Hi, I try to use nfs4 authentication with Active directory 2008 I created keytab files by ktpass on AD then transfer to linux and also try dynamic generated keytab on linux during join domain Have same issue, kinit success to authenticated, but mount still faile with permission denied Any suggestion , Pleas help nfs server: suse1.reuint.com ( SLES11 SP1) nfs client: krbclient.reuint.com ( SLES11 SP1) Windows2008 SP2 standard edition: ad2008.reuint.com ( windows2008R2 standard edition) # ------ Both NFS Server and NFS Client can join domain --------------- rcwinbind stop rcnfsserver stop net -Ureutadmin%'mypasswd' ads leave net -Ureutadmin%'mypasswd' ads keytab flush kdestroy \rm /etc/krb5.keytab \rm /tmp/kr* net -Ureutadmin%'mypasswd' ads join createupn='nfs/suse1.reuint.com@REUINT.COM' net -Ureutadmin%'mypasswd' ads keytab add nfs rcwinbind start suse1:~/keytab # wbinfo -u REUINT\administrator REUINT\guest REUINT\krbtgt REUINT\reutadmin suse1:~/keytab # ssh REUINT\\reutadmin@localhost Password: Last login: Tue Sep 20 10:13:54 2011 from localhost Could not chdir to home directory /home/REUINT/reutadmin: No such file or directory REUINT\reutadmin@suse1:/>exit #------- ON NFS Server ----------------------------------------- suse1:~/keytab # klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal 2 nfs/suse1.reuint.com@REUINT.COM (DES cbc mode with CRC-32) 2 nfs/suse1.reuint.com@REUINT.COM (DES cbc mode with RSA-MD5) 2 nfs/suse1.reuint.com@REUINT.COM (ArcFour with HMAC/md5) 2 nfs/suse1@REUINT.COM (DES cbc mode with CRC-32) 2 nfs/suse1@REUINT.COM (DES cbc mode with RSA-MD5) 2 nfs/suse1@REUINT.COM (ArcFour with HMAC/md5) suse1:~/keytab # kinit -V -k nfs/suse1.reuint.com@REUINT.COM Authenticated to Kerberos v5 #------- ON NFS Client ----------------------------------------------- krbclient:~ # klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal 2 nfs/krbclient.reuint.com@REUINT.COM (DES cbc mode with CRC-32) 2 nfs/krbclient.reuint.com@REUINT.COM (DES cbc mode with RSA-MD5) 2 nfs/krbclient.reuint.com@REUINT.COM (ArcFour with HMAC/md5) 2 nfs/krbclient@REUINT.COM (DES cbc mode with CRC-32) 2 nfs/krbclient@REUINT.COM (DES cbc mode with RSA-MD5) 2 nfs/krbclient@REUINT.COM (ArcFour with HMAC/md5) krbclient:~ # kinit -V -k nfs/krbclient.reuint.com Authenticated to Kerberos v5 krbclient:~ # showmount -e suse1.reuint.com Export list for suse1.reuint.com: /media/nfs4server gss/krb5i,gss/krb5 krbclient:~ # mount -vvv -tnfs4 -o sec=krb5 suse1.reuint.com:/ /media/nfs/ mount: fstab path: "/etc/fstab" mount: mtab path: "/etc/mtab" mount: lock path: "/etc/mtab~" mount: temp path: "/etc/mtab.tmp" mount: UID: 0 mount: eUID: 0 mount: spec: "suse1.reuint.com:/" mount: node: "/media/nfs/" mount: types: "nfs4" mount: opts: "sec=krb5" mount: external mount: argv[0] = "/sbin/mount.nfs4" mount: external mount: argv[1] = "suse1.reuint.com:/" mount: external mount: argv[2] = "/media/nfs/" mount: external mount: argv[3] = "-v" mount: external mount: argv[4] = "-o" mount: external mount: argv[5] = "rw,sec=krb5" mount.nfs4: timeout set for Tue Sep 20 11:05:15 2011 mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.125.130,clientaddr=192.168.125.132' mount.nfs4: mount(2): Permission denied mount.nfs4: access denied by server while mounting suse1.reuint.com:/ ---------------------------------------------- Rgds, Nattapon -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org