vserver services access-check authentication show-creds
Display a user's credentials based on a UNIX UID or Windows SID or S3 User Name
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
The vserver services access-check authentication show-creds
command returns the credentials for a Windows user using SID, a Windows user using a Windows username, a UNIX user using UID, or a UNIX user using a UNIX user name. This command is useful for retrieving information such as account type, SIDs, UIDs, GIDs, privileges, and domain or group membership.
Parameters
[-node {<nodename>|local}]
- Node (privilege: advanced)-
The name of the node on which the command is executed.
-vserver <vserver>
- Vserver (privilege: advanced)-
The command displays information for the specified Vserver.
- {
-uid <integer>
- UID (privilege: advanced) -
The UNIX user's UID.
- |
-sid <text>
- SID (privilege: advanced) -
The Windows user's SID.
- |
-unix-user-name <text>
- Unix User Name (privilege: advanced) -
The UNIX username.
- |
-win-name <text>
- Windows Name (privilege: advanced) -
The Windows username.
- |
-s3-user-name <text>
- S3 User Name (privilege: advanced) } -
The S3 username.
[-list-name {true|false}]
- Display Translated Names (privilege: advanced)-
If this parameter is specified, the command displays information as translated names.
[-list-id {true|false}]
- Display IDs (privilege: advanced)-
If this parameter is specified, the command displays information as IDs.
[-clientIp <IP Address>]
- Client IP Address (privilege: advanced)-
The IP address of the client as specified by the user
[-skip-domain-group {true|false}]
- Skip Domain Groups (privilege: advanced)-
If this parameter is specified, Windows domain group membership will not be fetched and only local group membership will be displayed, if any.
[-show-partial-unix-creds {true|false}]
- Display Partial UNIX Credentials (privilege: advanced)-
If this parameter is specified, partial UNIX credentials will be displayed. This can be useful in cases where ONTAP is able to fetch the UNIX credentials, but failed to fetch the Windows credentials.
Examples
This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1."
cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 (vserver services access-check authentication show-creds) UNIX UID: root <> Windows User: CIFSQA\Administrator (User) GID: root Supplementary GIDs: <None> Windows Membership: CIFSQA\Schema Admins (Domain group) CIFSQA\Enterprise Admins (Domain group) CIFSQA\Domain Admins (Domain group) CIFSQA\Domain Users (Domain group) CIFSQA\Group Policy Creator Owners (Domain group) BUILTIN\Administrators (Alias) BUILTIN\Users (Alias) User is also a member of Everyone, Authenticated Users, and Network Users Privileges (0x2b7): SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege
This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "false" and list-id "true."
cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name false -list-id true (vserver services access-check authentication show-creds) UNIX UID: 0 <> Windows User: S-1-5-21-1407423728-2963865486-1834115207-500 GID: 0 Supplementary GIDs: <None> Windows Membership: S-1-5-21-1407423728-2963865486-1834115207-518 S-1-5-21-1407423728-2963865486-1834115207-519 S-1-5-21-1407423728-2963865486-1834115207-512 S-1-5-21-1407423728-2963865486-1834115207-513 S-1-5-21-1407423728-2963865486-1834115207-520 S-1-5-32-544 S-1-5-32-545 User is also a member of S-1-1-0, S-1-5-11, and S-1-5-2 Privileges (0x2b7): SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege
This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "true" and list-id "true."
cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name false -list-id true (vserver services access-check authentication show-creds) UNIX UID: 0 (root) <> Windows User: S-1-5-21-1407423728-2963865486-1834115207-500 (CIFSQA\Administrator (User)) GID: 0 (root) Supplementary GIDs: <None> Windows Membership: S-1-5-21-1407423728-2963865486-1834115207-518 CIFSQA\Schema Admins (Domain group) S-1-5-21-1407423728-2963865486-1834115207-519 CIFSQA\Enterprise Admins (Domain group) S-1-5-21-1407423728-2963865486-1834115207-512 CIFSQA\Domain Admins (Domain group) S-1-5-21-1407423728-2963865486-1834115207-513 CIFSQA\Domain Users (Domain group) S-1-5-21-1407423728-2963865486-1834115207-520 CIFSQA\Group Policy Creator Owners (Domain group) S-1-5-32-544 BUILTIN\Administrators (Alias) S-1-5-32-545 BUILTIN\Users (Alias) User is also a member of Everyone, Authenticated Users, and Network Users Privileges (0x2b7): SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege
This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "true" and list-id "false."
cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name true -list-id false (vserver services access-check authentication show-creds) UNIX UID: root <> Windows User: CIFSQA\Administrator (User) GID: root Supplementary GIDs: <None> Windows Membership: CIFSQA\Schema Admins (Domain group) CIFSQA\Enterprise Admins (Domain group) CIFSQA\Domain Admins (Domain group) CIFSQA\Domain Users (Domain group) CIFSQA\Group Policy Creator Owners (Domain group) BUILTIN\Administrators (Alias) BUILTIN\Users (Alias) User is also a member of Everyone, Authenticated Users, and Network Users Privileges (0x2b7): SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege