You must create a Unix authentication record and choose Target Type as NetApp Ontap for VM or NetApp Ontap (Policy Compliance) for PC in the Login Credentials tab.
The scan user account you provide for authentication must have the admin role for a complete compliance scan. This role permits access to all of the commands required for scanning.
For VM scanning:
cmd: "version"
For PC scanning:
cmd: "security login role config show -fields username-minlength"
cmd: "security login role config show -fields username-alphanum"
cmd: "security login role config show -fields passwd-minlength"
cmd: "security login role config show -fields passwd-alphanum"
cmd: "security login role config show -fields passwd-min-special-chars"
cmd: "security login role config show -fields passwd-expiry-time"
cmd: "security login role config show -fields require-initial-passwd-update"
cmd: "security login role config show -fields max-failed-login-attempts"
cmd: "security login role config show -fields lockout-duration"
cmd: "security login role config show -fields disallowed-reuse"
cmd: "security login role config show -fields change-delay"
cmd: "security login role config show -fields delay-after-failed-login"
cmd: "security login role config show -fields passwd-min-lowercase-chars"
cmd: "security login role config show -fields passwd-min-uppercase-chars"
cmd: "security login role config show -fields passwd-expiry-warn-time"
cmd: "security login role config show -fields account-inactive-limit"
cmd: "system timeout show"
cmd: "cluster log-forwarding show"
cmd: "event notification show"
cmd: "security ssh show -fields max-authentication-retry-count"
cmd: "timezone"
cmd: "vserver services dns show -fields vserver,domains,name-servers"
cmd: "vserver services nis-domain show -fields vserver,domain,nis-servers"
cmd: "vserver services ldap client show"
cmd: "vserver iscsi status -fields vserver,status-admin"
cmd: "vserver fcp show -fields vserver,target-name,status-admin"
cmd: "security login role config show -fields passwd-min-digits"
cmd: "security login role config show -fields account-expiry-time"
cmd: "vserver nfs show"
You must create a scan user account (e.g. qualys_scan) and assign the admin role. Then, provide this user account in your authentication record.
Using Web UI
1) Log in to the Netapp system. Go to the Management/Users page and add a new user.
2) Provide a username and password for the new user account. Then make sure the following settings are selected in the User Login Methods section:
Application: ssh
Authentication: password
Role: admin
Using CLI
1) Log in to the Netapp system via SSH using an admin account.
2) Use the following command:
security login create -user <username> -application ssh -authentication-method password -role admin
3) When prompted, enter the password.
Note: