Creating ONTAP users
To create a new SVM or file system user (ONTAP CLI)
Only file system users with the fsxadmin
role can create new SVM and file system users.
To access the NetApp ONTAP CLI, establish an SSH session on the management port of the Amazon FSx for NetApp ONTAP file system by running the following command. Replace
with the IP address of the file system's management port.management_endpoint_ip
[~]$
ssh fsxadmin@
management_endpoint_ip
For more information, see Managing file systems with the ONTAP CLI.
Use the
security login create
ONTAP CLI command to create a new user account on your FSx for ONTAP file system or SVM.Insert your data for the placeholders in the example to define the following required properties:
-
-vserver
– Specifies the name of the SVM where you want to create the new SVM role or user. If you are creating a file system role or user, don't specify an SVM. -
-user-or-group-name
– Specifies the username or Active Directory group name of the login method. The Active Directory group name can be specified only with thedomain
authentication method and theontapi
andssh
applications. -
-application
– Specifies the application of the login method. Possible values include http, ontapi, and ssh. -
-authentication-method
– Specifies the authentication method for login. Possible values include the following:domain – Use for Active Directory authentication
password – Use for password authentication
publickey – User for public-key authentication
-
-role
– Specifies the access-control role name for the login method. At the file system-level, the only role that can be specified isfsxadmin
.
(Optional) You can also use one or more of the following parameters with the command:
-
[-comment]
– Use to include a notation or comment for the user account. For example,Guest account
. The maximum length is 128 characters. -
[-second-authentication-method {none|publickey|password|nsswitch}]
– Specifies the second factor authentication method. You can specify the following methods:password – Use for password authentication
publickey – Use for Public-key authentication
nsswitch – Use for NIS or LDAP authentication
none – The default value if you don't specify one
Fsx0123456::>
security login create -vserver
vserver_name
-user-or-group-nameuser_or_group_name
-applicationlogin_application
-authentication-methodauth_method
-rolerole_or_account_name
The following command creates a new file system user
new_fsxadmin
with thefsxadmin-readonly
role assigned, using SSH with a password for logging in. When prompted, provide a password for the user.Fsx0123456::>
security login create -user-or-group-name new_fsxadmin -application ssh -authentication-method password -role fsxadmin-readonly
Please enter a password for user 'new_fsxadmin': Please enter it again:
Fsx0123456::>
-
-
The following command creates a new SVM user
new_vsadmin
on thefsx
SVM with thevsadmin_readonly
role, configured to use SSH with a password to login. When prompted, provide a password for the user.Fsx0123456::>
security login create -vserver fsx -user-or-group-name new_vsadmin -application ssh -authentication-method password -role vsadmin-readonly
Please enter a password for user 'new_vsadmin': Please enter it again:
Fsx0123456::>
-
The following command creates a new read-only file system user
harvest2-user
that is to be used by the NetApp Harvest application to collect performance and capacity metrics. For more information, see Monitoring FSx for ONTAP file systems using Harvest and Grafana.Fsx0123456::>
security login create -user-or-group-name harvest2-user -application ssh -role fsxadmin-readonly -authentication-method password
To view information for all file system and SVM users
Use the following command to view all login information for your file system and SVMs.
Fsx0123456::>
security login show
Vserver: Fsx0123456 Second User/Group Authentication Acct Authentication Name Application Method Role Name Locked Method -------------- ----------- ------------- ---------------- ------ -------------- autosupport console password autosupport no none fsxadmin http password fsxadmin no none fsxadmin ontapi password fsxadmin no none fsxadmin ssh password fsxadmin no none fsxadmin ssh publickey fsxadmin - none new_fsxadmin ssh password fsxadmin-readonly no none Vserver: fsx Second User/Group Authentication Acct Authentication Name Application Method Role Name Locked Method -------------- ----------- ------------- ---------------- ------ -------------- new_vsadmin ssh password vsadmin-readonly no none vsadmin http password vsadmin yes none vsadmin ontapi password vsadmin yes none vsadmin ssh password vsadmin yes none 10 entries were displayed.
Fsx0123456::>