On pe, 26 kesÃ¤ 2020, Ronald Wimmer via FreeIPA-users wrote:
On 26.06.20 11:07, Alexander Bokovoy via FreeIPA-users wrote:
>On pe, 26 kesÃÂ¤ 2020, Ronald Wimmer via FreeIPA-users wrote:
>>Is there any way to make a NetApp SVM an IPA client in order to
>>provide a kerberized NFSv4-share?
>Two resources I am aware about for NetApp and FreeIPA integration are
>done by Justin Parisi from NetApp:
>NFS Kerberos support: https://www.netapp.com/us/media/tr-4616.pdf
>This one has great detail on Kerberos/NFS part. I suggested to Justin
>some changes earlier over his blog and they are already part of this TR.
>How to configure LDAP in ONTAP:
>The latter one is still not satisfying to my liking, but both are a very
>recent attempt from NetApp side (May 2020) and is fully covering all of
>FreeIPA integration they are supporting.
I've already read the first document. What we've managed so far is
creating the SVM host and NFS-ServicePrincipal manually in IPA. With
the corresponding keytab file we could create a kerberized SVM.
Then I've created an automount map reflecting the share on the SVM.
What we could see in the logs is that our AD-user(a)mydomain.at is not
known to the SVM. This part could be solved by an LDAP configuration
on the OnTap side as described in the document?
Partially, I guess. Sorry, I do not have access to any NetApp device, so
cannot help more.
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland