Creating a Kerberos realm configuration
If you want to use Kerberos authentication for client access, you must configure the storage virtual machine (SVM) to use an existing Kerberos realm. You can use Storage Manager to create a Kerberos realm configuration, which enables SVMs to use Kerberos security services for NFS.
Before you begin
The CIFS license must be installed if CIFS shares are used, and the NFS license must be installed if an LDAP server is used.
Active Directory (Windows 2003 or Windows 2008) with DES MD5 encryption capability must be available.
You must have set the time zone and synchronized the time across the cluster by configuring NTP.
This prevents authentication errors, and ensures that the timestamps in log files are consistent across the cluster.
About this task
While creating a Kerberos realm, you must set the following attributes in the Create Kerberos Realm wizard:
Kerberos realm
KDC IP address and port number
The default port number is 88.
Kerberos Key Distribution Center (KDC) vendor
Administrative server IP address if the KDC vendor is not Microsoft
Password server IP address
Active Directory server name and IP address if the KDC vendor is Microsoft
- Click .
- Select the SVM , and then click SVM Settings.
- In the Services pane, click Kerberos Realm.
- In the Kerberos Realm window, click Create.
- Type or select information as prompted by the wizard.
- Confirm the details, and then click Finish to complete the wizard.