Try adding the user name in your code. No need to set password, just the user.

For example, in perl use the following call:

$s->set_admin_user($user, $pw);

Already trying that:

        $s->set_admin_user("root", "");

Same error.

I thought perhaps it was because we do not have a user explicitly specified in our hosts.equiv file, but adding another line which explicitly specifies root doesn't change anything.

I've tried it on two filers, one running 7.2.2 and one running 7.3P6.

Try this code.. it works for me.

--

Nagendra K

Hmm.... Failed for me, but I did have to make one change, because my test filer doesn't have HTTPS set up. Does it work for you if you use HTTP transport instead of HTTPS?

Yes, it does. I just added the Server IP in /etc/hosts.equiv, then invoked this script without providing user name it worked.

Hosts.equiv file

I tried adding the ip instead of the hostname to the hosts.equiv

file, just in case that was the problem, but got the same result:

<results status="failed" reason="User  does not have capability to invoke API system-get-version." errno="13003"></results>
Failed: User  does not have capability to invoke API system-get-version.

Is there any sort of additional debugging I could enable?

Are logs indicating any errors?

Also, try adding " root" in /etc/hosts.equiv and invoke the script "perl hosts_ontapi_hosts.pl 10.73.69.216 root".

I see this in logs/ems:

<LR d="27Oct2009 13:50:33" n="jackson-960" t="1256669433" id="1250085766/25568" p="4" s="OK" o="api_mpool_00" vf="">
<useradmin_unauthorized_user_1
        username=""
        capability="api-system-get-version"/>
</LR>

Adding " root" to hosts.equiv didn't change anything. It looks like the problem is that it's not picking up the username for some reason. Is there some way to see if it's actually being sent?

It is quite difficult to debug this way. Try using zexplore to check things out. Meanwhile, can you send me the piece of code and the hosts.equiv file that you are using. Let me try that out and get back to you.

I discovered the problem -- the version of the SDK I had was 3.5P1, not 3.5.1. Updating solved the problem.

Hi,

   I am seeing the same problem as the original poster. I have SDK 3.5.1, and I can use the "remsh" command successfully from the same system where the API is failing:

cpafisc8-> sudo remsh cpafisnas1 version
NetApp Release 7.2.5.1: Wed Jun 25 08:55:16 PDT 2008

I have run the script you included (after modifying to HTTP instead of HTTPS) and I get this:

<results status="failed" reason="User  does not have capability to invoke API system-get-version." errno="13003"></results>
Failed: User  does not have capability to invoke API system-get-version.

I have a session logged in to the console and I see this at the time the above failure occurs:

cpafisnas1> Wed Nov  4 16:23:04 PST [cpafisnas1: useradmin.unauthorized.user:warning]: User '' denied access - missing required capability: 'api-system-get-version'

Any help would be appreciated... Do I need to have a license for "HTTP"?

Thanks,

Kevin

Ok, after having found another similar thread (http://communities.netapp.com/thread/4102), I was able to resolve this problem by:

$s->set_style("LOGIN");
$s->set_admin_user("root", "");

This seems wrong to me as the whole reason for having "HOSTS" style is to use hosts.equiv, but since this is working I'm going to use it.

Kevin

Its a bug in ONTAP and it seems to be fixed in ONTAP 7.3.2

Thanks for that input! We are planning to upgrade fairly soon to 7.3.2 so that is good news.

I do have a question, though: if LOGIN works with hosts.equiv, what is the purpose of HOSTS?

Thanks,

Kevin

Is it a bug also that a non-root user can use "LOGIN" type with "root" user and "" password and execute commands?

My script has:

our $s = NaServer->new($filer, 1, 1);
$s->set_style("LOGIN");
$s->set_admin_user("root", "");

And in the auditlog, I see:

Fri Nov  6 09:55:33 PST [cpafisnas1: HTTPPool04:debug]: root:AUTH:error:Login failed for user root from IP 146.27.78.190. reason "User not authenticated"
Fri Nov  6 09:55:33 PST [cpafisnas1: api_mpool_04:debug]: root:API:in:<?xml version='1.0' encoding='utf-8' ?><!DOCTYPE netapp SYSTEM 'file:/etc/netapp_filer.dtd'><netapp version='1.1' xmlns='http://www.netapp.com/filer/admin'><system-get-version></system-get-version></netapp>

The API authentication is failing and I am still able to execute the command - not good!

The behavior is the same on all of my systems (7.2.5.1 and 7.3.1.1).

Thanks,

Kevin