Hi, Your ticket is probably oversized for the NFS server. Try set NO_AUTH_DATA_REQUIRED (google msn) on the object holding the servers SPN. -- Emil Assarsson > -----Original Message----- > From: linux-nfs-owner@xxxxxxxxxxxxxxx [mailto:linux-nfs-owner@xxxxxxxxxxxxxxx] > On Behalf Of Richard Smits > Sent: torsdag den 14 juli 2011 11:30 > To: linux-nfs@xxxxxxxxxxxxxxx > Subject: krb5 mount with large group membership > > Hello list, > > I am running into a problem. Perhaps someone understands what is > happening here. I will explain. > > I have a Redhat 5.4 client that is accessing a nfs export on a NFS > server. (Redhat 6.1) > > Our KDC is a Windows AD. > > The client is using samba-winbind. If a user is a member of 23 groups or > lower, I can access the export. If a user is a member of more groups, > the mount fails with a "Permission denied" > > mount /data > -bash-3.2$ cd /data > -bash: cd: /data: Permission denied > > Thew odd thing is if I try a mount to our Netapp filer with also a krb5 > export, there is no problem. > > This has to do something with the ticket size in combination with > memberships to a large number of groups. > > So what must i do to get this Redhat server working with this setup ? It > seems that Netapp did something to get this working ? > > Does this sound familiar to anyone, or should i provide more information ? > > Versions server side : > nfs-utils-1.2.3-7 > krb5-workstation-1.9-9 > > Greetings ... Richard Smits > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
