Enabling LDAP or NIS account access

You can use the security login create command to enable LDAP or NIS user accounts to access an admin or data SVM. If you have not configured LDAP or NIS server access to the SVM, you must do so before the account can access the SVM.

Before you begin

You must be a cluster administrator to perform this task.

About this task

Steps

  1. Enable LDAP or NIS user or group accounts to access an SVM: security login create -vserver SVM_name -user-or-group-name user_name -application application -authmethod nsswitch -role role -comment comment -is-ns-switch-group yes|no
    For complete command syntax, see the worksheet.

    Creating or modifying login accounts

    Example

    The following command enables the LDAP or NIS cluster administrator account guest2 with the predefined backup role to access the admin SVM engCluster.

    cluster1::>security login create -vserver engCluster -user-or-group-name guest2 -application ssh -authmethod nsswitch -role backup
  2. Enable MFA login for LDAP or NIS users:security login modify -user-or-group-name rem_usr1 -application ssh -authentication-method nsswitch -role admin -is-ns-switch-group no -second-authentication-method publickey
    The authentication method can be specified as publickey and second authentication method as nsswitch.
    Example
    The following example shows the MFA authentication being enabled:
    cluster-1::*> security login modify -user-or-group-name rem_usr2 -application ssh -authentication-method nsswitch -vserver 
    cluster-1 -second-authentication-method publickey"

After you finish

If you have not configured LDAP or NIS server access to the SVM, you must do so before the account can access the SVM.

Configuring LDAP or NIS server access