[Samba] NFS4 with samba4 AD for authentication

steve steve at steve-ss.com
Wed Sep 24 00:05:21 MDT 2014

On 23/09/14 23:36, Lars Hanke wrote:
>>> I'm pretty confused, which principals I'd need and how to create them in
>>> the samba AD.
>> The file server needs the nfs/ principal
>> The client needs any one of nfs/ host/ root/ or simply the MACHINE$ key
> Okay, that seemed to have got me a step forward. I created
> nfs/nfs4.fqdn, removed all enctypes except des-cbc-crc and added it to
> /etc/krb5.keytab of the server.


Our DC (4.1.6) uses arcfour-hmac-md5. It doesn't work with the weak 
enctypes unless you tell krb5.conf. Do you have an old version of nfs 
that does not recognise the strong keys?

Get DNS setup properly, put the proper keys back in the keytab and try 

More information about the samba mailing list