Data ONTAP provides several methods that you can use to specify how a user account is authenticated.
The -authmethod parameter of the security login commands specifies how a user account is authenticated. The following authentication methods are supported:
For Windows Active Directory authentication, a CIFS server must be created for the Storage Virtual Machine (SVM), and Windows domain users or groups must be mapped to access-control roles by using the security login create command with the -authmethod parameter set to domain for the cluster and SVM access.
In addition, to authenticate Windows Active Directory domain users or groups for cluster access, a tunnel must be set up through a CIFS-enabled SVM.
To use LDAP or NIS authentication, SVM users must be mapped to SVM access-control roles by using the security login create command with the -authmethod parameter set to nsswitch. Data ONTAP supports only the RFC 2307 schema for LDAP authentication of SVM accounts. It does not support any other schemas, such as Active Directory Identity Management for UNIX (AD-IDMU) and Active Directory Services for UNIX (AD-SFU). Also, Data ONTAP supports only the MD5 and DES password encryption mechanisms for LDAP authentication of SVM accounts.
Cluster user accounts cannot use nsswitch as an authentication method.
For more information about the security login commands, see the appropriate man pages.