ONTAP Discussions

Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

RandomStorage

Hi!

 

I'm trying to set up Kerberos on NetApp for use with NFS, and when i try to run the "kerberos interface enable -vserver somename -lif somename -spn nfs/FQDN@REALM command, it fails with "Strong authentication is required".

 

I faced the same when setting up CIFS earlier, but then there was a "vserver cifs security modify -vserver somename -session-security-for-ad-ldap someoption" that solved it by changing it.

 

But since that seems to be a cifs specific command, while this is for kerberos/nfs i'm not sure if i can use the same command, or if there is a similiar command for kerberos ?

6 REPLIES 6

Re: Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

RandomStorage

Also, on the same note, is there any way to change/modify/specify the account name that command uses/generates ?

 

Reason i'm asking is that the naming standard is 12 characters long, and when it automatically adds NFS- to the front of it, and it seems to only support 15 ,  the last character in the naming standard is lost, and we could end up with multiple servers having the same name unintentionally.

Re: Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

paul_stejskal

Re: Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

RandomStorage

Yes i did, realm was created

Re: Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

DanApp

Did the original poster or anyone have clues on this issue? I'm having the same trouble. 

 

Have read much doco but there must be something i'm missing..

 

Thanks

Re: Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

RandomStorage
Hi!

This is going off memory, so not sure if this was the thing that made the trick for us, but i believe so.

"vserver cifs security modify -vserver -session-security-for-ad-ldap-sign"


Best Regards

View solution in original post

Re: Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

DanApp

Thanks - confirming that resolved the issue for me

2021 NetApp Partner Experience Survey
PES Banner
All Community Forums
Public