[Samba] samba AD, keberos, NFS - not working

VigneshDhanraj G vigneshdhanraj.g at gmail.com
Wed Jan 2 13:38:43 UTC 2019

Hi Team,

After replacing the "net ads keytab add" with "net ads keytab add_update_ads"
hfs4 with krb5 is working fine. However unable to connect as guest user
from mac after upgrade to 4.9.3.


On Thu, Dec 20, 2018 at 8:08 PM VigneshDhanraj G <vigneshdhanraj.g at gmail.com>

> Hi,
> Upgraded the samba from 4.7.7 to 4.9.3 in debian. Trying to get Samba AD
> 4.9.3 as a Kerberos source for nfs4.
> Until 4.7.7 able to mount the nfs4 over krb5 security. After upgrade
> unable to mount it.
> Suggest me is there any configure change in 4.9.3. Please look the
> following configuration.
> [Global] available= yes restrict anonymous= 0 Workgroup= SAM netbios name=
> x2 realm= SAM.COM password server=, * idmap backend= tdb
> idmap uid= 5000-9999999 idmap gid= 5000-9999999 idmap config SAM  :
> backend= rid idmap config SAM  : range= 10000000-19999999 security= ADS
> name resolve order= wins host bcast lmhosts client use spnego= yes dns
> proxy= no winbind use default domain= no winbind nested groups= yes inherit
> acls= yes winbind enum users= yes winbind enum groups= yes winbind
> separator= \\ winbind cache time= 300 winbind offline logon= true template
> shell= /bin/sh kerberos method= secrets and keytab map to guest= Bad User
> host msdfs= yes strict allocate= no encrypt passwords= yes printcap name=
> lpstat printable= no load printers= yes max smbd processes= 500 getwd
> cache= yes use sendfile= yes winbind sequence directory= /tmp/samba log
> level= 0 max log size= 50 unix extensions= no dos charset= ascii state
> directory= /mnt/system/samba/system cache directory= /tmp/samba/ ntlm auth=
> Yes winbind expand groups= 1 idmap config * : backend= tdb idmap config * :
> range= 3000-7999
> console output:
> *mount.nfs4: access denied by server while mounting*
> Thanks,

More information about the samba mailing list