Sure. Nfs server needs nfs/ SPN; I experienced problem on client with SHORTNAME$@ and host/fqdn@ and Hostname=fqdn; this combination made NFS server completely daef until client got FQDN$@ principal.
Best Longina
Den 26/11/2014 kl. 20.50 skrev steve steve@steve-ss.com:
On 26/11/14 09:54, John Hodrien wrote:
On Wed, 26 Nov 2014, Longina Przybyszewska wrote:
You have to be careful if you use as me, SSSD and NFS4+krb ; NFS doesn’t agree on connection with sec=krb5 if hostname doesn't match the hostname in keytab file.
There's nothing stopping you having RABBITS$@DOMAIN and nfs/fqdn@DOMAIN and NFS should be perfectly happy. Having correctly defined fqdn princs is obviously rather important to lots of services.
jh
Hi Simplifying further, only the nfs server needs the nfs/ principal. Clients are happy with MACHINE$ or host/, which you usually have anyway. HTH, Steve
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users