The community will be undergoing maintenance soon, requiring Read-Only mode. Click to learn more.

ONTAP Recipes

ONTAP Recipes: Easily manage NetApp Storage with your corporate (NIS or LDAP) login credentials


ONTAP Recipes:  Did you know you can…?


Easily manage NetApp Storage with your corporate (NIS or LDAP) login credentials


This recipe will help you setup NetApp Storage admin accounts that are based on your current login accounts served by your corp LDAP or NIS Directory server. Such users can login to ONTAP for management access, using the same credentials that allow them to access the corporate network.




  1. Pre-conditions:

     a. Ensure that the required network settings [ipaddr, netmask, route, DNS] are in place and the NIS/LDAP server is reachable      from the interface(s) configured for the SVM  [administrative and/or data SVM]


    b. Ensure that the directory server [LDAP/NIS] is configured for the SVM


    c. Ensure that the lookup for password database in the name services’ ns-switch settings for the SVM, includes the NIS/LDAP as         source and is in the preferred order for lookup


    d. The ONTAP user account to be created has to be a valid user account defined at the NIS/LDAP directory server


2. Create the admin account in ONTAP choosing appropriate application protocol [http, console, ssh etc] and choose the authentication method as “nsswitch”


Example: Creating the user “user_nis_ssh” for SSH application with “admin” role privileges for cluster SVM “cluster-1_2” specifying the source of authentication as NIS server.


  a. Create the ONTAP user account in the security login table choosing the application, authentication method, role and SVM

  Cluster-1_2::> security login create -user-or-group-name user_nis_ssh -authentication-method nsswitch -application ssh -role         admin -vserver Cluster-1_2


 b. Verify the user is created for the SVM

  Cluster-1_2::> security login show


Vserver: Cluster-1_2


User/Group                                Authentication                      Acct  

Name            Application           Method            Role Name    Locked

--------------     -----------                -------------     ------             --------

admin             console                    password      admin          no

admin              http                         password      admin          no

admin              ontapi                     password      admin          no

admin              service-processor   password      admin         no

admin              ssh                          password      admin          no

user_nis_ssh   ssh                          nsswitch        admin          -     


c. Verify the login from a client machine using the created user’s credentials


Client-host-machine>ssh ssh user_nis_ssh@ Cluster-1_2


Cluster-1_2::> security login whoami

User: user_nis_ssh

Role: admin


Note: Often, authentication does not work as expected due to incomplete/wrong name-services configuration. Ensure you have the right DNS, NIS/LDAP, ns-switch settings.


For more information, see the ONTAP 9 documentation center





Thanks for sharing this information.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner