ONTAP Discussions

two-way domain trust?

netappmagic
3,703 Views

I wanted to add Domain B as the trusted domain for Domain A? What steps do I have to go through?

 

1. Create two way trust in Domain A and then Domain B first in Active Directory Domain, right?

2. Use the following command to create the trust on Cluster:

vserver cifs domain name-mapping-search add -vserver vserver_name -trusted-domains FQDN, ...

3. What is the right command to verify?
4. Is there any commands to show if this is one-way or two-way on Cluster, or have to be on AD?

 

Please help in details. Thank you!

4 REPLIES 4

parisi
3,623 Views

You don't really need to do anything in ONTAP to configure a two-way trust. ONTAP discovers the trusts on their own. You can see trusts with:

::> cifs domain trusts show 

 

The domain name-mapping-search command allows you to set preferred trusts:

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-1F2206A7-AE87-4ADC-A75A-198629194B8C.html

 

domain name-mapping commands are also for when you need to map UNIX LDAP users in two different domains. I cover that in TR-4835 on page 54:

 

https://www.netapp.com/us/media/tr-4835.pdf

parisi
3,622 Views

As for what kind of trust it is, you can't run a command in ONTAP to see that. You have to see it from AD.

netappmagic
3,616 Views

I don’t seethe expected trusts domain by running the command below. Is this due to only one way relationship not two, or no any trusts created at all? I was told trust is already created. So, I am confused.

::> cifs domain trusts show 

 Thank you!

parisi
3,613 Views

It should discover it. 

 

If it's not discovering, you can try adding it via the commands you mentioned. Please check the links I posted for more info.

 

If you're still having issues, you may want to open a support ticket.

Public