Skip to main content

Verify permissions for Kerberos configuration

Contributors netapp-aherbin
PDFs

Kerberos requires that certain UNIX permissions be set for the SVM root volume and for local users and groups.

Steps

  1. Display the relevant permissions on the SVM root volume:

    volume show -volume root_vol_name-fields user,group,unix-permissions

    The root volume of the SVM must have the following configuration:

    Name…​ Setting…​

    UID

    root or ID 0

    GID

    root or ID 0

    UNIX permissions

    755

    If these values are not shown, use the volume modify command to update them.

  2. Display the local UNIX users:

    vserver services name-service unix-user show -vserver vserver_name

    The SVM must have the following UNIX users configured:

    User name User ID Primary group ID Comment

    nfs

    500

    0

    Required for GSS INIT phase.

    The first component of the NFS client user SPN is used as the user.

    The nfs user is not required if a Kerberos-UNIX name mapping exists for the SPN of the NFS client user.

    root

    0

    0

    Required for mounting.

    If these values are not shown, you can use the vserver services name-service unix-user modify command to update them.

  3. Display the local UNIX groups:

    vserver services name-service unix-group show -vserver vserver _name

    The SVM must have the following UNIX groups configured:

    Group name Group ID

    daemon

    1

    root

    0

    If these values are not shown, you can use the vserver services name-service unix-group modify command to update them.