Samba ADDC and NFS

[Zane Zakraisek]

I'm having some difficulty understanding the process for getting NFS to use
the samba DC kerberos for authentication.
I have a Samba 4.1 server running as an ADDC and a bunch of windows and
Linux machines joined to it. The Linux machines are joined with samba and
winbind.
One of my Linux servers runs samba 3.6 and servers files using Samba for
the windows clients and NFS for the Linux ones. I would simply like to make
it so that NFS uses samba for authentication instead of just trusting UIDs.
The nfs configuration is fairly simply, but I'm not understanding the
kerberos configuration.
Here is what I think is correct, but would love somebody to verify...
1. Change the NFS configuration to use kerberos for security
2. Generate SPNs for Linux clients that will be connecting to the NFS
server? Or do I create an nfs-server user account and then generate SPN for
that account?
3. Export these and place them in /etc/krb5.keytab on the client computers
using samba-tool domain exportkeytab
4. Do I then add the line in the smb.conf on the client computers to point
to the keytab file?