Skip to main content

vserver services access-check authentication show-creds

Contributors
Suggest changes

Display a user's credentials based on a UNIX UID or Windows SID or S3 User Name

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

The vserver services access-check authentication show-creds command returns the credentials for a Windows user using SID, a Windows user using a Windows username, a UNIX user using UID, or a UNIX user using a UNIX user name. This command is useful for retrieving information such as account type, SIDs, UIDs, GIDs, privileges, and domain or group membership.

Parameters

[-node {<nodename>|local}] - Node (privilege: advanced)

The name of the node on which the command is executed.

-vserver <vserver> - Vserver (privilege: advanced)

The command displays information for the specified Vserver.

{ -uid <integer> - UID (privilege: advanced)

The UNIX user's UID.

| -sid <text> - SID (privilege: advanced)

The Windows user's SID.

| -unix-user-name <text> - Unix User Name (privilege: advanced)

The UNIX username.

| -win-name <text> - Windows Name (privilege: advanced)

The Windows username.

| -s3-user-name <text> - S3 User Name (privilege: advanced) }

The S3 username.

[-list-name {true|false}] - Display Translated Names (privilege: advanced)

If this parameter is specified, the command displays information as translated names.

[-list-id {true|false}] - Display IDs (privilege: advanced)

If this parameter is specified, the command displays information as IDs.

[-clientIp <IP Address>] - Client IP Address (privilege: advanced)

The IP address of the client as specified by the user

[-skip-domain-group {true|false}] - Skip Domain Groups (privilege: advanced)

If this parameter is specified, Windows domain group membership will not be fetched and only local group membership will be displayed, if any.

[-show-partial-unix-creds {true|false}] - Display Partial UNIX Credentials (privilege: advanced)

If this parameter is specified, partial UNIX credentials will be displayed. This can be useful in cases where ONTAP is able to fetch the UNIX credentials, but failed to fetch the Windows credentials.

Examples

This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1."

cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0
(vserver services access-check authentication show-creds)
UNIX UID: root <> Windows User: CIFSQA\Administrator (User)
GID: root
 Supplementary GIDs: <None>
Windows Membership:
  CIFSQA\Schema Admins (Domain group)
  CIFSQA\Enterprise Admins (Domain group)
  CIFSQA\Domain Admins (Domain group)
  CIFSQA\Domain Users (Domain group)
  CIFSQA\Group Policy Creator Owners (Domain group)
  BUILTIN\Administrators (Alias)
  BUILTIN\Users (Alias)
 User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2b7):
  SeBackupPrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege

This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "false" and list-id "true."

cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name false -list-id true
(vserver services access-check authentication show-creds)
UNIX UID: 0 <> Windows User: S-1-5-21-1407423728-2963865486-1834115207-500
GID: 0
 Supplementary GIDs: <None>
Windows Membership:
  S-1-5-21-1407423728-2963865486-1834115207-518
  S-1-5-21-1407423728-2963865486-1834115207-519
  S-1-5-21-1407423728-2963865486-1834115207-512
  S-1-5-21-1407423728-2963865486-1834115207-513
  S-1-5-21-1407423728-2963865486-1834115207-520
  S-1-5-32-544
  S-1-5-32-545
 User is also a member of S-1-1-0, S-1-5-11, and S-1-5-2
Privileges (0x2b7):
  SeBackupPrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege

This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "true" and list-id "true."

cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name false -list-id true
(vserver services access-check authentication show-creds)
UNIX UID: 0 (root) <> Windows User: S-1-5-21-1407423728-2963865486-1834115207-500 (CIFSQA\Administrator (User))
GID: 0 (root)
 Supplementary GIDs: <None>
Windows Membership:
  S-1-5-21-1407423728-2963865486-1834115207-518     CIFSQA\Schema Admins (Domain group)
  S-1-5-21-1407423728-2963865486-1834115207-519     CIFSQA\Enterprise Admins (Domain group)
  S-1-5-21-1407423728-2963865486-1834115207-512     CIFSQA\Domain Admins (Domain group)
  S-1-5-21-1407423728-2963865486-1834115207-513     CIFSQA\Domain Users (Domain group)
  S-1-5-21-1407423728-2963865486-1834115207-520     CIFSQA\Group Policy Creator Owners (Domain group)
  S-1-5-32-544     BUILTIN\Administrators (Alias)
  S-1-5-32-545     BUILTIN\Users (Alias)
 User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2b7):
  SeBackupPrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege

This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "true" and list-id "false."

cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name true -list-id false
(vserver services access-check authentication show-creds)
UNIX UID: root <> Windows User: CIFSQA\Administrator (User)
GID: root
 Supplementary GIDs: <None>
Windows Membership:
  CIFSQA\Schema Admins (Domain group)
  CIFSQA\Enterprise Admins (Domain group)
  CIFSQA\Domain Admins (Domain group)
  CIFSQA\Domain Users (Domain group)
  CIFSQA\Group Policy Creator Owners (Domain group)
  BUILTIN\Administrators (Alias)
  BUILTIN\Users (Alias)
 User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2b7):
  SeBackupPrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege