Kerberized NFSv4: wrong security flavor

Hello there,

for weeks I'm trying to get kerberized NFSv4 working on a FreeBSD server.
Originally I tried using a Linux client which didn't work, so I now
switched to a FreeBSD client which doesn't work either but with another
error. Remark: Linux server and client are working with the same KDC.

It feels I've ready each and every tutorial on kerberized NFS but just
don't see the error.

But now for the error on the FreeBSD client:
root@freebsd-client: # mount -vvv -o nfsv4,sec=krb5
freebsd.fqdn:/srv/nfsshare /mnt/nfs/
mount_nfs: nmount: /mnt/nfs, wrong security flavor

And what Wireshark shows fits the message:
Remote Procedure Call, Type:Call XID:0x69cd8522
    Fragment header: Last fragment, 152 bytes
    XID: 0x69cd8522 (1775076642)
    Message Type: Call (0)
    RPC Version: 2
    Program: NFS (100003)
    Program Version: 4
    Procedure: COMPOUND (1)
    [The reply to this request is in frame 16]
    Credentials
        Flavor: AUTH_UNIX (1)
        Length: 56
        Stamp: 0x61ffd269
        Machine Name: freebsd-client.local.eyserver.de
            length: 32
            contents: freebsd-client.local.eyserver.de
        UID: 0
        GID: 0
        Auxiliary GIDs (1) [5]
    Verifier
        Flavor: AUTH_NULL (0)
        Length: 0

GSSD is running and also seems to be in the loop (shows output on mount
when run as gssd -vhd) but it seems just right away ignores the request for
krb5.
Do you have any ideas on this? Or at least what I can do to debug this?

FreeBSD used is 13.0-RELEASE.

Regards,
Arno