Update Kerberos interface properties
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
PATCH /protocols/nfs/kerberos/interfaces/{interface.uuid}
Introduced In: 9.6
Updates the properties of a Kerberos interface.
Optional property
-
force
- Specifies whether the server should ignore any error encountered while deleting the corresponding machine account on the KDC and also disables Kerberos on the LIF. This is applicable only when disabling Kerberos.
Related ONTAP commands
-
vserver nfs kerberos interface modify
-
vserver nfs kerberos interface enable
-
vserver nfs kerberos interface disable
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
interface.uuid |
string |
path |
True |
Network interface UUID
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
enabled |
boolean |
Specifies if Kerberos is enabled. |
encryption_types |
array[string] |
|
force |
boolean |
Specifies whether the server should ignore any error encountered while deleting the corresponding machine account on the KDC and also disables Kerberos on the LIF. |
interface |
Network interface |
|
keytab_uri |
string |
Load keytab from URI |
machine_account |
string |
Specifies the machine account to create in Active Directory. |
organizational_unit |
string |
Organizational unit |
password |
string |
Account creation password |
spn |
string |
Service principal name. Valid in PATCH. |
svm |
||
user |
string |
Account creation user name |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"encryption_types": [
"string"
],
"interface": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"ip": {
"address": "10.10.10.7"
},
"name": "lif1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"keytab_uri": "string",
"machine_account": "string",
"organizational_unit": "string",
"password": "string",
"spn": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"user": "string"
}
Response
Status: 200, Ok
Error
Status: Default
ONTAP Error Response codes
Error codes | Description |
---|---|
1966082 |
LIF could not be found in database. Contact technical support for assistance. |
3276801 |
Failed to bind service principal name on LIF. |
3276809 |
Failed to disable NFS Kerberos on LIF. |
3276832 |
Failed to insert Kerberos attributes to database. |
3276842 |
Internal error. Failed to import Kerberos keytab file into the management databases. Contact technical support for assistance. |
3276861 |
Kerberos is already enabled/disabled on this LIF. |
3276862 |
Kerberos service principal name is required. |
3276889 |
Failed to enable NFS Kerberos on LIF. |
3276937 |
Failed to lookup the Vserver for the virtual interface. |
3276941 |
Kerberos is a required field. |
3276942 |
Service principal name is invalid. It must of the format:"nfs/ |
3276944 |
Internal error. Reason: Failed to initialize the Kerberos context |
3276945 |
Internal error. Reason: Failed to parse the service principal name |
3276951 |
Warning: Skipping unsupported encryption type for service principal name |
3276952 |
"organizational_unit" option cannot be used for "Other" vendor. |
3276965 |
Account sharing across Vservers is not allowed. Use a different service principal name unique within the first 15 characters. |
3277019 |
Cannot specify -force when enabling Kerberos. |
3277020 |
Modifying the NFS Kerberos configuration for a LIF that is not configured for NFS is not supported. |
3277043 |
Keytab import failed due to missing keys. Keys for encryption types are required for Vserver but found no matching keys for service principal name. Generate the keytab file with all required keys and try again. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
ip
IP information
Name | Type | Description |
---|---|---|
address |
string |
IPv4 or IPv6 address |
interface
Network interface
Name | Type | Description |
---|---|---|
_links |
||
ip |
IP information |
|
name |
string |
The name of the interface. If only the name is provided, the SVM scope must be provided by the object this object is embedded in. |
uuid |
string |
The UUID that uniquely identifies the interface. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
kerberos_interface
Name | Type | Description |
---|---|---|
_links |
||
enabled |
boolean |
Specifies if Kerberos is enabled. |
encryption_types |
array[string] |
|
force |
boolean |
Specifies whether the server should ignore any error encountered while deleting the corresponding machine account on the KDC and also disables Kerberos on the LIF. |
interface |
Network interface |
|
keytab_uri |
string |
Load keytab from URI |
machine_account |
string |
Specifies the machine account to create in Active Directory. |
organizational_unit |
string |
Organizational unit |
password |
string |
Account creation password |
spn |
string |
Service principal name. Valid in PATCH. |
svm |
||
user |
string |
Account creation user name |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |