kerberos.realm.create¶
Create a new kerberos realm. This will be automatically populated during the domain join process in an Active Directory environment. Kerberos realm names are case-sensitive, but convention is to only use upper-case.
Entries for kdc, admin_server, and kpasswd_server are not required. If they are unpopulated, then kerberos will use DNS srv records to discover the correct servers. The option to hard-code them is provided due to AD site discovery. Kerberos has no concept of Active Directory sites. This means that middleware performs the site discovery and sets the kerberos configuration based on the AD site.
No Additional Items
Tuple Validation
Parameter 1: data
data
Type: objectKerberos realm configuration data for creation.
No Additional PropertiesRealm
Type: stringKerberos realm name. This is external to TrueNAS and is case-sensitive. The general convention for kerberos realms is that they are upper-case.
Must be at least 1 characters long
Primary Kdc
Default: nullThe master Kerberos domain controller for this realm. TrueNAS uses this as a fallback if it cannot get credentials because of an invalid password. This can help in environments where the domain uses a hub-and-spoke topology. Use this setting to reduce credential errors after TrueNAS automatically changes its machine password.
Must be at least 1 characters long
Kdc
Type: array of string Default: []List of kerberos domain controllers. If the list is empty then the kerberos libraries will use DNS to look up KDCs. In some situations this is undesirable as kerberos libraries are, for intance, not active directory site aware and so may be suboptimal.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Admin Server
Type: array of string Default: []List of kerberos admin servers. If the list is empty then the kerberos libraries will use DNS to look them up.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Kpasswd Server
Type: array of string Default: []List of kerberos kpasswd servers. If the list is empty then DNS will be used to look them up if needed.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
KerberosRealmEntry
Type: objectThe created Kerberos realm configuration.
No Additional PropertiesId
Type: integerUnique identifier for the Kerberos realm configuration.
Realm
Type: stringKerberos realm name. This is external to TrueNAS and is case-sensitive. The general convention for kerberos realms is that they are upper-case.
Must be at least 1 characters long
Primary Kdc
Default: nullThe master Kerberos domain controller for this realm. TrueNAS uses this as a fallback if it cannot get credentials because of an invalid password. This can help in environments where the domain uses a hub-and-spoke topology. Use this setting to reduce credential errors after TrueNAS automatically changes its machine password.
Must be at least 1 characters long
Kdc
Type: array of string Default: []List of kerberos domain controllers. If the list is empty then the kerberos libraries will use DNS to look up KDCs. In some situations this is undesirable as kerberos libraries are, for intance, not active directory site aware and so may be suboptimal.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Admin Server
Type: array of string Default: []List of kerberos admin servers. If the list is empty then the kerberos libraries will use DNS to look them up.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Kpasswd Server
Type: array of string Default: []List of kerberos kpasswd servers. If the list is empty then DNS will be used to look them up if needed.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Required roles: DIRECTORY_SERVICE_WRITE