Request guidance on NFSv4.1 server using KRB5 with AD and without winbind

Hello All,

I've been tasked with getting an NFSv4.1 server stood up within our infrastructure on EL6.  We'd like to use krb5p if possible, and currently have Windows Server 2008r2 domain controllers acting as our KDC.  We have Samba configured on the all our EL6 boxes and use that for things like GSSAPI SSH.

One requirement that's been stated, which I can't find any good examples of, is that we cannot use winbind. 

I've created (via net ads keytab add nfs) nfs/fqdn@DOMAIN and host/fqdn@DOMAIN principals on the test server and client.

Here are my exports:

/srv        *(rw,fsid=0,insecure,no_subtree_check,sync)
/srv/nfshomes    gss/krb5(rw,insecure,no_subtree_check,sync)
/srv/nfsgroups    gss/krb5(rw,insecure,no_subtree_check,sync)
 

And here's what I get when I try to mount:

# mount -v testserver:/srv/nfsgroups /mnt/nfstest -o minorversion=1 -o nolock -o nfsvers=4
mount: no type was given - I'll assume nfs because of the colon
mount.nfs: timeout set for Fri Mar  1 16:59:42 2013
mount.nfs: trying text-based options 'minorversion=1,nolock,nfsvers=4,addr=10.64.29.15,clientaddr=10.64.28.167'
mount.nfs: mount(2): Protocol not supported
mount.nfs: Protocol not supported
 

Here are the encryption types in the nfs/fqdn and host/fqdn keys in the keytabs:

(des-cbc-crc)

(des-cbc-md5)

(arcfour-hmac)

(aes128-cts-hmac-sha1-96)

(aes256-cts-hmac-sha1-96)

Does anyone have any advice on where I should go from here? 

Thanks!