NetApp CDOT/C-Mode: Domain Authentication

NetApp CDOT / C-Mode / Cluster Mode: Domain Authentication

There are several long guides on how to link cluster-level authentication to AD, however if most of you already have the most basic prerequisites satisfied, you can just bang out a few commands.

You need the following items completed already:

• SVM / VServer created
• CIFS licensed
• CIFS set up and joined to domain on SVM / VServer

Once that is complete, you only need to run a few commands:

1. Create a domain security tunnel

cluster::> security login domain-tunnel create -vserver SVMNAME

2. Allow SSH connection (for us leet folk)

cluster::> security login create -vserver CLUSTERNAME -username DOMAIN\USERNAME -application ssh -authmethod domain -role admin

3. Allow HTTP connection (for all the n00bs)

cluster::> security login create -vserver CLUSTERNAME -username DOMAIN\USERNAME -application http -authmethod domain -role admin

4. Allow ONTAP API connection - most people forget this from their guides...it's for NetApp System Manager

cluster::> security login create -vserver CLUSTERNAME -username DOMAIN\USERNAME -application ontapi -authmethod domain -role admin

5. If you want a list of security permissions, here's the command and sample output:

cluster::> security login show

Vserver: SVMNAME

Vserver: CLUSTERNAME
                             Authentication                  Acct
UserName         Application Method         Role Name        Locked
---------------- ----------- -------------- ---------------- ------
DOM\n00b1        http        domain         admin            -
DOM\n00b1        ontapi      domain         admin            -
DOM\n00b2        http        domain         admin            -
DOM\n00b2        ontapi      domain         admin            -
DOM\l33tadmin    http        domain         admin            -
DOM\l33tadmin    ontapi      domain         admin            -
DOM\l33tadmin    ssh         domain         admin            -

And that's all, folks!