Re: cDOT and na_server_style NA_STYLE_RPC

anton_oks · ‎2015-08-28

Hi all.

We have plenty own-developed NetApp management tools, which run on Windows clients and use the "NA_STYLE_RPC" authentication with the ONTAP 7-Mode systems.

The same tools do not work with cDOT. And also the SDK binary "apitest.exe" seems to confirm the problem:

C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r myold2040 system-get-version
<results status="passed">
<version>NetApp Release 8.1.4P8 7-Mode: Wed Feb 4 02:09:24 PST 2015</version>
<is-clustered>false</is-clustered>
</results>

C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r mynewer6240 system-get-version
<results status="passed">
<version>NetApp Release 8.1.4P8 7-Mode: Wed Feb 4 02:08:52 PST 2015</version>
<is-clustered>false</is-clustered>
</results>

C:\Users\user\Downloads\NetApp\SDK\netapp-manageability-sdk-5.4\bin\nt>.\apitest.exe -r mynew8060 system-get-version
<results reason="RPC Error - The RPC server is unavailable. " errno="13011" status="failed"/>

In SDK --> "Session Management APIs" --> na_server_style we have this:

If style=NA_STYLE_RPC, your code should run on the Windows system so that a native Windows authentication based on remote procedure call is used. This is applicable for Data ONTAP APIs only.

Question: Can someone comment and/or confirm if the cDOT NA_STYPE_RPC auth should work (or does somewhere?!?!?) and if so, how (options, SMB versions, special/new API capabilities, Windows version on the client and AD server, ...)

Thanks a bunch

Anton Oks

P.S.: No, we don't have WAN optimization in that environment 😉

anton_oks · ‎2015-11-23

Hello NetApp SDK team and/or community....

We still need the same passwordless authentification on 7Mode AND cDOT. Any news about WinRPC/cDOT?! Or will you, NetApp, bring the cert-based auth to 7Mode?!

Regards

Anton Oks

georgevj · ‎2015-11-23

from documentation, FYI.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

anton_oks · ‎2015-11-24

Thanks georgevj.

Well, strong indicator that it is not working, confirmed, but it's the APITEST docu only 😉 So in theory it could be that only the tool doesn't support it, right 😮

Could someone then send a statement how the same passwordless authentication can be done for both 7Mode and cDOT APIs? Because, you for sure understand, we talk "chicken/egg" here.. I can only know if the Netapp is 7Mode or cDOT AFTER I connected to it... and I cannot (passwordless) connect to check this because I don't know if WinRPC or CERT should work....

Regards

Anton Oks

georgevj · ‎2015-11-24

Are you sure the same code will work for both 7 mode and cluster mode?

I think you may need a different set of api commands for them.

What about something like this?

connect via rpc and check version

if succeeded

{ 7mode_ok; }

Else

{

Connect via cert and check version

If succeeded

{ C-mode_ok; }

Else

{ print error and exit; }

}

If 7mode_ok

{

Do your stuff for 7 mode

}

If C-mode_ok

{

Do your stuff for C mode

}

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

anton_oks · ‎2015-11-24

That's exaactly what I do... I check with "na_results_errno" for "13011", which is "ERROR (13011): RPC Error - The RPC server is unavailable." and then try to talk to a cDOT again, check result and so on... BUT the tools run much longer now and this is an ugly hack and very error prone!

I think NetApp can and should do better then this (offer the same consistent "passwordless" way!)...