Skip to main content

Create a Kerberos realm

Contributors

POST /protocols/nfs/kerberos/realms

Introduced In: 9.6

Creates a Kerberos realm.

Required properties

  • svm.uuid or svm.name - Existing SVM on which to create the Kerberos realm.

  • name - Base name for the Kerberos realm.

  • kdc.vendor - Vendor of the Key Distribution Center (KDC) server for this Kerberos realm. If the configuration uses a Microsoft Active Directory domain for authentication, this field nust be microsoft.

  • kdc.ip - IP address of the KDC server for this Kerberos realm.

  • ad_server.name - Host name of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is microsoft.

  • ad_server.address - IP address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is microsoft.

Default property values

If not specified in POST, the following default property value is assigned:

  • kdc.port - 88

  • admin_server.port - 749

  • password_server.port - 464

  • clock_skew - 5

  • vserver nfs kerberos realm create

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

ad_server

ad_server

admin_server

admin_server

clock_skew

integer

Specifies the allowed time of clock-skew between the server and clients, in minutes.

comment

string

Comment

encryption_types

array[string]

kdc

kdc

name

string

Kerberos realm

password_server

password_server

svm

svm

SVM, applies only to SVM-scoped objects.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "ad_server": {
    "address": "1.2.3.4",
    "name": "string"
  },
  "admin_server": {
    "address": "1.2.3.4"
  },
  "comment": "string",
  "encryption_types": [
    "string"
  ],
  "kdc": {
    "ip": "1.2.3.4",
    "port": 88,
    "vendor": "string"
  },
  "name": "string",
  "password_server": {
    "address": "1.2.3.4"
  },
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 201, Created

Headers

Name Description Type

Location

Useful for tracking the resource location

string

Error

Status: Default

ONTAP Error Response codes

Error codes Description

2949121

Active Directory server name required.

2949122

Active Directory server address required

2949123

Failed to create Kerberos realm.

2949124

Failed to create hosts file entry.

3276949

Kerberos realm creation failed. Reason: The parameters "ad_server.name" and "ad_server.address" are only valid when "kdc.vendor" is Microsoft

3276976

"realm" is a required input

3276998

Only the data Vservers can own NFS Kerberos realms.

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

ad_server

Name Type Description

address

string

Active Directory server IP address

name

string

Active Directory server name

admin_server

Name Type Description

address

string

Admin server IP address.

port

integer

Specifies the port number of admin server.

kdc

Name Type Description

ip

string

KDC IP address

port

integer

KDC port

vendor

string

Key Distribution Center (KDC) vendor. Following values are suported:

  • microsoft - Microsoft Active Directory KDC

  • other - MIT Kerberos KDC or other KDC

password_server

Name Type Description

address

string

Password server IP address.

port

integer

Specifies the port number of password server.

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

kerberos_realm

Name Type Description

_links

_links

ad_server

ad_server

admin_server

admin_server

clock_skew

integer

Specifies the allowed time of clock-skew between the server and clients, in minutes.

comment

string

Comment

encryption_types

array[string]

kdc

kdc

name

string

Kerberos realm

password_server

password_server

svm

svm

SVM, applies only to SVM-scoped objects.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.