ONTAP Discussions

Ontap 9.6 "Strong autentication is required" for Kerberos Interface setup

RandomStorage
1,933 Views

Hi!

 

I'm trying to set up Kerberos on NetApp for use with NFS, and when i try to run the "kerberos interface enable -vserver somename -lif somename -spn nfs/FQDN@REALM command, it fails with "Strong authentication is required".

 

I faced the same when setting up CIFS earlier, but then there was a "vserver cifs security modify -vserver somename -session-security-for-ad-ldap someoption" that solved it by changing it.

 

But since that seems to be a cifs specific command, while this is for kerberos/nfs i'm not sure if i can use the same command, or if there is a similiar command for kerberos ?

1 ACCEPTED SOLUTION

RandomStorage
1,050 Views
Hi!

This is going off memory, so not sure if this was the thing that made the trick for us, but i believe so.

"vserver cifs security modify -vserver -session-security-for-ad-ldap-sign"


Best Regards

View solution in original post

6 REPLIES 6

RandomStorage
1,925 Views

Also, on the same note, is there any way to change/modify/specify the account name that command uses/generates ?

 

Reason i'm asking is that the naming standard is 12 characters long, and when it automatically adds NFS- to the front of it, and it seems to only support 15 ,  the last character in the naming standard is lost, and we could end up with multiple servers having the same name unintentionally.

paul_stejskal
1,871 Views

RandomStorage
1,859 Views

Yes i did, realm was created

DanApp
1,066 Views

Did the original poster or anyone have clues on this issue? I'm having the same trouble. 

 

Have read much doco but there must be something i'm missing..

 

Thanks

RandomStorage
1,051 Views
Hi!

This is going off memory, so not sure if this was the thing that made the trick for us, but i believe so.

"vserver cifs security modify -vserver -session-security-for-ad-ldap-sign"


Best Regards

DanApp
1,022 Views

Thanks - confirming that resolved the issue for me

Public