eblikstad

Q: OSX 10.8.5 won't connect to Windows 2008 R2 NFS

Hi

 

We have about 25 Mac clients in our Microsoft Windows environment. OSX is bound to our single Active Directory domain and all our Windows server are 2008 R2.

 

For several years we have been using SMB filesharing and connecting the Mac clients to our Windows file server. Now we are experiencing performance problems and are evaluating NFS file sharing on our file servers. The Mac client won't connect to our Windows NFS server and we have pinpointed the problem to OSX requesting Kerberos token encryption type "des3-hmac-sha1" which is unsupported by Windows.

 

How can we configure NFS / Kerberos on OSX 10.8.5 to use a different Kerberos encryption type ?

 

I have tried to update the /etc/krb5.conf file without success. OSX is still asking for the same encryption type.

The file /Library/Preferences/edu.mit.Kerberos does not exist. The my understanding OSX 10.8.5 uses the Heimdal Kerberos implementation.

/etc/krb5.conf

[libdefaults]

  ticket_lifetime = 1560m

  default_realm = VARNER.NO

  ccache_type = 4

# default_tgs_enctypes =  aes256-cts-hmac-sha1-96  aes128-cts-hmac-sha1-96 des-cbc-md5

# default_tkt_enctypes =  aes256-cts-hmac-sha1-96  aes128-cts-hmac-sha1-96 des-cbc-md5

# permitted_enctypes = aes256-cts-hmac-sha1-96  aes128-cts-hmac-sha1-96 des-cbc-md5

  default_tgs_enctypes =  des-cbc-md5

  default_tkt_enctypes =  des-cbc-md5

  permitted_enctypes = des-cbc-md5

 

 

  default_lifetime = 7d

  renew_lifetime = 7d

  autologin = true

  forward = true

  forwardable = true

  renewable = true

  encrypt = true

        dns_lookup_kdc = true

  dns_lookup_realm = true

 

 

[realms]

  EXAMPLE.NO = {

  kdc = example-dc1.example.no:88

  kdc = example-dc2.example.no:88

 

 

  }

[domain_realm]

  .example.no = EXAMPLE.NO

  example.no = EXAMPLE.NO

 

 

 

 

[logging]

  kdc = FILE:/var/log/krb5kdc.log

  admin_server = FILE:/var/log/krb5kadmin.log


iMac, OS X Mountain Lion (10.8.5)

Posted on Feb 5, 2015 7:54 AM