ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Windows 2016 ldap authentication for cluster administration

chinchillaking
‎2023-01-19 08:17 PM
2,745 Views

Hello,

 

May we know Windows 2016 or above ldap support authentication for cluster administration (not for NAS multiprotocol, just for LDAP auth login Cluster admin?

 

If support, what Attributes must define in Windows 2016 LDAP? e.g. uid, gid, unixhomeDirectory, loginshell, unixUserPassword......

 

appreciate if anyone can provide answer

0 Kudos
1 ACCEPTED SOLUTION

parisi
A-Team Tech Advisor A-Team Tech Advisor
‎2023-01-20 06:52 AM
2,701 Views

Probably way easier to set up a CIFS domain tunnel for this:

https://docs.netapp.com/us-en/ontap/authentication/configure-authentication-tunnel-task.html

 

Otherwise, ONTAP does support LDAP for cluster admin auth, but with Windows LDAP it gets a little tricky due to the password hashes being handled a bit differently. You'll likely have to manually enter a password in the account's unixuserPassword field.

View solution in original post

0 Kudos
5 REPLIES 5

parisi
A-Team Tech Advisor A-Team Tech Advisor
‎2023-01-20 06:52 AM
2,702 Views

Probably way easier to set up a CIFS domain tunnel for this:

https://docs.netapp.com/us-en/ontap/authentication/configure-authentication-tunnel-task.html

 

Otherwise, ONTAP does support LDAP for cluster admin auth, but with Windows LDAP it gets a little tricky due to the password hashes being handled a bit differently. You'll likely have to manually enter a password in the account's unixuserPassword field.

0 Kudos

chinchillaking
‎2023-01-21 01:59 AM
In response to parisi
2,661 Views

Hi Parisi,

 

Thanks for your info, after setup unixuserPassword, it works

0 Kudos

Guedes
NetApp
‎2023-03-04 07:04 PM
In response to chinchillaking
2,403 Views

Hi chinchillaking, please, how you set unixuserPassword?

0 Kudos

chinchillaking
‎2023-03-04 10:38 PM
In response to Guedes
2,379 Views

Hi Guedes,

 

Microsoft deprecation of Identity Management for Unix (IDMU) & NIS Server Role in Windows Server 2016.

 

Use temp Windows 2012 install IDMU, NIS server role and Password Synchronization, then reset temp user password in Windows 2012 AD, it will auto gen unixuserPassword, copy the hex value and recreate in Windows 2016 user account, it work.

Guedes
NetApp
‎2023-03-04 11:57 PM
In response to chinchillaking
2,374 Views

Hi chinchillaking! Thanks for this workaround! I acctually was able to hash by other means:  perl -e 'print crypt("password", "salt"),"\n"'

Just text > hex and then paste the value for the attribute. This site do text > hex:

https://www.rapidtables.com/convert/number/ascii-to-hex.html

It works and don´t need a temp environment to generate those hashed passwords.

0 Kudos
Announcements
All Community Forums
Public