Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I try to connect via HTTP as part of this Ansible task:
- name: Get LUNs
netapp.ontap.na_ontap_rest_info:
hostname: '{{ ontap_host }}'
cert_filepath: '{{ ontap_crt }}'
key_filepath: '{{ ontap_key }}'
gather_subset:
- 'storage/luns'
fields:
- 'comment'
https: True
validate_certs: False
register: lun_info
but receive:
Error using REST for version, error: {'code': '6691623', 'message': 'User is not authorized.'}.
The user and role should be configured correctly:
fc-netapp::> security login show -user-or-group-name orchestrator
Vserver: fc-netapp
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
orchestrator http cert georg_dev - none
Vserver: vs_wilde
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
orchestrator http cert georg_dev - none
2 entries were displayed.
fc-netapp::> security login rest-role show -role georg_dev
Role Access
Vserver Name API Level
---------- ------------- ------------------- ------
fc-netapp georg_dev /api/cluster all
/api/cluster/ all
vs_wilde georg_dev /api/storage all
/api/storage/ all
4 entries were displayed.
A second user using username/passphrase authentication is able to connect using this role, only this new certificate based user won't work. I configured it according to https://netapp.io/2020/06/25/cert4uid-pswd/ and the variables shown above reference the respective certificate/key pair.
What could I be missing?
Thanks for any ideas!
Solved! See The Solution
1 ACCEPTED SOLUTION
Drew_C has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
certname should be same in cert create and install commands and also in login account creation step.
[linux ~]$ openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout name.key -out name.pem -subj “/C=US/ST=NC/L=RTP/O=NetApp/CN=cert_user”
security certificate install -type client-ca -cert-name cert_user -vserver <cluster short name>
security login create -user-or-group-name cert_user -application ontapi -authentication-method cert
security login create -user-or-group-name cert_user -application http -authentication-method cert
In https://netapp.io/2020/06/25/cert4uid-pswd/ cert is created for cert_user but admin user is configured in ontap.
but david warn about user
For the CN=cert_user this needs to be the user that will be connecting, so for admin again it would be CN=admin.
1 REPLY 1
Drew_C has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
certname should be same in cert create and install commands and also in login account creation step.
[linux ~]$ openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout name.key -out name.pem -subj “/C=US/ST=NC/L=RTP/O=NetApp/CN=cert_user”
security certificate install -type client-ca -cert-name cert_user -vserver <cluster short name>
security login create -user-or-group-name cert_user -application ontapi -authentication-method cert
security login create -user-or-group-name cert_user -application http -authentication-method cert
In https://netapp.io/2020/06/25/cert4uid-pswd/ cert is created for cert_user but admin user is configured in ontap.
but david warn about user
For the CN=cert_user this needs to be the user that will be connecting, so for admin again it would be CN=admin.
