FAQ | This is a LIVE service | Changelog

Changes

Page history
Add how to enable krb for cifs shares authored by Wajdi Hajji's avatar Wajdi Hajji
Show whitespace changes
Inline Side-by-side
Institutional-File-Store-User-Guide.md
View page @ 699b2bb2
...@@ -422,6 +422,17 @@ SMB encryption will be enabled/disabled and a confirmation message will appear o ...@@ -422,6 +422,17 @@ SMB encryption will be enabled/disabled and a confirmation message will appear o
<kbd><img src="uploads/7cca996d50213703cd7e9e8ce0f31deb/image054.png"></kbd> <kbd><img src="uploads/7cca996d50213703cd7e9e8ce0f31deb/image054.png"></kbd>
## Enable Kerberos authentication for CIFS shares
In order to access your shares with Kerberos authentication, you have to add the CIFS service principal name in the `servicePrincipalName` field of the CIFS server machine account created in your AD.
The CIFS service principal name would usually have the format `cifs/<DNS Name of your CIFS network interface>`. For instance, for the CIFS interface `ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`, the CIFS principal name would be `cifs/ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`.
The `servicePrincipalName` would eventually look like the following:
<kbd><img src="uploads/2e0c8b7b5339639b6fc9d2ff093e69b1/cifs-spn.PNG"></kbd>
If you are using `BLUE` AD, please contact us to update your CIFS account machine.
## NFSv4 / Kerberos Client configuration ## NFSv4 / Kerberos Client configuration
Once you set up an NFS share through the SSGW portal, you need to configure your client to be able to mount and access the share using Kerberos authentication. Once you set up an NFS share through the SSGW portal, you need to configure your client to be able to mount and access the share using Kerberos authentication.
... ...
......