Difference between revisions of "NFS Utilities"

From CBLFS
Jump to navigationJump to search
(Configuring)
(Configuring)
Line 93: Line 93:
 
=== NFSv4 ===
 
=== NFSv4 ===
  
Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:
+
Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab Each client gets its own keytab for nfs:
  
 
  kadmin.local -q "addprinc ''<fqdn of client>''@''<REALMNAME.COM>''"
 
  kadmin.local -q "addprinc ''<fqdn of client>''@''<REALMNAME.COM>''"
 
  kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/''<fqdn of client>''@''<REALMNAME.COM>''"
 
  kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/''<fqdn of client>''@''<REALMNAME.COM>''"
  
Now securely move '''''temp.keytab''''' to '''''/etc/nfs4.keytab''''' on the client.
+
Now securely move '''''temp.keytab''''' to '''''/etc/nfs4.keytab''''' on the client. Then make sure you change the permissions on the file on the target computer:
 +
 
 +
chmod 600 /etc/nfs4.keytab
  
 
=== Bootscript ===
 
=== Bootscript ===
Line 124: Line 126:
 
  kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/''<fqdn of client>''@''<REALMNAME.COM>''"
 
  kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/''<fqdn of client>''@''<REALMNAME.COM>''"
  
Now securely move '''''temp.keytab''''' to '''''/etc/nfs4.keytab''''' on the server.
+
Now securely move '''''temp.keytab''''' to '''''/etc/nfs4.keytab''''' on the server. Then make sure you change the permissions on the file on the target computer:
 +
 
 +
chmod 600 /etc/nfs4.keytab
  
 
=== Bootscript ===
 
=== Bootscript ===

Revision as of 07:33, 16 November 2008

Download Source: http://www.kernel.org/pub/linux/utils/nfs/nfs-utils-1.2.8.tar.bz2

Introduction to NFS Utilities

The NFS Utilities package contains the userspace server and client tools necessary to use the kernel's NFS abilities. NFS is a protocol that allows sharing file systems over the network.

Project Homepage: Unknown

Dependencies

Required

Optional for NFSv4 Support

Optional for GSS (RPC Security) Support

Creating the nobody/nogroup User/Group

groupadd -g 65533 nogroup &&
groupadd -g 65534 nobody &&
useradd -c "Nobody" -d /dev/null \
        -u 65534 -g nobody -s /bin/false nobody

Non-Multilib

Compile the package:

./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

Multilib

This package does not install any libraries so only one installation is needed.

32Bit

Compile the package:

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" USE_ARCH=32 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" USE_ARCH=n32 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" USE_ARCH=64 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

Configuring

Caution.png

Note

This is a note about NFSv4 & Kerberos.

Make sure that your clocks are in sync. If the time differers by more then 5 minutes, you will not authenticate even with the correct password / key.

You must also have a working DNS & Reverse DNS Zones. If your FQDN for your host resolves to 127.0.0.1 Kerberos will not work properly either.

Client

NFSv4

Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab Each client gets its own keytab for nfs:

kadmin.local -q "addprinc <fqdn of client>@<REALMNAME.COM>"
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"

Now securely move temp.keytab to /etc/nfs4.keytab on the client. Then make sure you change the permissions on the file on the target computer:

chmod 600 /etc/nfs4.keytab

Bootscript

Install the init script from the bootscripts package:

make install-nfs-client

/etc/fstab

Below are 2 example entries in /etc/fstab for a nfs mounted /home and /usr.

<server-name>:/home  /home nfs   rw,_netdev,rsize=8192,wsize=8192 0 0
<server-name>:/usr   /usr  nfs   ro,_netdev,rsize=8192            0 0

<server-name> in the above example is an ip address or a hostname.

Server

NFSv4

Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:

kadmin.local -q "addprinc <fqdn of client>@<REALMNAME.COM>"
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"

Now securely move temp.keytab to /etc/nfs4.keytab on the server. Then make sure you change the permissions on the file on the target computer:

chmod 600 /etc/nfs4.keytab

Bootscript

Install the init script from the bootscripts package:

make install-nfs-server

And configure it:

cat > /etc/sysconfig/nfs-server << "EOF"
PORT="2049"
PROCESSES="8"
QUOTAS="no"
KILLDELAY="10"
EOF

Server Configuration

/etc/exports contains the exported directories on NFS servers. The "NFS HowTo", http://nfs.sourceforge.net/nfs-howto/. contains information on how to configure the servers and clients. For example, for sharing the /home directory over the local network, the following line may be added:

/home <192.168.0.0/255.255.255.0>(rw,subtree_check,anonuid=99,anongid=99)