On Thu, 20 Jun 2013, John Hodrien wrote: > Is it possible that Samba4 includes a large PAC on the kerberos > credential and you're going over the limit in kernel? Well, that is a good avenue to explore. The user that I am testing with (me) is only in five groups, but nevertheless I will take a further look at that.... Five minutes later: holy crap! That is it. I took a user in only one group: permission denied. I set the NO_AUTH_DATA_REQUIRED flag in userAccountControl (via ldbedit), and hey presto NFSv4+krb5 now works. You sir are a steely-eyed missile man! > I'm not convinced your comment about having to run svcgssd on clients is > enforced due to CentOS init scripts, but it shouldn't cause any bother > as you say. No, it doesn't cause any bother. It just seems that the start of both rpc.gssd and rpc.svcgssd are conditional on SECURE_NFS being set to "yes". There are no NEED_GSSD or NEED_SVCGSSD or whatever to filter it further. Thanks, Steve