PowerScale: SSH login to PowerScale nodes with windows active directory domain credentials are failing with the error "Access Denied"
Summary: SSH login to newly added PowerScale nodes fails with Active directory credentials, though the authentication provider is online on PowerScale nodes. The same credential working fine on the Web interface login portal ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
SSH login to PowerScale nodes with active directory credentials is failing with "Access Denied" error.
Cause
On PowerScale, the authentication provider is assigned with a different login shell than the login shell assigned to the user account on the active directory.
See the below example.
Due to the mismatch in login shell assigned to user account on Active directory and authentication provider on PowerScale, domain-based authentications are not working during SSH/CLI login.
See the below example.
- Log in Shell on the PowerScale cluster assigned to the Active directory authentication provider.
Clustrername-1# isi auth ads list -v | grep -i shell Login Shell:/bin/zsh
- Login shell assigned to user account on Active Directory Domain checked from Windows Powershell
Get-ADuser ‘username” -Properties loginshell Loginshell : /usr/bin/ksh
Due to the mismatch in login shell assigned to user account on Active directory and authentication provider on PowerScale, domain-based authentications are not working during SSH/CLI login.
Resolution
Follow the below procedure to remediate the issue by creating a symbolic link between login shells assigned to the active directory user account and the PowerScale authentication provider.
1. Verify the login shell on Isilon/Powerscale for authentication provider.
2. Verify the login shell assigned on the active directory for the user account.
3. Create symbolic link between login shell assigned to PowerScale authentication provider and user account on AD using below command on PowerScale.
4. Log in to Isilon/Powerscale through SSH with Active directory credential.
1. Verify the login shell on Isilon/Powerscale for authentication provider.
isi auth ads list -v | grep -i shell Login Shell: /bin/zsh
2. Verify the login shell assigned on the active directory for the user account.
- Launch the PowerShell from the Windows machine.
- Run below command on PowerShell
Get-ADuser 'ADusername" -Properties login shell
- Check the login shell details from the above command output and something similar to the below is displayed.
Loginshell: /usr/bin/ksh
3. Create symbolic link between login shell assigned to PowerScale authentication provider and user account on AD using below command on PowerScale.
isi_for_array "ln -s /bin/zsh /usr/bin/ksh"
4. Log in to Isilon/Powerscale through SSH with Active directory credential.
Affected Products
Isilon, PowerScale OneFSArticle Properties
Article Number: 000227825
Article Type: Solution
Last Modified: 19 Sep 2024
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.