On Tue, 20 Oct 2015, Ondrej Valousek wrote:
Will add this to my document, thanks.
I have heard about this issue - but how many is "many groups"?
I have user here with 32 groups - I do not experience any problems.
I'm not sure. 150 is definitely too many groups. Yes, it's definitely too
many groups even without NFS. It's related to whether the PAC fits in a page
The other part of the fix with AD, one you have these two computer objects:
ktpass -princ nfs/myhost.domain@REALM -mapuser myhost-nfs$ +rndPass -out temp.keytab
That then gives you a keytab to merge into the first, so on the client it
looks like a perfectly normal setup.
I don't know whether you can do this all from the linux side.