[Samba] Samba and kerberized NFSv4

Matthias Kahle ir-lists-samba at gdnsc.de
Fri Dec 2 10:05:50 UTC 2016

> Does it work if you manually add userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry and reexport the keytab?

I already thought about trying that. So by now, I tried tweaking the client's LDAP entry.



does not succeeed, however, after reviewing the ldap filter once again, I added

  userPrincipalName=nfs/client02.domain.tld at DOMAIN.TLD

to the workstation's account  and finally, the mount does not return an error anymore. Though I can't access anything on the mounted share but I guess that's OK for now, because the users' home directories hosted there must not be accessible to the root user at all.

However I don't expect that to be the right approach, not only because it requires a userPricipalName for a service but mainly because I even have to add the kerberos REALM ... or am I mistaken there? (please bear with me if that sounds stupid, I'm still somehow new to dealing with kerberos)


More information about the samba mailing list