[Samba] nfs4 with Samba 4

[steve]

On 27/01/13 11:27, kfarrag_992 wrote:
> OK my proplem is:
>
> - I installed Samaba4
> - I created a Domain
> - created users
> - Windows workstations Joined Domain
> - DNS is Bind9
>
> Every thing is going OK for windows users. I am a windows administrator who
> started to convert for Linux lately so please explain a step by step please
> with examples
>
> for examples who did you create the principle for nfs which is a service not
> a user using the samba-tool command as i couldn't understand what exactly
> dose that mean you added it as a machine or service and if there is a
> different.
>
> if you can reply with the needed steps to install NFS server and configure
> it to authenticate using kerberos authentication from Samba4 i would be
> thankful.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/nfs4-with-Samba-4-tp4335728p4643339.html
> Sent from the Samba - General mailing list archive at Nabble.com.

Hi
We were using cifs/smb2 for the windows clients and nfs for our Linux 
clients. The method is here:
http://linuxcostablanca.blogspot.com.es/p/samba-4.html

Specifically to answer the nfs question, we made a user for nfs:
samba-tool user add nfs.-user
then created the machine principal for the fileserver:
samba-tool spn add nfs/your.domain nfs-user
then stick it in the keytab
samba-tool domain exportkeytab /etc/krb5.keytab --principal=nfs/your.domain
gss seems to expect some sort of machine principal in the keytab too so
samba-tool domain exportkeytab /etc/krb5.keytab 
--principal=YOURSERVERHOSTNAME$

Don't forget to create the keytab on the clients too. You can do that 
after you join the domain:

net ads join -UAdministrator
then
net ads keytab create

You don't necessarily need a nfs principal on the clients:)

HTH,
Steve