Sure. Nfs server needs nfs/ SPN; I experienced problem on client with SHORTNAME$@ and host/fqdn@ and Hostname=fqdn; this combination made NFS server completely daef until client got FQDN$@ principal.
Best Longina > Den 26/11/2014 kl. 20.50 skrev steve <[email protected]>: > >> On 26/11/14 09:54, John Hodrien wrote: >>> On Wed, 26 Nov 2014, Longina Przybyszewska wrote: >>> >>> You have to be careful if you use as me, SSSD and NFS4+krb ; >>> NFS doesn’t agree on connection with sec=krb5 if hostname doesn't >>> match the hostname >>> in keytab file. >> >> There's nothing stopping you having RABBITS$@DOMAIN and nfs/fqdn@DOMAIN and >> NFS should be perfectly happy. Having correctly defined fqdn princs is >> obviously rather important to lots of services. >> >> jh > > Hi > Simplifying further, only the nfs server needs the nfs/ principal. Clients > are happy with MACHINE$ or host/, which you usually have anyway. > HTH, > Steve > > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
