Tuesday, September 15, 2015

How to join Netapp Filer to domain - Netapp Notes by ARK

Why we have to join Netapp filer to Active  Directory

  1.  Adding removing users to Netapp filer made easy
  2.  Configuring and providing access to CIFS shares
  3.  Integrating with your windows server will provide you an handy to automate regular jobs
  4.  single sign on will simplify your login using active directory
The process itself is very simple but there are a couple of things to keep in mind regarding the time so i thought it would be nice to share them.

Before starting, here’s a bit of background on why clock is very important: Active Directory authentication is based on a protocol called Kerberos, which use a ticketing system to grant access, the system time is very important if ticket is waiting for more then specified time it will expires and authentication will fail. 

Verify the date and time before going to join the Netapp filer to domain. 

 ARK> date
Tue Sep 15 02:03:49 PDT 2015

if you time is not in sync with the LDAP Server then make change using date command

ARK>date 201509150254
Warning: syncing time to an external time source which will eventually override the time set by the date command.

201509150254 which is (YYYYMMDDhhmm)

And then we need to configure the NTP server to keep the time in sync with the Domain Controllers:

ARK> options timed.enable off
ARK> options timed.proto ntp
ARK> options timed.servers
ARK> options timed.max_skew 5m
ARK> options timed.enable on

Now you can join the Netapp filer to domain using cifs setup command

ARK> cifs setup             
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.

Do you want to make the system visible via WINS? [n]:
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [2]: 2
        CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for 'root',
        'pcuser', and 'nobody'.
Enter the password for the root user []:
#Enter your root password
Retype the password:
#Enter your root password
The default name for this CIFS server is 'ARK'.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [arkit.co.in]: arkit.co.in
        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the arkit.co.in domain.
Enter the name of the Windows user [Administrator@arkit.co.in]: Administrator@arkit.co.in
Password for Administrator@arkit.co.in:
CIFS - Logged in as Administrator@arkit.co.in.
        The user that you specified has permission to create the filer's
        machine account in several (2) containers. Please choose where you
        would like this account to be created.

(1) CN=computers
(2) OU=Domain Controllers
(3) None of the above

Selection (1-3)? [1]: 1
CIFS - Starting SMB protocol...
        It is highly recommended that you create the local administrator
        account (ARKadministrator) for this filer. This account allows
        access to CIFS from Windows when domain controllers are not

Do you want to create the ARKadministrator account? [y]:
Enter the new password for ARKadministrator:

Retype the password:
        Currently the user "ARKadministrator" and members of the group
        "HANDS-ONDomain Admins" have permission to administer CIFS on this
        filer. You may specify an additional user or group to be added to the
        filer's "BUILTINAdministrators" group, thus giving them
        administrative privileges as well.

Would you like to specify a user or group that can administer CIFS? [n]: n
Welcome to the arkit.co.in (ARK) Active Directory(R) domain.

CIFS local server is running.

Now you can integrate Netapp filer to your computer management by connecting to other computer

Please provide your valuable comments ...

1 comment:

  1. Amazing issues here. I am very satisfied to peer your article.

    Thanks so much and I am having a look forward to
    contact you. Will you kindly drop me a mail?