ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver services access-check authentication show-creds

    Display a user’s credentials based on a UNIX UID or Windows SID or S3 User Name

    Availability: This command is available to cluster administrators at the advanced privilege level.

    Description

    The vserver services access-check authentication show-creds command returns the credentials for a Windows user using SID, a Windows user using a Windows username, a UNIX user using UID, or a UNIX user using a UNIX user name. This command is useful for retrieving information such as account type, SIDs, UIDs, GIDs, privileges, and domain or group membership.

    Parameters

    [-node {<nodename>|local}] - Node

    The name of the node on which the command is executed.

    -vserver <vserver> - Vserver

    The command displays information for the specified Vserver.

    { -uid <integer> - UID

    The UNIX user’s UID.

    | -sid <text> - SID

    The Windows user’s SID.

    | -unix-user-name <text> - Unix User Name

    The UNIX username.

    | -win-name <text> - Windows Name

    The Windows username.

    | -s3-user-name <text> - S3 User Name }

    The S3 username.

    [-list-name {true|false}] - Display Translated Names

    If this parameter is specified, the command displays information as translated names.

    [-list-id {true|false}] - Display IDs

    If this parameter is specified, the command displays information as IDs.

    [-clientIp <IP Address>] - Client IP Address

    The IP address of the client as specified by the user

    [-skip-domain-group {true|false}] - Skip Domain Groups

    If this parameter is specified, Windows domain group membership will not be fetched and only local group membership will be displayed, if any.

    [-show-partial-unix-creds {true|false}] - Display Partial UNIX Credentials

    If this parameter is specified, partial UNIX credentials will be displayed. This can be useful in cases where ONTAP is able to fetch the UNIX credentials, but failed to fetch the Windows credentials.

    Examples

    This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1."

    cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0
    (vserver services access-check authentication show-creds)
    UNIX UID: root <> Windows User: CIFSQA\Administrator (User)
    GID: root
     Supplementary GIDs: <None>
    Windows Membership:
      CIFSQA\Schema Admins (Domain group)
      CIFSQA\Enterprise Admins (Domain group)
      CIFSQA\Domain Admins (Domain group)
      CIFSQA\Domain Users (Domain group)
      CIFSQA\Group Policy Creator Owners (Domain group)
      BUILTIN\Administrators (Alias)
      BUILTIN\Users (Alias)
     User is also a member of Everyone, Authenticated Users, and Network Users
    Privileges (0x2b7):
      SeBackupPrivilege
      SeRestorePrivilege
      SeTakeOwnershipPrivilege

    This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "false" and list-id "true."

    cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name false -list-id true
    (vserver services access-check authentication show-creds)
    UNIX UID: 0 <> Windows User: S-1-5-21-1407423728-2963865486-1834115207-500
    GID: 0
     Supplementary GIDs: <None>
    Windows Membership:
      S-1-5-21-1407423728-2963865486-1834115207-518
      S-1-5-21-1407423728-2963865486-1834115207-519
      S-1-5-21-1407423728-2963865486-1834115207-512
      S-1-5-21-1407423728-2963865486-1834115207-513
      S-1-5-21-1407423728-2963865486-1834115207-520
      S-1-5-32-544
      S-1-5-32-545
     User is also a member of S-1-1-0, S-1-5-11, and S-1-5-2
    Privileges (0x2b7):
      SeBackupPrivilege
      SeRestorePrivilege
      SeTakeOwnershipPrivilege

    This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "true" and list-id "true."

    cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name false -list-id true
    (vserver services access-check authentication show-creds)
    UNIX UID: 0 (root) <> Windows User: S-1-5-21-1407423728-2963865486-1834115207-500 (CIFSQA\Administrator (User))
    GID: 0 (root)
     Supplementary GIDs: <None>
    Windows Membership:
      S-1-5-21-1407423728-2963865486-1834115207-518     CIFSQA\Schema Admins (Domain group)
      S-1-5-21-1407423728-2963865486-1834115207-519     CIFSQA\Enterprise Admins (Domain group)
      S-1-5-21-1407423728-2963865486-1834115207-512     CIFSQA\Domain Admins (Domain group)
      S-1-5-21-1407423728-2963865486-1834115207-513     CIFSQA\Domain Users (Domain group)
      S-1-5-21-1407423728-2963865486-1834115207-520     CIFSQA\Group Policy Creator Owners (Domain group)
      S-1-5-32-544     BUILTIN\Administrators (Alias)
      S-1-5-32-545     BUILTIN\Users (Alias)
     User is also a member of Everyone, Authenticated Users, and Network Users
    Privileges (0x2b7):
      SeBackupPrivilege
      SeRestorePrivilege
      SeTakeOwnershipPrivilege

    This example returns credential information for UNIX user with UID "0" on node "node1" for Vserver "vs1" when list-name "true" and list-id "false."

    cluster1::*> vserver services access-check authentication show-creds -node node1 -vserver vs1 -uid 0 -list-name true -list-id false
    (vserver services access-check authentication show-creds)
    UNIX UID: root <> Windows User: CIFSQA\Administrator (User)
    GID: root
     Supplementary GIDs: <None>
    Windows Membership:
      CIFSQA\Schema Admins (Domain group)
      CIFSQA\Enterprise Admins (Domain group)
      CIFSQA\Domain Admins (Domain group)
      CIFSQA\Domain Users (Domain group)
      CIFSQA\Group Policy Creator Owners (Domain group)
      BUILTIN\Administrators (Alias)
      BUILTIN\Users (Alias)
     User is also a member of Everyone, Authenticated Users, and Network Users
    Privileges (0x2b7):
      SeBackupPrivilege
      SeRestorePrivilege
      SeTakeOwnershipPrivilege
    Top of Page