How ONTAP name service switch configuration works
ONTAP stores name service configuration information in a table that is the equivalent of the /etc/nsswitch.conf file on Linux systems. You must understand the function of the table and how ONTAP uses it so that you can configure it appropriately for your environment.
The ONTAP name service switch table determines which name service sources ONTAP consults in which order to retrieve information for a certain type of name service information. ONTAP maintains a separate name service switch table for each SVM.
Database types
The table stores a separate name service list for each of the following database types:
| Database type | Defines name service sources for... | Valid sources are... |
|---|---|---|
| hosts | Converting host names to IP addresses | files, dns |
| group | Looking up user group information | files, nis, ldap |
| passwd | Looking up user information | files, nis, ldap |
| netgroup | Looking up netgroup information | files, nis, ldap |
| namemap | Mapping user names | files, ldap |
Source types
The sources specify which name service source to use for retrieving the appropriate information.
| Specify source type... | To look up information in... | Managed by the command families... |
|---|---|---|
| files | Local source files | vserver services name-service unix-user vserver services name-service unix-group vserver services name-service netgroup vserver services name-service dns hosts |
| nis | External NIS servers as specified in the NIS domain configuration of the SVM | vserver services name-service nis-domain |
| ldap | External LDAP servers as specified in the LDAP client configuration of the SVM | vserver services name-service ldap |
| dns | External DNS servers as specified in the DNS configuration of the SVM | vserver services name-service dns |
Even if you plan to use NIS or LDAP for both data access and SVM administration authentication, you should still include files and configure local users as a fallback in case NIS or LDAP authentication fails.
Protocols used to access external sources
To access the servers for external sources, ONTAP uses the following protocols:
| External name service source | Protocol used for access |
|---|---|
| NIS | UDP |
| DNS | UDP |
| LDAP | TCP |
Example
The following example displays the name service switch configuration for the SVM svm_1:
cluster1::*> vserver services name-service ns-switch show -vserver svm_1
Source
Vserver Database Order
--------------- ------------ ---------
svm_1 hosts files,
dns
svm_1 group files
svm_1 passwd files
svm_1 netgroup nis,
files
To look up IP addresses for hosts, ONTAP first consults local source files. If the query does not return any results, DNS servers are checked next.
To look up user or group information, ONTAP consults only local sources files. If the query does not return any results, the lookup fails.
To look up netgroup information, ONTAP first consults external NIS servers. If the query does not return any results, the local netgroup file is checked next.
There are no name service entries for name mapping in the table for the SVM svm_1. Therefore, ONTAP consults only local source files by default.