Create a Kerberos realm
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
POST /protocols/nfs/kerberos/realms
Introduced In: 9.6
Creates a Kerberos realm.
Required properties
-
svm.uuid
orsvm.name
- Existing SVM on which to create the Kerberos realm. -
name
- Base name for the Kerberos realm. -
kdc.vendor
- Vendor of the Key Distribution Center (KDC) server for this Kerberos realm. If the configuration uses a Microsoft Active Directory domain for authentication, this field nust bemicrosoft
. -
kdc.ip
- IP address of the KDC server for this Kerberos realm.
Recommended optional properties
-
ad_server.name
- Host name of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor ismicrosoft
. -
ad_server.address
- IP address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor ismicrosoft
.
Default property values
If not specified in POST, the following default property value is assigned:
-
kdc.port
- 88 -
admin_server.port
- 749 -
password_server.port
- 464 -
clock_skew
- 5
Related ONTAP commands
-
vserver nfs kerberos realm create
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
ad_server |
||
admin_server |
||
clock_skew |
integer |
Specifies the allowed time of clock-skew between the server and clients, in minutes. |
comment |
string |
Comment |
encryption_types |
array[string] |
|
kdc |
||
name |
string |
Kerberos realm |
password_server |
||
svm |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"ad_server": {
"address": "1.2.3.4",
"name": "string"
},
"admin_server": {
"address": "1.2.3.4"
},
"comment": "string",
"encryption_types": [
"string"
],
"kdc": {
"ip": "1.2.3.4",
"port": 88,
"vendor": "string"
},
"name": "string",
"password_server": {
"address": "1.2.3.4"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
Response
Status: 201, Created
Headers
Name | Description | Type |
---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: Default
ONTAP Error Response codes
Error codes | Description |
---|---|
2949121 |
Active Directory server name required. |
2949122 |
Active Directory server address required |
2949123 |
Failed to create Kerberos realm. |
2949124 |
Failed to create hosts file entry. |
3276949 |
Kerberos realm creation failed. Reason: The parameters "ad_server.name" and "ad_server.address" are only valid when "kdc.vendor" is Microsoft |
3276976 |
"realm" is a required input |
3276998 |
Only the data Vservers can own NFS Kerberos realms. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
ad_server
Name | Type | Description |
---|---|---|
address |
string |
Active Directory server IP address |
name |
string |
Active Directory server name |
admin_server
Name | Type | Description |
---|---|---|
address |
string |
Admin server IP address. |
port |
integer |
Specifies the port number of admin server. |
kdc
Name | Type | Description |
---|---|---|
ip |
string |
KDC IP address |
port |
integer |
KDC port |
vendor |
string |
Key Distribution Center (KDC) vendor. Following values are suported:
|
password_server
Name | Type | Description |
---|---|---|
address |
string |
Password server IP address. |
port |
integer |
Specifies the port number of password server. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
kerberos_realm
Name | Type | Description |
---|---|---|
_links |
||
ad_server |
||
admin_server |
||
clock_skew |
integer |
Specifies the allowed time of clock-skew between the server and clients, in minutes. |
comment |
string |
Comment |
encryption_types |
array[string] |
|
kdc |
||
name |
string |
Kerberos realm |
password_server |
||
svm |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |