Skip to main content

security login domain-tunnel create

Contributors
Suggest changes

Add authentication tunnel Vserver for administrative Vserver

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command establishes a gateway (tunnel) for authenticating Windows Active Directory (AD) domain users' access to the cluster.

Before using this command to establish the tunnel, the following must take place:

  • You must use the security login create command to create one or more AD domain user accounts that will be granted access to the cluster.

  • The -authmethod parameter of the security login create command must be set to 'domain'.

  • The -username parameter of the security login create command must be set to a valid AD domain user account that is defined in a Windows Domain Controller's Active Directory. The user account must be specified in the format of <domainname>\<username> , where "domainname" is the name of the CIFS domain server.

  • You must identify or create a CIFS-enabled data Vserver that will be used for Windows authentication with the Active Directory server. This Vserver is the tunnel Vserver, and it must be running for this command to succeed.

Only one Vserver can be used as the tunnel. If you attempt to specify more than one Vserver for the tunnel, Data ONTAP returns an error. If the tunnel Vserver is stopped or deleted, AD domain users' authentication requests to the cluster will fail.

Parameters

-vserver <vserver> - Authentication Tunnel Vserver

This parameter specifies a data Vserver that has been configured with CIFS. This Vserver will be used as the tunnel for authenticating AD domain users' access to the cluster.

Examples

The following commands create an Active Directory domain user account ('DOMAIN1\Administrator') for the 'cluster1' cluster, create a data Vserver ('vs'), create a CIFS server ('vscifs') for the Vserver, and specify 'vs' as the tunnel for authenticating the domain user access to the cluster.

cluster1::> security login create -vserver cluster1 -username DOMAIN1\Administrator -application ssh -authmethod domain -role admin
    cluster1::> vserver create -vserver vs -rootvolume vol -aggregate aggr -rootvolume-security-style mixed
    cluster1::> vserver cifs create -vserver vs -cifs-server vscifs -domain companyname.example.com -ou CN=Computers
    cluster1::> security login domain-tunnel create -vserver vs