Verify permissions for Kerberos configuration
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
Kerberos requires that certain UNIX permissions be set for the SVM root volume and for local users and groups.
-
Display the relevant permissions on the SVM root volume:
volume show -volume root_vol_name-fields user,group,unix-permissions
The root volume of the SVM must have the following configuration:
Name… Setting… UID
root or ID 0
GID
root or ID 0
UNIX permissions
755
If these values are not shown, use the
volume modify
command to update them. -
Display the local UNIX users:
vserver services name-service unix-user show -vserver vserver_name
The SVM must have the following UNIX users configured:
User name User ID Primary group ID Comment nfs
500
0
Required for GSS INIT phase.
The first component of the NFS client user SPN is used as the user.
The nfs user is not required if a Kerberos-UNIX name mapping exists for the SPN of the NFS client user.
root
0
0
Required for mounting.
If these values are not shown, you can use the
vserver services name-service unix-user modify
command to update them. -
Display the local UNIX groups:
vserver services name-service unix-group show -vserver vserver _name
The SVM must have the following UNIX groups configured:
Group name Group ID daemon
1
root
0
If these values are not shown, you can use the
vserver services name-service unix-group modify
command to update them.