Software Development Kit (SDK) and API Discussions

cDOT and na_server_style NA_STYLE_RPC

anton_oks
3,738 Views

Hi all.

 

We have plenty own-developed NetApp management tools, which run on Windows clients and use the "NA_STYLE_RPC" authentication with the ONTAP 7-Mode systems.

The same tools do not work with cDOT. And also the SDK binary "apitest.exe" seems to confirm the problem:

 

C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r myold2040 system-get-version
<results status="passed">
        <version>NetApp Release 8.1.4P8 7-Mode: Wed Feb  4 02:09:24 PST 2015</version>
        <is-clustered>false</is-clustered>
</results>


C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r mynewer6240 system-get-version
<results status="passed">
        <version>NetApp Release 8.1.4P8 7-Mode: Wed Feb  4 02:08:52 PST 2015</version>
        <is-clustered>false</is-clustered>
</results>


C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r mynew8060 system-get-version
<results reason="RPC Error - The RPC server is unavailable. " errno="13011" status="failed"/>

 

 

In SDK --> "Session Management APIs" --> na_server_style we have this:

If style=NA_STYLE_RPC, your code should run on the Windows system so that a native Windows authentication based on remote procedure call is used. This is applicable for Data ONTAP APIs only.

 

Question: Can someone comment and/or confirm if the cDOT NA_STYPE_RPC auth should work (or does somewhere?!?!?) and if so, how (options, SMB versions, special/new API capabilities, Windows version on the client and AD server, ...)

 

Thanks a bunch

 Anton Oks

 

P.S.: No, we don't have WAN optimization in that environment 😉

 

 

5 REPLIES 5

anton_oks
3,542 Views

Hello NetApp SDK team and/or community....

 

We still need the same passwordless authentification on 7Mode AND cDOT. Any news about WinRPC/cDOT?! Or will you, NetApp, bring the cert-based auth to 7Mode?!

 

Regards

 Anton Oks

georgevj
3,527 Views

from documentation, FYI.

api.PNG

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

anton_oks
3,512 Views

Thanks georgevj.

 

Well, strong indicator that it is not working, confirmed, but it's the APITEST docu only 😉 So in theory it could be that only the tool doesn't support it, right 😮

 

Could someone then send a statement how the same passwordless authentication can be done for both 7Mode and cDOT APIs? Because, you for sure understand, we talk "chicken/egg" here.. I can only know if the Netapp is 7Mode or cDOT AFTER I connected to it... and I cannot (passwordless) connect to check this because I don't know if WinRPC or CERT should work....

 

Regards

 Anton Oks

 

georgevj
3,507 Views

Are you sure the same code will work for both 7 mode and cluster mode?

I think you may need a different set of api commands for them.

 

What about something like this?

 

connect via rpc and check version

if succeeded

{ 7mode_ok; }

Else

{

Connect via cert and check version

               If succeeded

                              { C-mode_ok; }

                              Else

                              { print error and exit; }

}

If  7mode_ok

               {

               Do your stuff for 7 mode

               }

If C-mode_ok

               {

               Do your stuff for C mode

               }

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

anton_oks
3,501 Views

That's exaactly what I do... I check with "na_results_errno" for "13011", which is "ERROR (13011): RPC Error - The RPC server is unavailable." and then try to talk to a cDOT again, check result and so on... BUT the tools run much longer now and this is an ugly hack and very error prone!

 

I think NetApp can and should do better then this (offer the same consistent "passwordless" way!)...

 

Public