Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Netapp: toasters

User 'root' denied access - missing required capability: 'cli-route'

  

 
Netapp toasters RSS feed   Index | Next | Previous | View Threaded


fcocquyt at stanford

May 4, 2012, 9:10 AM

Post #1 of 1 (729 views)
Permalink
User 'root' denied access - missing required capability: 'cli-route'
I'm seeing this error "User 'root' denied access - missing required capability: 'cli-route'" (on the console) at the cutover stage of vFiler migration under 8.1 GA

The vFiler migrations are successful, but this error is troubling for production vFiler migrations which require zero downtime.
I opened a netapp support case and posted more details here:

https://communities.netapp.com/message/80796

I'm looking to confirm the proper useradmin user->group->role mappings for root in case 8.1GA introduced some bug.

I have (note no groups for root user - should I create a root group and add the mapping to the root role?):

useradmin user list
Name: root
Info: Default system administrator.
Rid: 0
Groups:

--
useradmin group list
Name: Administrators
Info: Members can fully administer the filer
Rid: 544
Roles: admin

Name: Backup Operators
Info: Members can bypass file security to backup files
Rid: 551
Roles: backup,none

Name: Compliance Administrators
Info: Members can perform compliance operations
Rid: 131072
Roles: compliance

Name: Guests
Info: Users granted Guest Access
Rid: 546
Roles: none

Name: ndmp
Info:
Rid: 131077
Roles: ndmp_role

Name: oragroup
Info:
Rid: 131075
Roles: oracle

Name: Power Users
Info: Members that can share directories
Rid: 547
Roles: power

Name: Replicators
Info: not supported
Rid: 552
Roles: none

Name: Users
Info: Ordinary Users
Rid: 545
Roles: audit

--
useradmin role list
Name: admin
Info:
Allowed Capabilities: login-*,cli-*,api-*,security-*

Name: audit
Info:
Allowed Capabilities: api-snmp-get,api-snmp-get-next

Name: backup
Info: Default role for NDMP privileges.
Allowed Capabilities: login-ndmp

Name: compliance
Info: Default role for compliance privileges.
Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh,api-system-api-*,cli-snaplock*,api-snaplock-*,api-file-*,compliance-*

Name: ndmp_role
Info:
Allowed Capabilities: login-ndmp

Name: none
Info:
Allowed Capabilities:

Name: oracle
Info:
Allowed Capabilities: login-ssh,cli-snap*

Name: power
Info:
Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh

Name: root
Info:
Allowed Capabilities: *




thanks

Netapp toasters RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.