Kerberos does not work with both SSH and NFS4

[Whattteva]

I've recently implemented Kerberos into my homelab and would like to incorporate the TrueNAS server in it too. I've been wrestling with this for a day or so and I'm wondering if it even works at all. Searching through Google and the forums didn't really give me much help.

Known conditions:

• Clocks on the machines are all synced to the same NTP pool.
• nas1 is the TrueNAS CORE 13.0-U5.3 host.
• kerberos1 is the Heimdal KDC host running in a jail on a vanilla FreeBSD host.
• Heimdal client installed on Linux Mint 21.2.
• kinit works on Linux Mint client.
• kinit works on kerberos1.
• kinit works on another Debian client.
• SSH with GSSAPIAuthentication works from Linux Mint client to kerberos1 host.
• SSH with GSSAPIAuthentication does NOT work from Linux Mint client to nas1 host. I see the TGS-REQ on my KDC for the correct keytab principal host succeeded, but the SSH login fails. Nothing in the logs seem to offer any clues.
• NFS does not work. I don't even see the TGS-REQ on the KDC logs in this case.

Principals created:

• myuser
• host/kerberos1.local.lan@local.lan
• host/nas1.local.lan@local.lan
• nfs/nas1.local.lan@local.lan

My next step is to try to host a dummy export on the same host I got SSH login working just to prove that it isn't my Kerberos setup, but I don't have the time currently.

Anyone have any ideas?

I'm tempted to also just modify my /etc/ssh/sshd_config file on the TrueNAS host and restart sshd just to see if that will work, but I know that's not a sustainable solution.

 

[Whattteva]

Bummed that I'm not getting any replies here. I can't be the only one running into this kind of issue, can I? Judging from the lack of replies, I'm guessing only a small percentage of the population use Kerberos around here?