We realized that we are not able to connect to one of the the 2 Controllers with a Windows Client on a FAS2240-2 / NetApp Release 8.2.5P3 7-Mode . Checking the connection via port 445 showed that 445 on controller one is not open, even if the CIFS configuration was performed with success. Is there a way to check open Ports and also a way to open them if needed ?
... View more
We are relatively new to netapp on tap and have been trying to configure LDAP (FreeIPA LDAP) on the ONTAP 9.8 simulator to allow LDAP users to login to the admin ssh. So far we have followed this documentation to create the client config and associate it with the cluster server, adding the addition auth methods to the ns-switch configuration, and adding the user to the security login configuration with the ldap application and nsswitch auth method. https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-adm-auth-rbac%2FGUID-21B12DB3-AE7D-447C-A9AC-77D7D260685A.html&lang=en However we still are unable to authenticate with an ldap user to a ssh session to the management port. This is what the event log shows: 4/10/2021 00:42:43 node-01 NOTICE sshd.auth.loginDenied: message="Failed keyboard-interactive / pam for testuser1 from 172.16.239.1 port 53673 ssh2 "
4/10/2021 00:38:28 node-01 DEBUG secd.unexpectedFailure: vserver (Cluster) Unexpected failure. Error: Ldap Get full user info procedure failed
**[ 0] FAILURE: 'Ldap' configuration not available Client Configuration, check, nsswitch and security login: node::vserver services name-service ldap> show
Client
Vserver Configuration
-------------- -------------
node node
node::vserver services name-service ldap client> show
Client LDAP Active Directory Minimum
Vserver Configuration Servers Domain Schema Bind Level
------- ------------- --------------- ----------------- ----------- ----------
node node 172.16.239.12 - RFC-2307 simple
node::vserver services name-service ldap> check -vserver node
Vserver: node
Client Configuration Name: node
LDAP Status: up
LDAP Status Details: Successfully connected to LDAP server "172.16.239.12".
LDAP DN Status Details: All the configured DNs are available.
node::security login> show
Vserver: node
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
admin console password admin no none
admin http password admin no none
admin ontapi password admin no none
admin service-processor
password admin no none
admin ssh password admin no none
autosupport console password autosupport no none
testuser1 ssh nsswitch admin - none
node::vserver services name-service ns-switch> show
Source
Vserver Database Order
--------------- ------------ ---------
node hosts files,
dns
node group files
node passwd files,
ldap
svm0 hosts files,
dns
svm0 group files
svm0 passwd files
svm0 netgroup files
svm0 namemap files
8 entries were displayed. running the access-check it certainly appears that it can query for the user and get the correct response (verified with ldapsearch on the ldap server). node::vserver services*> access-check authentication show-ontap-admin-unix-creds -vserver node -unix-user-name testuser1
User Id: 1896000001
Group Id: 1896000001
Home Directory:
Login Shell: /bin/sh We are wondering if the default schema RFC 2307 supports the FreeIPA centos 8 identity manager default configuration, or if we need to specify specific LDAP attributes for it to use during authentication... Any help or suggestions are appreciated
... View more
Hi Folks, Is there any specific user guide to configure NDMP with veritas netbackup 8.3. I have already gone through all sort of documentation on netapp. Can some one answer my below questions. We have AFF400 for which i have LACP 2 ports (e0f/e0h as a0b) which are of 10Gb each and created separate broadcast domain. Does LACP works on the NDMP backup with veritas? 1. I have currently tapes drives configured with Hitachi NAS now, can we use the same tape drives to configure NDMP on netapp. Will there be any issues or errors with current tape drives which is working fine on HNAS? If so how exactly the zoning should be done ( Tape Drives and Netapp ports zoning since i use LACP can i add both the ports on each node and make one zone per node). Is this the correct way ? 2. Is it mandatory to create intercluster LIF's? 3. LIF assigned should be in the same IP range as the backup network? 4. Any requirement that we should use Accelerator for NDMP from Netbackup ? PS:-- For NetApp filers, Accelerator for NDMP supports only the DUMP format. Consult your NetApp documentation for specific details about its DUMP format. prod prod-01_mgmt1 up/up 10.10.50.100/24 prod-01 e0M true prod-02_mgmt1 up/up 10.10.50.102/24 prod-02 e0M true cluster_mgmt up/up 10.10.50.103/24 prod-01 e0M true vserver1 datalif10 up/up 10.10.100.20/24 prod-01 a0a true vserver2 datalif20 up/up 10.5.197.61/24 prod-02 a0a true Appreciate your help.
... View more
We are currently using SVM-DR to replicate data in our environment. I notice every time when we run snapmirror resync, storage efficiency is re-enabled on all target volumes even if storage efficiency is disabled manually before the resync. This is causing SE process on target volumes to start after each snapmirror update and eventually SE will error out before next the snapmirror update. EMS log also fills up with the same error repeatedly. Has anyone experiencing this issue in their environment ? Sun Nov 01 23:10:30 -0500 {cluster_nodename: f: sis.chkpoint.restore.failed:error]: SIS operation on the volume '/vol/vol01@vserver' failed to restore from a previous checkpoint. Starting SIS operation from the beginning.
... View more
on Linux NFS file system, you can do "du .snapshots", but this is not the real space of how much SnapShot being used. I can tell on NetApp filers. Is there anyway I can tell on Linux?
... View more
