ONTAP 9.15.1 commands

vserver nfs kerberos realm create

Create a Kerberos realm configuration

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver nfs kerberos realm create command creates a Kerberos realm configuration.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the Vserver associated with the Kerberos realm configuration that you want to create.

-realm <text> - Kerberos Realm

This parameter specifies the name of the Kerberos realm for the configuration.

-kdc-vendor <Kerberos Key Distribution Center (KDC) Vendor> - KDC Vendor

This optional parameter specifies the KDC vendor. Specify Microsoft if you are using a Microsoft Active Directory server; specify Other if you are using a UNIX server.

-kdc-ip <IP Address> - KDC IP Address

This optional parameter specifies the IP address of the Kerberos Distribution Center (KDC) server.

[-kdc-port <integer>] - KDC Port

This optional parameter specifies the port number of the KDC server. The default setting is 88.

[-clock-skew <integer>] - Clock Skew

This optional parameter specifies how many minutes of clock skew between the clients and the server are permitted. The default setting is 5 minutes.

[-adserver-name <text>] - Active Directory Server Name

This optional parameter specifies the name of an Active Directory server for the configuration. Use this parameter only if you specified the value of -kdc-vendor parameter as Microsoft.

[-adserver-ip <IP Address>] - Active Directory Server IP Address

This optional parameter specifies the IP address of an Active Directory server for the configuration. Use this parameter only if you specified the value of the -kdc-vendor parameter as Microsoft.

[-comment <text>] - Comment

This optional parameter specifies a comment for the Kerberos realm configuration.

[-adminserver-ip <IP Address>] - Admin Server IP Address

This optional parameter specifies the IP address of the administrative server. Use this parameter only if you specified the value of -kdc-vendor parameter as Other. The default setting for this parameter is the KDC server’s IP address as specified by the -kdc-ip parameter.

[-adminserver-port <integer>] - Admin Server Port

This optional parameter specifies the port number of the administrative server. The default setting is 749. Use this parameter only if you specified the value of -kdc-vendor parameter as Other.

[-passwordserver-ip <IP Address>] - Password Server IP Address

This optional parameter specifies the IP address of the password server. Use this parameter only if you specified the value of -kdc-vendor parameter as Other. The default setting for this parameter is the KDC server’s IP address as specified by the -kdc-ip parameter.

[-passwordserver-port <integer>] - Password Server Port

This optional parameter specifies the port number of the password server. The default setting is 464. Use this parameter only if you specified the value of -kdc-vendor parameter as Other.

Examples

The following example creates a Kerberos realm named SEC.EXAMPLE.COM for the Vserver named AUTH. The permitted clock skew is 15 seconds. The KDC’s IP address is 192.0.2.170 and its port is 88. The KDC vendor is Other (for a UNIX KDC). The administrative server’s IP address is 192.0.2.170 and its port is 749. The password server’s IP address is 192.0.2.170 and its port is 464.

cluster1::> vserver nfs kerberos realm create -vserver AUTH -realm SEC.EXAMPLE.COM -clock-skew 15 -kdc-ip 192.0.2.170 -kdc-port 88 -kdc-vendor Other -adminserver-ip 192.0.2.170 -adminserver-port 749 -passwordserver-ip 192.0.2.170 -passwordserver-port 464
Top of Page