ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

RandomStorage
‎2020-01-22 04:38 AM
5,059 Views

Hi!

 

I'm trying to set up Kerberos on NetApp for use with NFS, and when i try to run the "kerberos interface enable -vserver somename -lif somename -spn nfs/FQDN@REALM command, it fails with "Strong authentication is required".

 

I faced the same when setting up CIFS earlier, but then there was a "vserver cifs security modify -vserver somename -session-security-for-ad-ldap someoption" that solved it by changing it.

 

But since that seems to be a cifs specific command, while this is for kerberos/nfs i'm not sure if i can use the same command, or if there is a similiar command for kerberos ?

0 Kudos
1 ACCEPTED SOLUTION

RandomStorage
‎2021-05-18 01:47 AM
4,176 Views
Hi!

This is going off memory, so not sure if this was the thing that made the trick for us, but i believe so.

"vserver cifs security modify -vserver -session-security-for-ad-ldap-sign"


Best Regards

View solution in original post

0 Kudos
6 REPLIES 6

RandomStorage
‎2020-01-22 05:04 AM
5,051 Views

Also, on the same note, is there any way to change/modify/specify the account name that command uses/generates ?

 

Reason i'm asking is that the naming standard is 12 characters long, and when it automatically adds NFS- to the front of it, and it seems to only support 15 ,  the last character in the naming standard is lost, and we could end up with multiple servers having the same name unintentionally.

0 Kudos

paul_stejskal
NetApp
‎2020-01-23 10:30 AM
In response to RandomStorage
4,997 Views

Sorry gotta ask, did you create the realm first? https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nfs-cg%2FGUID-3ECE9551-A805-460B-86EC-EBCC14422528.html&lang=en

 

Probably a stupid question.

0 Kudos

RandomStorage
‎2020-01-23 02:12 PM
In response to paul_stejskal
4,985 Views

Yes i did, realm was created

0 Kudos

DanApp
‎2021-05-17 10:38 PM
4,192 Views

Did the original poster or anyone have clues on this issue? I'm having the same trouble. 

 

Have read much doco but there must be something i'm missing..

 

Thanks

0 Kudos

RandomStorage
‎2021-05-18 01:47 AM
4,177 Views
Hi!

This is going off memory, so not sure if this was the thing that made the trick for us, but i believe so.

"vserver cifs security modify -vserver -session-security-for-ad-ldap-sign"


Best Regards
0 Kudos

DanApp
‎2021-05-20 08:52 PM
In response to RandomStorage
4,148 Views

Thanks - confirming that resolved the issue for me

0 Kudos
All Community Forums
Public