Description

This command establishes an authentication gateway or "tunnel" for authentication of user accounts via Windows Active Directory authentication, so that such accounts can login to administrative Vservers. To use this feature, you need to complete two tasks before using this command. First, create one or more user accounts using the command security login create with -authmethod domain. The parameter -username should be set to a valid user name previously defined in a Windows Domain Controller's Active Directory. Such user names will be in the format <domainname>\<username> where "domainname" is the name of the CIFS domain server. Next, identify or create a Vserver that is configured with CIFS and uses Windows authentication with the Active Directory server mentioned above. This is the Vserver that will be specified with this command. The tunnel Vserver has to be running or this command will return an error. Only one Vserver is allowed to be used as a tunnel. If you attempt to specify more than one Vserver, the system returns an error. If the tunnel Vserver is stopped or destroyed, user authentication requests for administrative Vservers will fail.

Examples

The following shows example of commands needed to create login user, create a data Vserver, a cifs server and the security login domain-tunnel create command.

		cluster1::> security login create -vserver cluster1 -username DOMAIN1\Administrator -application ssh -authmethod domain -role admin
		cluster1::> vserver create -vserver vs -rootvolume vol -aggregate aggr -ns-switch file -rootvolume-security-style mixed
		cluster1::> vserver cifs create -vserver vs -cifs-server vscifs -domain companyname.example.com -ou CN=Computers
		cluster1::> security login domain-tunnel create -vserver vs