You can specify nonlocal administrative users to have administrative access to the storage system after authentication by a Windows Domain Controller, rather than by the storage system itself.
About this task
By default, the domain administrator account has full access to the system. You can log in this account by using the domain\administrator format with the appropriate password.
Data ONTAP also supports ssh-key based authentication for domain users.
Steps
- To assign a Windows domain user to a custom or predefined group, enter the following command: useradmin domainuser add win_user_name -g {custom_group|Administrators|"Backup Operators"|Guests|"Power Users"|Users}[,...]
win_user_name is the Windows domain user whose name or Security ID (SID) you want to assign to a customized or predefined group. This value can be in one of the following formats:
For more information about these formats, see the na_cifs_lookup(1) man page.
custom_group is a customized group with roles assigned through the useradmin group command.
Administrators | "Backup Operators" | Guests | "Power Users" | Users are groups predefined by Data ONTAP with default roles and capabilities.
Example
The following command adds the user userjoe in the MyDomain domain to the Power Users group and effectively grants MyDomain\userjoe all administrator capabilities that are granted to the Power Users group through the roles that have been assigned to it.useradmin domainuser add MyDomain\userjoe -g "Power Users"
- To verify the success of your operation, enter the following command: useradmin domainuser list -g {custom_group|Administrators|"Backup Operators"|Guests|"Power Users"|Users}
The SID of the user in question is among those listed in the output of this command.