To enable Active Directory domain users to access the cluster, you must set up an authentication tunnel through a CIFS-enabled Vserver. You must also create cluster user accounts for the domain users. This functionality requires that CIFS is licensed on the cluster.
You can use any data Vserver that has a CIFS server created as an authentication tunnel.
For information about CIFS servers, see the Clustered Data ONTAP File Access and Protocols Management Guide.
You can specify only one authentication tunnel.
Domain authentication supports only ssh, ontapi, and http for the -application parameter.
The value of -username must be specified in the format of domainname\username, where domainname is the name of the CIFS domain server.
If you delete the authentication tunnel, subsequent login sessions cannot be authenticated, and Active Directory domain users cannot access the cluster. Open sessions that were authenticated prior to the deletion of the authentication tunnel remain unaffected.
The following commands create a CIFS server for the vs0 Vserver, specify vs0 as the tunnel for Active Directory domain authentication, and create a cluster user account to enable the Administrator user of the DOMAIN1 domain to access the cluster through SSH:
cluster1::> vserver cifs create -vserver vs0 -cifs-server vs0cifs -domain companyname.example.com cluster1::> security login domain-tunnel create -vserver vs0 cluster1::> security login create -vserver cluster1 -username DOMAIN1\Administrator -application ssh -authmethod domain