I'm trying to create NFS 4.1 datastores on an ESXi 6 host with Kerberos authentication.The share is on a Windows 2012 Server system. I cannot get the authentication piece to work. I keep getting a timeout error. I can get the shared folder to mount with NFSv3 (AUTH_SYS), so I know that there are no firewall issues or anything like that between the two systems.
Here are some of the things I've done, based on blog posts and VMware documentation:
DC - enabled DES as an encryption option for Kerberos in a GPO for the Default Policies (and I see this applied to the NFS system’s policies)
DC - created a krb-auth user in AD and checked the “use kerberos” box for authentication
NFS - modified NFS server service to use AD as an identity source
NFS - joined to the AD domain
NFS - configured it to use Windows Time (ntp) to the DC (Kerberos is very sensitive to time differences)
NFS - granted the krb-auth user R/W access to the NFS_Shared folder
esxi - turned on ntp and pointed it to the DC
esxi - joined to domain (previously, in a lab)
esxi - tried different versions of credentials (Settings > Security > Kerberos credentials) with and without domain name, etc.
So I'm wondering if anyone has ever done this or has any suggestions for how to make this work?
Thanks.