FS8600 NFS4 with Kerberos

Hi,

I'm trying to mount an NFS4 export from my FS8600 NAS with Kerberos security.

Environment:

nas-1: FS8600 NAS

Directory Service: Windows AD

LC: Linux Client

On my LC I can successfully run

LC:# mount -t nfs4 nas-1:/export/test /mnt/test

If I try

LC: mount -t nfs4 -o sec=krb5 nas-1:/export/test /mnt/test  I get

mount.nfs: access denied by server while mounting nas-1:/export/test

Note: /export/test has krb5, krb5i, krb5p enabled on the export.

According to rpc.gssd -vvv on LC

Apr 25 11:37:17 LC rpc.gssd[20933]: WARNING: Failed to create krb5 context for user with uid 0 for server nas-1.domain.com
Apr 25 11:37:17 LC rpc.gssd[20933]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5ccmachine_AD.REALM for server nas-1.domain.com
Apr 25 11:37:17 LC rpc.gssd[20933]: WARNING: Failed to create machine krb5 context with any credentials cache for server nas-1.domain.com

I have verified that I have valid kerberos ticket on LC.  I can execute kinit -k nfs/LC.domain.com successfully without requiring a password.

According to the Kerberos docs I have read, you make sure that the SPN's are created on the KDC for nas-1 and LC, export the keytabs and add them to their respective hosts.  i.e. add the client keytab to LC and the nfs server(i.e the NAS) keytab to nas-1.  The only part I don't know how to do is to add the keytab to the NAS (if this is even necessary?). 

I hope someone can point me the right direction.

Cheers,

Mike