security login domain-tunnel create

Add authentication tunnel Vserver for administrative Vserver

Availability: This command is available to cluster administrators at the admin privilege level.


This command establishes a gateway (tunnel) for authenticating Windows Active Directory (AD) domain users' access to the cluster.

Before using this command to establish the tunnel, the following must take place:

Only one Vserver can be used as the tunnel. If you attempt to specify more than one Vserver for the tunnel, Data ONTAP returns an error. If the tunnel Vserver is stopped or deleted, AD domain users' authentication requests to the cluster will fail.


-vserver <vserver> - Authentication Tunnel Vserver
This parameter specifies a data Vserver that has been configured with CIFS. This Vserver will be used as the tunnel for authenticating AD domain users' access to the cluster.


The following commands create an Active Directory domain user account ('DOMAIN1\Administrator') for the 'cluster1' cluster, create a data Vserver ('vs'), create a CIFS server ('vscifs') for the Vserver, and specify 'vs' as the tunnel for authenticating the domain user access to the cluster.
		cluster1::> security login create -vserver cluster1 -username DOMAIN1\Administrator -application ssh -authmethod domain -role admin
		cluster1::> vserver create -vserver vs -rootvolume vol -aggregate aggr -rootvolume-security-style mixed
		cluster1::> vserver cifs create -vserver vs -cifs-server vscifs -domain -ou CN=Computers
		cluster1::> security login domain-tunnel create -vserver vs