Fixing msktutil

Jurjen Bokma

June 2012

Table of Contents

I built msktutil_0.4.1-2.local_amd64.deb for Ubuntu Precise and msktutil_0.4.1-2.local_amd64.deb for Debian Squeeze.

The tool msktutil runs on Linux hosts, and is able to create and modify Kerberos principals on Windows AD Kerberos. After using the tool to add an NFS principal to a host already in AD, like this...

root#nfs-client:~#  kinit ADMIN_ACCOUNT
root#nfs-client:~# msktutil -c -b 'OU=Other Workstations,OU=Computers,OU=MYDOMAIN,DC=workgroup,DC=MYDOMAIN,DC=COM' --computer-name NFS-CLIENT -k /etc/krb5.keytab --user-creds-only --service nfs --enctypes 0x10

... I was able to mount onto Ubuntu Precise, a Kerberized NFS (version3) share offered by a Windows 2008R2 server:

root@nfs-client:~# mount -t nfs -o sec=krb5,mountvers=3,nfsvers=3,proto=tcp /mnt/Group1/

The rest of this article is on how I did that.