- Notes, cautions, and warnings
- Overview
- Getting Started with ECS
- Storage Pools, VDCs, and Replication Groups
- Authentication Providers
- Namespaces
- Users and Roles
- Identity and Access Management (S3)
- Buckets
- File Access
- Introduction to file access
- ECS multi-protocol access
- Working with NFS exports in the ECS Portal
- Working with user/group mappings in the ECS Portal
- ECS NFS configuration tasks
- Mount an NFS export example
- NFS access using the ECS Management REST API
- NFS WORM (Write Once, Read Many)
- S3A support
- Geo-replication status
- Maintenance
- Certificates
- ECS Settings
- ECS Outage and Recovery
- Advanced Monitoring
- Advanced Monitoring
- View Advanced Monitoring Dashboards
- View mode
- Export CSV
- Data Access Performance - Overview
- Data Access Performance - by Namespaces
- Data Access Performance - by Nodes
- Data Access Performance - by Protocols
- Disk Bandwidth - by Nodes
- Disk Bandwidth - Overview
- Node Rebalancing
- Process Health - by Nodes
- Process Health - Overview
- Process Health - Process List by Node
- Recovery Status
- SSD Read Cache
- Tech Refresh: Data Migration
- Top Buckets
- Automatic Metering Reconstruction
- Share Advanced Monitoring Dashboards
- View Advanced Monitoring Dashboards
- Flux API
- Dashboard APIs
- Advanced Monitoring
ECS 3.5.0.1 Administration Guide
Register an ECS node with Active Directory
To use Active Directory (AD) as the KDC for your NFS Kerberos configuration, you must create accounts for the client and server in AD and map the account to a principal. For the NFS server, the principal represents the NFS service accounts, for the NFS client, the principal represents the client host machine.
Prerequisites
You must have administrator credentials for the AD domain controller.
Steps
- Log in to AD.
- In Server Manager, go to .
- Create a user account for the NFS principal using the format "nfs-<host>" , for example, "nfs-ecsnode1". Set a password and set the password to never expire.
- Create an account for yourself (optional and one time).
-
Execute the following command to create a keytab file for the NFS service account.
ktpass -princ nfs/<fqdn>REALM.LOCAL +rndPass -mapUser nfs-<host>@REALM.LOCAL -mapOp set -crypto All -ptype KRB5_NT_PRINCIPAL -out filename.keytab
For example, to associate the nfs-ecsnode1 account with the principle nfs/ecsnode1.yourco.com@NFS-REALM.LOCAL, you can generate a keytab using:
ktpass -princ nfs/ecsnode1.yourco.com@NFS-REALM.LOCAL +rndPass -mapUser nfs-ecsnode1@NFS-REALM.LOCAL -mapOp set -crypto All -ptype KRB5_NT_PRINCIPAL -out nfs-ecsnode1.keytab
-
Import the keytab to the ECS node.
ktutil ktutil> rkt <keytab to import> ktutil> wkt /etc/krb5.keytab
-
Test registration by running.
kinit -k nfs/<fqdn>@NFS-REALM.LOCAL
- See the cached credentials by running the klist command.
- Delete the cached credentials by running the kdestroy command.
-
View the entries in the keytab file by running the
klist command.
Example:
klist -kte /etc/krb5.keytab
- Follow steps 2, 4, and 5 from Configure ECS NFS with Kerberos security to place the Kerberos configuration files (krb5.conf, krb5.keytab and jce/unlimited) on the ECS node.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\