na_ontap_vserver_cifs_security – NetApp ONTAP vserver CIFS security modification

New in version 2.9.

Synopsis
Requirements
Parameters
Notes
Examples
Status

Synopsis

modify vserver CIFS security.

Requirements

The below requirements are needed on the host that executes this module.

A physical or virtual clustered Data ONTAP system. The modules support Data ONTAP 9.1 and onward
Ansible 2.6
Python2 netapp-lib (2017.10.30) or later. Install using ‘pip install netapp-lib’
Python3 netapp-lib (2018.11.13) or later. Install using ‘pip install netapp-lib’
To enable http on the cluster you must run the following commands ‘set -privilege advanced;’ ‘system services web modify -http-enabled true;’

Parameters

Parameter	Choices/Defaults	Comments
hostname string / required		The hostname or IP address of the ONTAP instance.
http_port integer		Override the default port (80 or 443) with this port
https boolean	no ← yes	Enable and disable https
is_aes_encryption_enabled boolean	no yes	Determine whether AES-128 and AES-256 encryption mechanisms are enabled for Kerberos-related CIFS communication.
is_password_complexity_required boolean	no yes	Determine whether password complexity is required for local users.
is_signing_required boolean	no yes	Determine whether signing is required for incoming CIFS traffic.
is_smb_encryption_required boolean	no yes	Determine whether SMB encryption is required for incoming CIFS traffic.
kerberos_clock_skew integer		The clock skew in minutes is the tolerance for accepting tickets with time stamps that do not exactly match the host's system clock.
kerberos_kdc_timeout integer		Determine the timeout value in seconds for KDC connections.
kerberos_renew_age integer		Determine the maximum amount of time in days for which a ticket can be renewed.
kerberos_ticket_age integer		Determine the maximum amount of time in hours that a user's ticket may be used for the purpose of Kerberos authentication.
lm_compatibility_level string	lm_ntlm_ntlmv2_krb ntlm_ntlmv2_krb ntlmv2_krb krb	Determine the LM compatibility level.
ontapi integer		The ontap api version to use
password string / required		Password for the specified user. aliases: pass
referral_enabled_for_ad_ldap boolean	no yes	Determine whether LDAP referral chasing is enabled or not for AD LDAP connections.
session_security_for_ad_ldap string	none sign seal	Determine the level of security required for LDAP communications.
smb1_enabled_for_dc_connections string	false true system_default	Determine if SMB version 1 is used for connections to domain controllers.
smb2_enabled_for_dc_connections string	false true system_default	Determine if SMB version 2 is used for connections to domain controllers.
use_rest string	Never Always Auto ←	REST API if supported by the target system for all the resources and attributes the module requires. Otherwise will revert to ZAPI. Always -- will always use the REST API Never -- will always use the ZAPI Auto -- will try to use the REST Api
use_start_tls_for_ad_ldap boolean	no yes	Determine whether to use start_tls for AD LDAP connections.
username string / required		This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level or SVM-level API is required. For more information, please read the documentation https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/. aliases: user
validate_certs boolean	no yes ←	If set to `no`, the SSL certificates will not be validated. This should only set to `False` used on personally controlled sites using self-signed certificates.
vserver string / required		name of the vserver.

Notes

Note

The modules prefixed with na\_ontap are built to support the ONTAP storage platform.

Examples

- name: modify cifs security
  na_ontap_vserver_cifs_security:
    vserver: ansible
    hostname: "{{ hostname }}"
    kerberos_clock_skew: 5
    kerberos_ticket_age: 5
    kerberos_renew_age: 10
    kerberos_kdc_timeout: 5
    is_signing_required: true
    is_password_complexity_required: true
    is_aes_encryption_enabled: true
    is_smb_encryption_required: true
    lm_compatibility_level: krb
    smb1_enabled_for_dc_connections: true
    smb2_enabled_for_dc_connections: true
    use_start_tls_for_ad_ldap: true
    username: username
    password: password

- name: modify cifs security
  na_ontap_vserver_cifs_security:
    vserver: ansible
    hostname: "{{ hostname }}"
    referral_enabled_for_ad_ldap: true
    username: username
    password: password

- name: modify cifs security
  na_ontap_vserver_cifs_security:
    vserver: ansible
    hostname: "{{ hostname }}"
    session_security_for_ad_ldap: true
    username: username
    password: password

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by an Ansible Partner. [certified]

Authors

NetApp Ansible Team (@carchi8py) <[email protected]>

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/na_ontap_vserver_cifs_security_module.html