Hi Folks,

I try to setup NFSv4 with Kerberos Auth via AD.
Running SLES11 SP2 ad get thi serror when trying to start the nfs-server:
daemon.err rpc.svcgssd[20397]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name
2013-12-09 14:52:10 +01:00 MYHOST daemon.err rpc.svcgssd[20397]: unable to obtain root (machine) credentials
2013-12-09 14:52:10 +01:00 MYHOST daemon.err rpc.svcgssd[20397]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?

my keytabfile:
klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 nfs/MYHOST.INTERN@REALM
5 host/MYHOST.INTERN@REALM
6 root/MYHOST.INTERN@REALM


crypto is all


my krb5.conf:

[libdefaults]
# AD-Server
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = [REALM]


kdc_timesync = 4
ccache_type = 1
forwardable = true
proxiable = true
allow_weak_crypto = true

[realms]
[REALM] = {
kdc = 192.168.12.23:88
default_domain = [REALM]
}

[domain_realm]
.INTERN = [REALM]
INTERN = [REALM]


[logging]
# kdc = FILE:/var/log/krb5/krb5kdc.log
# admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICEAEMON


on my NFS-Client I`m able to get a Kerberos Ticket.

Greetz
Cord