Difference between revisions of "NFS Utilities"

From CBLFS
Jump to navigationJump to search
(Configuring)
Line 82: Line 82:
  
 
= Configuring =
 
= Configuring =
 +
 +
{{Note|This is a note about NFSv4 & Kerberos.
 +
 +
Make sure that your clocks are in sync. If the time differers by more then 5 minutes, you will not authenticate even with the correct password / key.
 +
 +
You must also have a working DNS & Reverse DNS Zones. If your FQDN for your host resolves to 127.0.0.1 Kerberos will not work properly either.}}
  
 
== Client ==
 
== Client ==
 +
 +
=== NFSv4 ===
 +
 +
Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:
 +
 +
kadmin.local -q "addprinc ''<fqdn of client>''@''<REALMNAME.COM>''"
 +
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/''<fqdn of client>''@''<REALMNAME.COM>''"
 +
 +
Now securely move '''''temp.keytab''''' to '''''/etc/nfs4.keytab''''' on the client.
  
 
=== Bootscript ===
 
=== Bootscript ===
Line 102: Line 117:
 
== Server ==
 
== Server ==
  
=== Server Configuration ===
+
=== NFSv4 ===
 +
 
 +
Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:
  
'''/etc/exports''' contains the exported directories on NFS servers. The "NFS HowTo", http://nfs.sourceforge.net/nfs-howto/. contains information on how to configure the servers and clients. For example, for sharing the '''/home''' directory over the local network, the following line may be added:
+
kadmin.local -q "addprinc ''<fqdn of client>''@''<REALMNAME.COM>''"
 +
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/''<fqdn of client>''@''<REALMNAME.COM>''"
  
/home <192.168.0.0/255.255.255.0>(rw,subtree_check,anonuid=99,anongid=99)
+
Now securely move '''''temp.keytab''''' to '''''/etc/nfs4.keytab''''' on the server.
  
 
=== Bootscript ===
 
=== Bootscript ===
Line 122: Line 140:
 
  KILLDELAY="10"
 
  KILLDELAY="10"
 
  EOF
 
  EOF
 +
 +
=== Server Configuration ===
 +
 +
'''/etc/exports''' contains the exported directories on NFS servers. The "NFS HowTo", http://nfs.sourceforge.net/nfs-howto/. contains information on how to configure the servers and clients. For example, for sharing the '''/home''' directory over the local network, the following line may be added:
 +
 +
/home <192.168.0.0/255.255.255.0>(rw,subtree_check,anonuid=99,anongid=99)

Revision as of 07:25, 16 November 2008

Download Source: http://www.kernel.org/pub/linux/utils/nfs/nfs-utils-1.2.8.tar.bz2

Introduction to NFS Utilities

The NFS Utilities package contains the userspace server and client tools necessary to use the kernel's NFS abilities. NFS is a protocol that allows sharing file systems over the network.

Project Homepage: Unknown

Dependencies

Required

Optional for NFSv4 Support

Optional for GSS (RPC Security) Support

Creating the nobody/nogroup User/Group

groupadd -g 65533 nogroup &&
groupadd -g 65534 nobody &&
useradd -c "Nobody" -d /dev/null \
        -u 65534 -g nobody -s /bin/false nobody

Non-Multilib

Compile the package:

./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

Multilib

This package does not install any libraries so only one installation is needed.

32Bit

Compile the package:

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" USE_ARCH=32 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" USE_ARCH=n32 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" USE_ARCH=64 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package

make install

Configuring

Caution.png

Note

This is a note about NFSv4 & Kerberos.

Make sure that your clocks are in sync. If the time differers by more then 5 minutes, you will not authenticate even with the correct password / key.

You must also have a working DNS & Reverse DNS Zones. If your FQDN for your host resolves to 127.0.0.1 Kerberos will not work properly either.

Client

NFSv4

Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:

kadmin.local -q "addprinc <fqdn of client>@<REALMNAME.COM>"
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"

Now securely move temp.keytab to /etc/nfs4.keytab on the client.

Bootscript

Install the init script from the bootscripts package:

make install-nfs-client

/etc/fstab

Below are 2 example entries in /etc/fstab for a nfs mounted /home and /usr.

<server-name>:/home  /home nfs   rw,_netdev,rsize=8192,wsize=8192 0 0
<server-name>:/usr   /usr  nfs   ro,_netdev,rsize=8192            0 0

<server-name> in the above example is an ip address or a hostname.

Server

NFSv4

Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:

kadmin.local -q "addprinc <fqdn of client>@<REALMNAME.COM>"
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"

Now securely move temp.keytab to /etc/nfs4.keytab on the server.

Bootscript

Install the init script from the bootscripts package:

make install-nfs-server

And configure it:

cat > /etc/sysconfig/nfs-server << "EOF"
PORT="2049"
PROCESSES="8"
QUOTAS="no"
KILLDELAY="10"
EOF

Server Configuration

/etc/exports contains the exported directories on NFS servers. The "NFS HowTo", http://nfs.sourceforge.net/nfs-howto/. contains information on how to configure the servers and clients. For example, for sharing the /home directory over the local network, the following line may be added:

/home <192.168.0.0/255.255.255.0>(rw,subtree_check,anonuid=99,anongid=99)