Help Kerberizing NFS with Active Directory
I have configured and integrated a number of iMac's into our existing Active Directory and everything is working as expected, id resolve and users can login and access services
I am however unable to get kerberized NFS to work. Non-kerberized works perfectly, and Kerberized Linux clients work workout a problem.
Using wireshark I can see it tries to use des3-cbc-sha1 as it's encryption type when performing the mount and fails because of this is not supported (ERR_ETYPE_NOSUPP). I believe only the following are (at least only these exist in the keytab for the file server and available on the Win2k8 DC):
aes256-sha1
aes128-sha1
des-cbc-crc
des-cbc-md5
arcfour-hmac-md5
As this is integrated with Active Directory I don't believe setting anything in /etc/krb5.conf or /Library/Preferences/edu.mit.Kerberos influences the Kerberos behaviour (at least I have not seen any changes occuring when adding things such as:
[libdefaults]
default_etypes = arcfour-hmac-md5
default_etypes_des = des-cbc-md5,des-cbc-crc
So my question is has anyone managed to influence the configuration of opendirectory to use an alternative encryption type when using AD?
More than happy to provide any further information!
Mac OS X (10.7.2)