Skip to main content

NetApp wins prestigious Coveo Relevance Pinnacle Award. Learn more!

INSIGHT Japan :2023年 1月25日(水)ANAインターコンチネンタルホテル開催 へ参加・申込を行う

NetApp Knowledge Base

Login to a user created SP admin account failed with Permission denied after nodes joined to a existed cluster

Views:
104
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

ONTAP 9.9.1

Issue

  • User created an admin role SP account in cluster which can be login from nodes within cluster:

                      Vserver: cluster-01
      User Name or Group Name: fasadmin
                  Application: service-processor
        Authentication Method: password
     Remote Switch IP Address: -
                    Role Name: admin
               Account Locked: no
                 Comment Text: -
      Whether Ns-switch Group: no
Second Authentication Method2: none

  • After new nodes joined to current cluster, they can not login to the SP account even after node reboot:

[~]$ ssh fasadmin@10.xxx.xx.185
The authenticity of host '10.xxx.xx.185(10.xxx.xx.185)' can't be established.
ECDSA key fingerprint is SHA256:+xANMpHpDEQoLmhd0Kmi1AW2PwHeI5daI3znYbr+2eM.
ECDSA key fingerprint is MD5:8e:37:01:73:xx:xx:xx:xx:xx:xx:xx:7c:1c:bd:f7:5b.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/server-admins/.ssh/known_hosts).
admin@10.xxx.xx.185'>fasadmin@10.xxx.xx.185's password:

Permission denied, please try again.

  • All nodes can login to default SP admin account:

[ ~]$ ssh admin@10.xxx.xx.185
The authenticity of host '10.xxx.xx.185(10.xxx.xx.185)' can't be established.
ECDSA key fingerprint is SHA256:+xANMpHpDEQoLmhd0Kmi1AW2PwHeI5daI3znYbr+2eM.
ECDSA key fingerprint is MD5:8e:37:01:73:xx:xx:xx:xx:xx:xx:xx:7c:1c:bd:f7:5b.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/server-admins/.ssh/known_hosts).
SP new-node-01>      

  • SP-LATEST-SYSLOG and SP-DEBUG-MLOG-TXT.GZ shows SP account profile synchronization failed:

cat /var/log/authlog.1 /var/log/authlog | tail -c 20480
========================================================
Aug  3 14:16:05 (none) sshd[2020]: Invalid user fasadmin from 10.xxx.xx.37 port 56708
Aug  3 14:16:07 (none) sshd[2020]: Failed none for invalid user fasadmin from 10.xxx.xx.37 port 56708 ssh2
Aug  3 14:16:22 (none) sshd[2020]: Failed password for invalid user fasadmin from 10.xxx.xx.37 port 56708 ssh2

2022-08-03 11:20:09.826 [sp_config_0] [rlm_push_config]: sending cluster user refresh command
2022-08-03 11:20:09.826 [sp_config_0] [sp_user_mgmt:info]: sp_cluster_user_update: op 3; action 7 6-update 7-refresh
2022-08-03 11:20:09.826 [sp_config_0] [sp_configd:info]: request queued: cmd 0xb
2022-08-03 11:20:09.826 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_cluster_usr_mgmt_process_msg: received SP_CLUSTER_USER_REFRESH
2022-08-03 11:20:09.826 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_get_cluster_usr_lst: userprofile_all_retry_cnt 10
2022-08-03 11:20:09.826 [sp_configd_pq] [sp_configd:info]: request sent: cmd 0xb
2022-08-03 11:20:09.829 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:info]: sp_get_cluster_usr_lst: Unable to get next [entry doesn't exist]; err 4; userCount 0
2022-08-03 11:20:09.829 [sp_cluster_user_mgmt_wq_wq] [sp_user_mgmt:error]: sp_get_cluster_usr_lst: rpc_error rtn; user count 0

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device