Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

What computer account name will be created on AD when initiating "kerberos interface enable" command?

Views:
319
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nfs
Last Updated:

Applies to

  • ONTAP
  • NFS
  • Kerberos

Answer

The computer account name created in Active Directory when enabling kerberos will by default -

  • Begin with the "NFS-" string
  • Continue with the SPN specified in the command
  • Due to maximum length limitation of a computer account name, only a few characters may be considered

Example:

kerberos interface modify -vserver svm1 -lif lif1 -kerberos enabled -spn nfs/short.cerveteri.testdom.root@CERVETERI.TESTDOM.ROOT
Will create an account named NFS-SHORT-CERVE on the domain controller

Additional Information

In ONTAP 9.5P5 and later, it is possible to specify a machine account name to be used for the configuration of kerberos for that specific lif.

Example:

kerberos interface modify -vserver svm1 -lif lif1 -kerberos enabled -spn nfs/short.cerveteri.testdom.root@CERVETERI.TESTDOM.ROOT -machine-account myshort

Will create an account named MYSHORT on the domain controller

 

Scan to view the article on your device