Greetings!

I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.
Everything works good, but when it comes to svcgssd service activation, I receive an error.

Here's the log:

/usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
unable to obtain root (machine) credentials
do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?

Earlier, I've created proper (well, I think it's a proper one) keytab. AD user was created and then, on Windows server, following ktpass command was executed:
ktpass -princ nfs/hostname.domain.com@DOMAIN.COM -mapuser DOMAIN\username -pass xxxxxxx -ptype KRB5_NT_PRINCIPAL -out krb5.keytab

Then, the resulting krb5.keytab file was put on SLES server, but still I receive the same error.

That's what "klist -k /etc/krb5.keytab" shows:
Keytab name: FILE:/etc/krb5.keytab KVNO Principal
------------ 8 nfs/ip-10-243-1-2.domain.com@DOMAIN.COM

Domain name was changed due to security measures =) But it appears to be right.

What can cause such problem?

Thank you.

What if hostname -fqdn show hostname.ec2.internal? That VPS in located in Amazon EC2. Modifying keytab that way: "ktpass -princ nfs/ip-10-243-1.ec2.internal@DOMAIN.COM -mapuser DOMAIN\nfs10 -pass XXXXXX -ptype KRB5_NT_PRINCIPAL -out krb5.keytab" didn't held though. Maybe I should modify /etc/krb5.conf somehow, but I don't have any ideas.