There is a fairly well documented bug that we've run against. When using Active Directory as a KDC, users with a large number of group memberships can overrun a UDP packet, causing Kerberos to fall back to TCP. When a user logs into the system, they have a kerberos ticket, but get a "permission denied" when accessing the NFS share. We've reproduced this by taking a functioning user, adding tons of group membership. The error message pops right up. The traditional fix is to set NO_AUTH_DATA_REQUIRED on the NFS server's machine account, as explained here: http://theether.net/kb/100205. While this seems to work, it's a bit of a dirty hack. Any thoughts on a root-cause? We're happy to serve as a guinea pig if anyone can point us in the right direction. Thanks, Norman -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
