Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

How to flush netgroups cache in Clustered Data ONTAP?

Last Updated:

Applies to

Clustered Data ONTAP 8


  • ONTAP caches netgroups data in the local cache for improved performance.
  • However, because of using cache, changes made to the netgroup database on NISLDAP servers are not reflected immediately on the cluster.
  • They will be available only after the cache expires the next time.
  • In case the Administrator needs those changes to be reflected immediately, the cache will have to be flushed manually.
    • The following section explains how to flush the netgroups cache for NIS or LDAP name-servers.
      • Notes:
        • The following set of commands flushes multiple entries of netgroups which will force the vServer to fetch the whole data back from the Name-Services. Use these commands only when necessary
        • The command 'export-policy cache flush' must be issued from the node that owns the cache, thus; by logging in to a management LIF on each node.
        • Part of the following commands are only available with diag privileges.
  • Flush NIS/LDAP Netgroups Cache:
    • To manually flush the netgroups cache, run the following commands in the exact order:
      1. From each node management lif, Flush MGWD/SECD netgroups cache:  
        • For Ontap running below 9.3:

                    export-policy cache flush -vserver <vserver-name> -cache netgroup 

  • For Ontap running 9.3 and above caches are global:

                    vserver services name-service cache netgroups ip-to-netgroup delete-all -vserver <vserver-name>

 2. Flush NBLADE netgroups cache:

diag exports nblade access-cache flush -node <node-name> -vserver <vserver-name> -policy <export-policy-name> -addres   s <client-IP-address> 


The flags -address and -vserver can be removed in-case of a requirement to flush all.
  • If the error: Error: As name service caching is enabled, Netgroups" caches no longer exist. is seen after executing the above command, use the following commands to delete the corresponding name service cache entries:
    • set advanced;vserver services name-service cache netgroups ip-to-netgroup delete-all  and vserver services name-service cache netgroups members delete-all 
  • For LDAP netgroups on clustered Data ONTAP version earlier than 8.3.2, run the following commands before running the above procedure:
    • If your version is 8.3.2 and up you can skip this step.
      •  Flush SECD netgroups cache:
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-ip -entry <netgroup-name>
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-host -entry <netgroup-name>
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name ldap-netgroupname-to-members -entry <netgroup-name>
The flag -entry can be removed in-case of a requirement to flush all.


Additional Information


Scan to view the article on your device