Skip to main content
NetApp Knowledge Base

What computer account name will be created on AD when initiating "kerberos interface enable" command?

Views:
532
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP
  • NFS
  • Kerberos

Answer

The computer account name created in Active Directory when enabling kerberos will by default -

  • Begin with the "NFS-" string
  • Continue with the SPN specified in the command
  • Due to maximum length limitation of a computer account name, only a few characters may be considered

Example:

kerberos interface modify -vserver svm1 -lif lif1 -kerberos enabled -spn nfs/short.cerveteri.testdom.root@CERVETERI.TESTDOM.ROOT
Will create an account named NFS-SHORT-CERVE on the domain controller

Additional Information

In ONTAP 9.5P5 and later, it is possible to specify a machine account name to be used for the configuration of kerberos for that specific lif.

Example:

kerberos interface modify -vserver svm1 -lif lif1 -kerberos enabled -spn nfs/short.cerveteri.testdom.root@CERVETERI.TESTDOM.ROOT -machine-account myshort

Will create an account named MYSHORT on the domain controller

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.