Q: OSX 10.8.5 won't connect to Windows 2008 R2 NFS
Hi
We have about 25 Mac clients in our Microsoft Windows environment. OSX is bound to our single Active Directory domain and all our Windows server are 2008 R2.
For several years we have been using SMB filesharing and connecting the Mac clients to our Windows file server. Now we are experiencing performance problems and are evaluating NFS file sharing on our file servers. The Mac client won't connect to our Windows NFS server and we have pinpointed the problem to OSX requesting Kerberos token encryption type "des3-hmac-sha1" which is unsupported by Windows.
How can we configure NFS / Kerberos on OSX 10.8.5 to use a different Kerberos encryption type ?
I have tried to update the /etc/krb5.conf file without success. OSX is still asking for the same encryption type.
The file /Library/Preferences/edu.mit.Kerberos does not exist. The my understanding OSX 10.8.5 uses the Heimdal Kerberos implementation.
| /etc/krb5.conf |
|---|
[libdefaults] ticket_lifetime = 1560m default_realm = VARNER.NO ccache_type = 4 # default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des-cbc-md5 # default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des-cbc-md5 # permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des-cbc-md5 default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 permitted_enctypes = des-cbc-md5
default_lifetime = 7d renew_lifetime = 7d autologin = true forward = true forwardable = true renewable = true encrypt = true dns_lookup_kdc = true dns_lookup_realm = true
[realms] EXAMPLE.NO = { kdc = example-dc1.example.no:88 kdc = example-dc2.example.no:88
} [domain_realm] .example.no = EXAMPLE.NO example.no = EXAMPLE.NO
[logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/krb5kadmin.log |
iMac, OS X Mountain Lion (10.8.5)
Posted on Feb 5, 2015 7:54 AM