On pe, 26 kesä 2020, Ronald Wimmer via FreeIPA-users wrote:
On 26.06.20 11:07, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 26 kesä 2020, Ronald Wimmer via FreeIPA-users wrote:
Is there any way to make a NetApp SVM an IPA client in order to
provide a kerberized NFSv4-share?
Two resources I am aware about for NetApp and FreeIPA integration are
done by Justin Parisi from NetApp:
NFS Kerberos support: https://www.netapp.com/us/media/tr-4616.pdf
This one has great detail on Kerberos/NFS part. I suggested to Justin
some changes earlier over his blog and they are already part of this TR.
How to configure LDAP in ONTAP:
https://www.netapp.com/us/media/tr-4835.pdf
The latter one is still not satisfying to my liking, but both are a very
recent attempt from NetApp side (May 2020) and is fully covering all of
FreeIPA integration they are supporting.
Hi Alexander,
I've already read the first document. What we've managed so far is
creating the SVM host and NFS-ServicePrincipal manually in IPA. With
the corresponding keytab file we could create a kerberized SVM.
Then I've created an automount map reflecting the share on the SVM.
What we could see in the logs is that our [email protected] is not
known to the SVM. This part could be solved by an LDAP configuration
on the OnTap side as described in the document?
Partially, I guess. Sorry, I do not have access to any NetApp device, so
cannot help more.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
