ONTAP Discussions

ad authentication with 8.3 problem


Hi I have a 2 node cluster running one SVM with CIFS and NFS protocols with 8.3P1. I am trying to provide readonly access to a domain account however when the user logs in he will get an error displaying:

the server (displays cluster mgmt ip here)  at remote administration API support requires a username and password.


He entered it as domainname\username and his password and still no go.


This is what I did on the storage side:


enabled the tunnel 

then provided user with readonly access to cluster
security login create -vserver <name_of_cluster> -user domain\username -application http -authmethod domain -role readonly


I also performed the same command on the SVM as well and still no go. Any other hints tips or tricks?


Re: ad authentication with 8.3 problem


Argh I forgot  I have to add additional roles as well such as "ontapi". So I added http and ontapi with the role of 'readonly' and was able to login via the url. i tested by attempting to create and delet things and i got the message pop up saying i needed additional privs. so i suppose i solved it..  Unles sthere is something else I forgot..?




Re: ad authentication with 8.3 problem


Hi Peter,


You are absolutely on the right track.  


When you mentioned "login via the url" - what URL is this read-only user attempting to reach?



Re: ad authentication with 8.3 problem


the url i am referring to is to the cluster_mgmt








Basically the cluster management lif

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums