On Thu, 20 Jun 2013, John Hodrien wrote:
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel?
Well, that is a good avenue to explore. The user that I am testing with (me) is only in five groups, but nevertheless I will take a further look at that....
Five minutes later: holy crap! That is it. I took a user in only one group: permission denied. I set the NO_AUTH_DATA_REQUIRED flag in userAccountControl (via ldbedit), and hey presto NFSv4+krb5 now works. You sir are a steely-eyed missile man!
I'm not convinced your comment about having to run svcgssd on clients is enforced due to CentOS init scripts, but it shouldn't cause any bother as you say.
No, it doesn't cause any bother. It just seems that the start of both rpc.gssd and rpc.svcgssd are conditional on SECURE_NFS being set to "yes". There are no NEED_GSSD or NEED_SVCGSSD or whatever to filter it further.
Thanks, Steve