NFS Share with Kerberos Authentication

Question

I am using Windows Storage Server as a file server and now have the need to setup NFS sharing for linux client machines

On my test Ubuntu desktop, I installed Kerberos Client and also setup the keytab using the kutil command

The klist command shows the ticket but the mount command fails

Here are the relevant details: krb5.conf

[libdefaults]
default_realm = SUB.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgt_enctypes = aes256-cts-hmac-sha1-96
[realms]
SUB.DOMAIN.COM = {
kdc = ad.domain.com
admin_server = ad.domain.com
}
[domain_realm]
.domain.com = SUB.DOMAIN.COM
domain.com = SUB.DOMAIN.COM

Output of Klist command:

Ticket cache: FILE:/tmp/krb5cc_2595
Default principal: user@SUB.DOMAIN.COM

Valid starting       Expires              Service principal
2017-07-06 12:19:05  2017-07-06 22:19:05  krbtgt/SUB.DOMAIN.COM@SUB.DOMAIN.COM
    renew until 2017-07-13 12:19:01

Error when trying to mount

sudo mount -v -o sec=krb5,vers=3 fileserver:/user /home/userfolder

mount.nfs: timeout set for Thu Jul  6 12:45:01 2017
mount.nfs: trying text-based options 'sec=krb5,vers=3,addr=192.168.2.14'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.2.14 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.2.14 prog 100005 vers 3 prot UDP port 2049
mount.nfs: mount(2): Invalid argument
mount.nfs: an incorrect mount option was specified

The share is set to authenticate using Kerberos v5

What am I missing?

Answer 1

Windows Sever has horrible NFS server stack: performance isn't great and mgmt is clumsy at best. What you can do: enable Hyper-V role and spawn a FreeBSD or Linux VM with a "normal" NFS server inside.