AD login on cluster management

Enabling Active Directory domain users to access the cluster

To enable Active Directory domain users to access the cluster, you must set up an authentication tunnel through a CIFS-enabled Vserver. You must also create cluster user accounts for the domain users. This functionality requires that CIFS is licensed on the cluster.

Steps

  1. If a tunnel for authenticating Active Directory domain users’ cluster access does not exist, complete the following steps:
    Note: The security login domain-tunnel show command displays the authentication tunnel if it has been set up.
    1. Create a CIFS server for a Vserver that you will use as an authentication tunnel by using the vserver cifs create command.

      You can use any data Vserver that has a CIFS server created as an authentication tunnel.

      For information about CIFS servers, see the Clustered Data ONTAP File Access and Protocols Management Guide.

    2. Specify the authentication tunnel by using the security login domain-tunnel create command.

      You can specify only one authentication tunnel.

  2. Create a cluster user account to enable an Active Directory domain user to access the cluster by using the security login create command with the –authmethod parameter set to domain.

    Domain authentication supports only sshontapi, and http for the -application parameter.

    The value of -username must be specified in the format of domainname\username, where domainname is the name of the CIFS domain server.

    If you delete the authentication tunnel, subsequent login sessions cannot be authenticated, and Active Directory domain users cannot access the cluster. Open sessions that were authenticated prior to the deletion of the authentication tunnel remain unaffected.

Example of enabling an Active Directory domain user to access the cluster

The following commands create a CIFS server for the vs0 Vserver, specify vs0 as the tunnel for Active Directory domain authentication, and create a cluster user account to enable the Administrator user of the DOMAIN1 domain to access the cluster through SSH:

cluster1::> vserver cifs create -vserver vs0 -cifs-server vs0cifs 
-domain companyname.example.com  
cluster1::> security login domain-tunnel create -vserver vs0
cluster1::> security login create -vserver cluster1 -username 
DOMAIN1\Administrator -application ssh -authmethod domain
twitterlinkedinmailtwitterlinkedinmail
Arco

About

View all posts by