question about service principals (samba4)

Aaron Solochek aarons-samba at
Fri Sep 24 15:57:09 MDT 2010

On 09/24/2010 05:11 PM, Andrew Bartlett wrote:
> On Fri, 2010-09-24 at 09:52 -0400, Aaron Solochek wrote:
>> That is on the client.  The client, foo, is attempting to get the nfs/foo key
>> from the kdc using it's keytab.  I'm not 100% sure, because this is my first
>> attempt at using nfs4, but I assume the nfs server requires that each client
>> have a service principal for nfs so that it can create the initial mount, and
>> then actual access to the files is determined by keys held in whatever PAG is
>> attempting the access.  Anyway, I was just following the instructions from here:
> I've never used Kerberised NFS, but those instructions do not follow the
> standard pattern for Kerberos.  It may be as you suggest that NFS is
> special, but it's not what is expected, which is why Samba doesn't like
> it. 

Fair enough, but it does seem to be situation that is supported by heimdal and
MIT krb5, so I think samba probably should like it.

Of course, I might stop caring if unix extensions were working with cifs :)


More information about the samba-technical mailing list