Customer want to use AD ldap for cluster admin login follow KB https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_configure_LDAP_Authentication_for_Cluster_(Admin)_SVM but failed. Customer exist AD ldap auth Hitachi storage admin login no problem, they did not want to use CIFS tunnel.
I test KB in my simulator still failed with below setting.
- schema copy AD-IDMU to AD-IDMU-lab and change groupOfUniqueNames, uniqueMember and Name Mapping windowsAccount
- setup ldap client as below
- modify name-services as below
- test UNIX credentials are pulled correctly from Windows AD LDAP
- check the ldap status no problem
- security login account add in cluster
- Install Identity Management for UNIX, Server for NIS and Password Synchronization
- reset hvadmin password trigger password synchronization, the unixUserPassword update
- try login ssh display "Access denied" or system manager and display "Sign In Failed. Please verify Username and Password."
- when login with hvadmin, wireshark display it will query ldap but event log not much info troubleshoot
See The Solution
I found the problem, Windows AD Schema did not allow search unixUserPassword, change below problem fixed.
ADSI editior > select a well known naming context > Schema > OK > searchFlags Attribute for CN=unixUserPassword change default 128 to 0right click Schema > Update Schema Now
View solution in original post
Join our Discord Community