Skip to main content
ONTAP commands
A newer release of this product is available.

vserver nfs kerberos interface enable

Suggest changes
PDFs

Enable NFS Kerberos on a LIF

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver nfs kerberos interface enable command enables NFS Kerberos on a logical interface.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the Vserver in which the logical interface exists.

-lif <lif-name> - Logical Interface

This parameter specifies the name of the logical interface on which you want to enable NFS Kerberos.

[-spn <text>] - Service Principal Name

This optional parameter specifies the service principal name (SPN) for the logical interface you want to enable. This value must be in the form nfs/host_name @REALM , where host_name is the fully qualified host name of the Kerberos server, nfs is the service, and REALM is the name of the Kerberos realm (for instance, EXAMPLE.COM). Specify Kerberos realm name in uppercase.

[-admin-username <text>] - Account Creation Username

This optional parameter specifies the administrator user name.

[-admin-password <text>] - Account Creation Password

This optional parameter specifies the administrator password.

[-keytab-uri {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…​}] - Load Keytab from URI

This optional parameter specifies loading a keytab file from the specified URI.

[-ou <text>] - Organizational Unit

This optional parameter specifies the organizational unit (OU) under which the Microsoft Active Directory server account will be created when you enable Kerberos using a realm for Microsoft KDC. If this parameter is not specified, the default OU is "CN=Computers".

[-machine-account <text>] - Machine Account Name

This optional parameter specifies the machine account to create in Active Directory

Examples

The following example enables NFS Kerberos on a Vserver named vs0 and a logical interface named datalif1. The SPN is nfs/sec.example.com@AUTH.SEC.EXAMPLE.COM and the keytab file is loaded from ftp://ftp.example.com/keytab.

vs1::> vserver nfs kerberos interface enable -vserver vs0 -lif datalif1 -spn nfs/sec.example.com@AUTH.SEC.EXAMPLE.COM -keytab-uri
 ftp://ftp.example.com/keytab