When configuring SMB Kerberos authentication on OneFS, consider the following items:
- The time must be synchronized across SMB clients, OneFS cluster nodes, and Kerberos server (Active Directory in this case); it is recommended to use a NTP server in a Kerberos environment.
- Kerberos relies on being able to resolve host names. Thus, it requires a DNS for host resolution.
- OneFS cluster joins to a domain by creating an Active Directory authentication provider.
- Add the Active Directory authentication provider to an access zone.
- Configure SmartConnect for the access zone and create SPNs for SmartConnect zone names.
- Clients should use SmartConnect zone name and domain user for accessing SMB shares.
- Using an IP address to access SMB shares will fall back to NTLM authentication directly.