HI there we just testing widelinks in conjunction wit abe enable shares. As soon we enable ABE, the access to widelink relocate does not work anymore. Error "Windows cannot access \\blabla\bla. Has anybody sucessful implemented widelink with ABE enabled shares?
... View more
I have an ifgrp created as follows where it is being connected to a Cisco Nexus using VPC, I would like to know what the balancing method should be configured in the Nexus LACP, understanding that it must be the same as this one in the Netapp "Port" put on Nexus several options of "port" causing me confusion for which the correct to ask the network team. ifgrp create -node <node> -ifgrp a0a -distr-func port -mode multimode_lacp
... View more
We have a source a a destination cluster. Both clusters have a single intercluster lif for each node as of now. They have existing cluster peers with some other existing clusters. We want to setup cluster peer between these two but we want to use new interfaces. We have a stretched L2 connectivity between the two and we want to utilize that. What would be the best approach to make sure that intercluster traffic between the two goes through the new lifs that we create and does not use the existing lifs. Both can reach each other on existing lifs as well.
... View more
on Linux NFS file system, you can do "du .snapshots", but this is not the real space of how much SnapShot being used. I can tell on NetApp filers. Is there anyway I can tell on Linux?
... View more
We are relatively new to netapp on tap and have been trying to configure LDAP (FreeIPA LDAP) on the ONTAP 9.8 simulator to allow LDAP users to login to the admin ssh. So far we have followed this documentation to create the client config and associate it with the cluster server, adding the addition auth methods to the ns-switch configuration, and adding the user to the security login configuration with the ldap application and nsswitch auth method. https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-adm-auth-rbac%2FGUID-21B12DB3-AE7D-447C-A9AC-77D7D260685A.html&lang=en However we still are unable to authenticate with an ldap user to a ssh session to the management port. This is what the event log shows: 4/10/2021 00:42:43 node-01 NOTICE sshd.auth.loginDenied: message="Failed keyboard-interactive / pam for testuser1 from 172.16.239.1 port 53673 ssh2 "
4/10/2021 00:38:28 node-01 DEBUG secd.unexpectedFailure: vserver (Cluster) Unexpected failure. Error: Ldap Get full user info procedure failed
**[ 0] FAILURE: 'Ldap' configuration not available Client Configuration, check, nsswitch and security login: node::vserver services name-service ldap> show
Client
Vserver Configuration
-------------- -------------
node node
node::vserver services name-service ldap client> show
Client LDAP Active Directory Minimum
Vserver Configuration Servers Domain Schema Bind Level
------- ------------- --------------- ----------------- ----------- ----------
node node 172.16.239.12 - RFC-2307 simple
node::vserver services name-service ldap> check -vserver node
Vserver: node
Client Configuration Name: node
LDAP Status: up
LDAP Status Details: Successfully connected to LDAP server "172.16.239.12".
LDAP DN Status Details: All the configured DNs are available.
node::security login> show
Vserver: node
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
admin console password admin no none
admin http password admin no none
admin ontapi password admin no none
admin service-processor
password admin no none
admin ssh password admin no none
autosupport console password autosupport no none
testuser1 ssh nsswitch admin - none
node::vserver services name-service ns-switch> show
Source
Vserver Database Order
--------------- ------------ ---------
node hosts files,
dns
node group files
node passwd files,
ldap
svm0 hosts files,
dns
svm0 group files
svm0 passwd files
svm0 netgroup files
svm0 namemap files
8 entries were displayed. running the access-check it certainly appears that it can query for the user and get the correct response (verified with ldapsearch on the ldap server). node::vserver services*> access-check authentication show-ontap-admin-unix-creds -vserver node -unix-user-name testuser1
User Id: 1896000001
Group Id: 1896000001
Home Directory:
Login Shell: /bin/sh We are wondering if the default schema RFC 2307 supports the FreeIPA centos 8 identity manager default configuration, or if we need to specify specific LDAP attributes for it to use during authentication... Any help or suggestions are appreciated
... View more