ONTAP Discussions

ad authentication with 8.3 problem

peter65
2,828 Views

Hi I have a 2 node cluster running one SVM with CIFS and NFS protocols with 8.3P1. I am trying to provide readonly access to a domain account however when the user logs in he will get an error displaying:

the server (displays cluster mgmt ip here)  at remote administration API support requires a username and password.

 

He entered it as domainname\username and his password and still no go.

 

This is what I did on the storage side:

 

enabled the tunnel 

then provided user with readonly access to cluster
security login create -vserver <name_of_cluster> -user domain\username -application http -authmethod domain -role readonly

 

I also performed the same command on the SVM as well and still no go. Any other hints tips or tricks?

3 REPLIES 3

peter65
2,814 Views

Argh I forgot  I have to add additional roles as well such as "ontapi". So I added http and ontapi with the role of 'readonly' and was able to login via the url. i tested by attempting to create and delet things and i got the message pop up saying i needed additional privs. so i suppose i solved it..  Unles sthere is something else I forgot..?

 

 

 

hadrian
2,769 Views

Hi Peter,

 

You are absolutely on the right track.  

 

When you mentioned "login via the url" - what URL is this read-only user attempting to reach?

 

Hadrian

peter65
2,743 Views

the url i am referring to is to the cluster_mgmt

 

http://cluster_name_here

 

or

 

https://cluster_name/sysmgr/SysMgr.html

 

Basically the cluster management lif

Public