ONTAP Recipes: Easily manage NetApp Storage with your corporate (NIS or LDAP) login credentials

ONTAP Recipes:  Did you know you can…?

Easily manage NetApp Storage with your corporate (NIS or LDAP) login credentials

This recipe will help you setup NetApp Storage admin accounts that are based on your current login accounts served by your corp LDAP or NIS Directory server. Such users can login to ONTAP for management access, using the same credentials that allow them to access the corporate network.

Steps:

1. Pre-conditions:

     a. Ensure that the required network settings [ipaddr, netmask, route, DNS et.al] are in place and the NIS/LDAP server is reachable      from the interface(s) configured for the SVM  [administrative and/or data SVM]

    b. Ensure that the directory server [LDAP/NIS] is configured for the SVM

    c. Ensure that the lookup for password database in the name services’ ns-switch settings for the SVM, includes the NIS/LDAP as         source and is in the preferred order for lookup

    d. The ONTAP user account to be created has to be a valid user account defined at the NIS/LDAP directory server

2. Create the admin account in ONTAP choosing appropriate application protocol [http, console, ssh etc] and choose the authentication method as “nsswitch”

Example: Creating the user “user_nis_ssh” for SSH application with “admin” role privileges for cluster SVM “cluster-1_2” specifying the source of authentication as NIS server.

  a. Create the ONTAP user account in the security login table choosing the application, authentication method, role and SVM

  Cluster-1_2::> security login create -user-or-group-name user_nis_ssh -authentication-method nsswitch -application ssh -role         admin -vserver Cluster-1_2

 b. Verify the user is created for the SVM

  Cluster-1_2::> security login show

Vserver: Cluster-1_2

User/Group                                Authentication                      Acct  

Name            Application           Method            Role Name    Locked

--------------     -----------                -------------     ------             --------

admin             console                    password      admin          no

admin              http                         password      admin          no

admin              ontapi                     password      admin          no

admin              service-processor   password      admin         no

admin              ssh                          password      admin          no

user_nis_ssh   ssh                          nsswitch        admin          -     

c. Verify the login from a client machine using the created user’s credentials

Client-host-machine>ssh ssh user_nis_ssh@ Cluster-1_2

Password:

Cluster-1_2::> security login whoami

User: user_nis_ssh

Role: admin

Note: Often, authentication does not work as expected due to incomplete/wrong name-services configuration. Ensure you have the right DNS, NIS/LDAP, ns-switch settings.

For more information, see the ONTAP 9 documentation center