question about service principals (samba4)

Andrew Bartlett abartlet at
Fri Sep 24 15:11:18 MDT 2010

On Fri, 2010-09-24 at 09:52 -0400, Aaron Solochek wrote:

> That is on the client.  The client, foo, is attempting to get the nfs/foo key
> from the kdc using it's keytab.  I'm not 100% sure, because this is my first
> attempt at using nfs4, but I assume the nfs server requires that each client
> have a service principal for nfs so that it can create the initial mount, and
> then actual access to the files is determined by keys held in whatever PAG is
> attempting the access.  Anyway, I was just following the instructions from here:

I've never used Kerberised NFS, but those instructions do not follow the
standard pattern for Kerberos.  It may be as you suggest that NFS is
special, but it's not what is expected, which is why Samba doesn't like

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list