01       e0c     false

            lifmgmt      up/up    192.168.xx.xxx/24  Clu1-01       e0c     true

Still i m not able ot login to vserver using the above IP address:-(.



Re: Vserver Login in c-mode


Try setting the password for and unlocking vsadmin. Then login using vsadmin.


::> security login unlock -username vsadmin -vserver nfs

Error: command failed: Use the "security login password" command to set the

       password before unlocking the user account.

::> security login password -username vsadmin -vserver nfs

Enter a new password:

Enter it again:

::> security login unlock -username vsadmin -vserver nfs

Once you have the vsadmin, login via SSH using vsadmin@vs_mgmt_lif.

Re: Vserver Login in c-mode


Perfect.that's works.Thanks for help:-)



Re: Vserver Login in c-mode



I'm having some SSH issues to my vserver as well. I have unlocked the user account vsadmin by resetting the password and created a management LIF which i am attempting to SSH to. However upon providing the correct username/password in PuTTY, the session is immediately killed/rejected. Are there other configurations that need to be setup in order to enable SSH on the vserver?

Note: the vsadmin user has ontapi and ssh applications enabled already and set to authentication: password.

Thanks in advance!


Re: Vserver Login in c-mode


Automatic session closure suggests there may be a network connectivity issue.

What firewall policy does the vsmgmt LIF have assigned to it?

::> net int show -vserver [vs0] -lif [vsmgmt] -fields firewall-policy

If your policy is anything other than mgmt, change it.

::> net int modify -vserver [vs0] -lif [vsmgmt] -firewall-policy mgmt

If that doesn't address your issue, try to migrate the LIF to another node in the cluster and re-try the SSH session.

::> net int migrate -vserver [vs0] -lif [vsmgmt] -destination-node [new-node] -destination-port [port]

Re: Vserver Login in c-mode


Hello thanks for the response!

I checked the firewall policy of that LIF and it says 'mgmt'. I have a 2-node cluster and have tried different ports on both nodes with no luck with the ssh session.

Re: Vserver Login in c-mode


Are you able to SSH to other vservers or to the cluster itself?

Are you sure you unlocked vsadmin? This line makes me think maybe you didn't:

"I have unlocked the user account vsadmin by resetting the password"

Resetting the password doesn't unlock the account. This does:

::> security login unlock -username vsadmin -vserver [vserver]

Check if it's unlocked with:

::> security login show vsadmin

When I lock the vsadmin account, I get instant disconnection as well:

::*> security login lock -username vsadmin -vserver flexvol

::*> net int show -vserver flexvol -lif vsmgmt -fields address

  (network interface show)

vserver lif    address     

------- ------ ------------

flexvol vsmgmt

When I try it from a terminal on my Mac, it tells me it's locked:

$ ssh vsadmin@

The authenticity of host ' (' can't be established.

RSA key fingerprint is 7f:e7:c3:64:dd:f6:0a:8e:6a:f3:8d:a0:2e:9e:a8:ce.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '' (RSA) to the list of known hosts.


Error: Account currently locked. Contact the storage administrator to unlock it.

Connection to closed.

Re: Vserver Login in c-mode


Hello thanks for the reply. I was able to solve my problem, and ill explain how below. Prior to the fix i was able to log into the cluster management but not any of the other vservers. The users I was attempting to log in with were unlocked.

It turns out that my vservers were set to -ns-switch ldap rather than file. As soon as I switched it to file, it was able to authenticate locally.

fas2246-cx::> vserver modify -vserver fas2246-vs1 -ns-switch file

fas2246-cx::vserver> vserver show -vserver fas2246-vs1

                                    Vserver: fas2246-vs1

                               Vserver Type: data

                               Vserver UUID: a930246a-da89-11e3-9584-123478563412

Root Volume: fas2246vs1_root

Aggregate: aggr1_01

Name Service Switch: file

Name Mapping Switch: ldap

NIS Domain: -

Root Volume Security Style: unix

LDAP Client: fas2246-vs1

Default Volume Language Code: en_US.UTF-8

Snapshot Policy: default


Antivirus On-Access Policy: default

Quota Policy: default

List of Aggregates Assigned: aggr1_01, aggr1_02,



Limit on Maximum Number of Volumes allowed: unlimited

Vserver Admin State: running

Allowed Protocols: nfs, cifs, fcp, iscsi, ndmp

Disallowed Protocols: -

            Is Vserver with Infinite Volume: false

QoS Policy Group: -

A side note, if the user isn't able to SSH you can't create NDMP passwords for a vserver aware environment. Which was what i was trying to do as a end result.

Thanks again for the support guys!

Re: Vserver Login in c-mode


Thanks for the update. Good find!

Re: Vserver Login in c-mode


I tried all of these and my putty session is still killed when I try to log into the vserver.  Here are my settings.  I can login as vsadmin thru putty just fine.

Re: Vserver Login in c-mode


"San admins" sounds like a group, not a user. Is it correct? Also I'd try with AD user name without spaces first.

Re: Vserver Login in c-mode


Good catch. AD groups are not supported currently for cluster administration. Must be an AD user via domain tunnel.

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums