I'm trying to set up Kerberos on NetApp for use with NFS, and when i try to run the "kerberos interface enable -vserver somename -lif somename -spn nfs/FQDN@REALM command, it fails with "Strong authentication is required".
I faced the same when setting up CIFS earlier, but then there was a "vserver cifs security modify -vserver somename -session-security-for-ad-ldap someoption" that solved it by changing it.
But since that seems to be a cifs specific command, while this is for kerberos/nfs i'm not sure if i can use the same command, or if there is a similiar command for kerberos ?
Solved! See The Solution
Also, on the same note, is there any way to change/modify/specify the account name that command uses/generates ?
Reason i'm asking is that the naming standard is 12 characters long, and when it automatically adds NFS- to the front of it, and it seems to only support 15 , the last character in the naming standard is lost, and we could end up with multiple servers having the same name unintentionally.
Sorry gotta ask, did you create the realm first? https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nfs-cg%2FGUID-3ECE9551-A805-460B-86EC-EBCC14422528.html&lang=en
Probably a stupid question.
Yes i did, realm was created
Did the original poster or anyone have clues on this issue? I'm having the same trouble.
Have read much doco but there must be something i'm missing..
Thanks - confirming that resolved the issue for me