Release notes
Verify permissions for Kerberos configuration
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Kerberos requires that certain UNIX permissions be set for the SVM root volume and for local users and groups.
-
Display the relevant permissions on the SVM root volume:
volume show -volume root_vol_name-fields user,group,unix-permissionsThe root volume of the SVM must have the following configuration:
Name… Setting… UID
root or ID 0
GID
root or ID 0
UNIX permissions
755
If these values are not shown, use the
volume modifycommand to update them. -
Display the local UNIX users:
vserver services name-service unix-user show -vserver vserver_nameThe SVM must have the following UNIX users configured:
User name User ID Primary group ID Comment nfs
500
0
Required for GSS INIT phase.
The first component of the NFS client user SPN is used as the user.
The nfs user is not required if a Kerberos-UNIX name mapping exists for the SPN of the NFS client user.
root
0
0
Required for mounting.
If these values are not shown, you can use the
vserver services name-service unix-user modifycommand to update them. -
Display the local UNIX groups:
vserver services name-service unix-group show -vserver vserver _nameThe SVM must have the following UNIX groups configured:
Group name Group ID daemon
1
root
0
If these values are not shown, you can use the
vserver services name-service unix-group modifycommand to update them.