Try SpotterNetApp ONTAP vserver CIFS security modification
| "added in version" 2.9 of ansible.builtin"
Authors: NetApp Ansible Team (@carchi8py) <ng-ansibleteam@netapp.com>
preview | supported by certified
pipInstall with pip install ansible==2.9.26
modify vserver CIFS security.
- name: modify cifs security
na_ontap_vserver_cifs_security:
vserver: ansible
hostname: "{{ hostname }}"
kerberos_clock_skew: 5
kerberos_ticket_age: 5
kerberos_renew_age: 10
kerberos_kdc_timeout: 5
is_signing_required: true
is_password_complexity_required: true
is_aes_encryption_enabled: true
is_smb_encryption_required: true
lm_compatibility_level: krb
smb1_enabled_for_dc_connections: true
smb2_enabled_for_dc_connections: true
use_start_tls_for_ad_ldap: true
username: username
password: password
- name: modify cifs security
na_ontap_vserver_cifs_security:
vserver: ansible
hostname: "{{ hostname }}"
referral_enabled_for_ad_ldap: true
username: username
password: password
- name: modify cifs security
na_ontap_vserver_cifs_security:
vserver: ansible
hostname: "{{ hostname }}"
session_security_for_ad_ldap: true
username: username
password: password
https:
default: false
description:
- Enable and disable https.
- Ignored when using REST as only https is supported.
- Ignored when using SSL certificate authentication as it requires SSL.
type: bool
ontapi:
description:
- The ontap api version to use
type: int
vserver:
description:
- name of the vserver.
required: true
type: str
hostname:
description:
- The hostname or IP address of the ONTAP instance.
required: true
type: str
password:
aliases:
- pass
description:
- Password for the specified user.
type: str
use_rest:
choices:
- Never
- Always
- Auto
default: Auto
description:
- REST API if supported by the target system for all the resources and attributes
the module requires. Otherwise will revert to ZAPI.
- Always -- will always use the REST API
- Never -- will always use the ZAPI
- Auto -- will try to use the REST Api
type: str
username:
aliases:
- user
description:
- This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level
or SVM-level API is required.
- For more information, please read the documentation U(https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/).
- Two authentication methods are supported
- 1. basic authentication, using username and password,
- 2. SSL certificate authentication, using a ssl client cert file, and optionally
a private key file.
- To use a certificate, the certificate must have been installed in the ONTAP cluster,
and cert authentication must have been enabled.
type: str
http_port:
description:
- Override the default port (80 or 443) with this port
type: int
key_filepath:
description:
- path to SSL client key file.
type: str
version_added: 20.6.0
version_added_collection: netapp.ontap
cert_filepath:
description:
- path to SSL client cert file (.pem).
- not supported with python 2.6.
type: str
version_added: 20.6.0
version_added_collection: netapp.ontap
feature_flags:
description:
- Enable or disable a new feature.
- This can be used to enable an experimental feature or disable a new feature that
breaks backward compatibility.
- Supported keys and values are subject to change without notice. Unknown keys are
ignored.
type: dict
version_added: 20.5.0
version_added_collection: netapp.ontap
validate_certs:
default: true
description:
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(False) used on personally controlled sites using self-signed
certificates.
type: bool
kerberos_renew_age:
description:
- Determine the maximum amount of time in days for which a ticket can be renewed.
type: int
is_signing_required:
description:
- Determine whether signing is required for incoming CIFS traffic.
type: bool
kerberos_clock_skew:
description:
- The clock skew in minutes is the tolerance for accepting tickets with time stamps
that do not exactly match the host's system clock.
type: int
kerberos_ticket_age:
description:
- Determine the maximum amount of time in hours that a user's ticket may be used for
the purpose of Kerberos authentication.
type: int
kerberos_kdc_timeout:
description:
- Determine the timeout value in seconds for KDC connections.
type: int
lm_compatibility_level:
choices:
- lm_ntlm_ntlmv2_krb
- ntlm_ntlmv2_krb
- ntlmv2_krb
- krb
description:
- Determine the LM compatibility level.
type: str
is_aes_encryption_enabled:
description:
- Determine whether AES-128 and AES-256 encryption mechanisms are enabled for Kerberos-related
CIFS communication.
type: bool
use_start_tls_for_ad_ldap:
description:
- Determine whether to use start_tls for AD LDAP connections.
type: bool
is_smb_encryption_required:
description:
- Determine whether SMB encryption is required for incoming CIFS traffic.
type: bool
referral_enabled_for_ad_ldap:
description:
- Determine whether LDAP referral chasing is enabled or not for AD LDAP connections.
type: bool
session_security_for_ad_ldap:
choices:
- none
- sign
- seal
description:
- Determine the level of security required for LDAP communications.
type: str
is_password_complexity_required:
description:
- Determine whether password complexity is required for local users.
type: bool
smb1_enabled_for_dc_connections:
choices:
- 'false'
- 'true'
- system_default
description:
- Determine if SMB version 1 is used for connections to domain controllers.
type: str
smb2_enabled_for_dc_connections:
choices:
- 'false'
- 'true'
- system_default
description:
- Determine if SMB version 2 is used for connections to domain controllers.
type: str