[Samba] NFS4 with samba4 AD for authentication [Solved]

steve steve at steve-ss.com
Wed Sep 24 09:50:15 MDT 2014

On 24/09/14 08:25, Lars Hanke wrote:
> Thanks a lot!
>>>>> I'm pretty confused, which principals I'd need and how to create
>>>>> them in
>>>>> the samba AD.
>>>> The file server needs the nfs/ principal
>>>> The client needs any one of nfs/ host/ root/ or simply the MACHINE$ key
>>> Okay, that seemed to have got me a step forward. I created
>>> nfs/nfs4.fqdn, removed all enctypes except des-cbc-crc and added it to
>>> /etc/krb5.keytab of the server.
>> Our DC (4.1.6) uses arcfour-hmac-md5. It doesn't work with the weak
>> enctypes unless you tell krb5.conf. Do you have an old version of nfs
>> that does not recognise the strong keys?
>  > Get DNS setup properly, put the proper keys back in the keytab and try
>  > again.
> No, just found it on several instructions on the net. After putting the
> keys back in I came out with "Operation ot permitted". Setting the
> "/etc/exports" to require gss/krb5 finally resulted in a successful
> mount. Strangely showmount lists both host based and krb based
> authentication, when /etc/exports has host based authentication selected.
> Many thanks,
>   - lars.

You maybe using bind mounted fsid0 exports. You don't need that any 
longer. Just export the folder as you would with nfs3.

More information about the samba mailing list