Difference between revisions of "NFS Utilities"
(→Optional for NFSv4 Support: Added keyutils to the list of NFSv4 requirements) |
|||
| Line 55: | Line 55: | ||
{{note|If you choose to enable NFSv4, drop both --disable flags, and append --with-gssglue. | {{note|If you choose to enable NFSv4, drop both --disable flags, and append --with-gssglue. | ||
To work around some documented behaviour in libtool that will cause your build to subtly fail, | To work around some documented behaviour in libtool that will cause your build to subtly fail, | ||
| − | prepend GSSGLUE_CFLAGS | + | prepend GSSGLUE_CFLAGS="-Wl,-lgssglue" to the start of your configure line.}} |
Install the package | Install the package | ||
Revision as of 14:09, 9 July 2013
| Download Source: | http://www.kernel.org/pub/linux/utils/nfs/nfs-utils-1.2.8.tar.bz2 |
|---|
Contents
Introduction to NFS Utilities
The NFS Utilities package contains the userspace server and client tools necessary to use the kernel's NFS abilities. NFS is a protocol that allows sharing file systems over the network.
Project Homepage: Unknown
Dependencies
Required
Optional for NFSv4 Support
Optional for GSS (RPC Security) Support
- Pkg-config
- libgssapi
- librpcsecgss
- MIT krb5
- SPKM-3 for Additional SPKM-3 Support
Creating the nobody/nogroup User/Group
groupadd -g 65533 nogroup &&
groupadd -g 65534 nobody &&
useradd -c "Nobody" -d /dev/null \
-u 65534 -g nobody -s /bin/false nobody
Non-Multilib
Compile the package:
./configure --prefix=/usr --sysconfdir=/etc \
--disable-nfsv4 --disable-gss &&
make
Install the package
make install && install -dv -m755 /var/lib/nfs/rpc_pipefs
Multilib
This package does not install any libraries so only one installation is needed.
64Bit
Compile the package:
CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" USE_ARCH=64 \
./configure --prefix=/usr --sysconfdir=/etc \
--disable-nfsv4 --disable-gss &&
make
Note
To work around some documented behaviour in libtool that will cause your build to subtly fail,
prepend GSSGLUE_CFLAGS="-Wl,-lgssglue" to the start of your configure line.Install the package
make install && install -dv -m755 /var/lib/nfs/rpc_pipefs
Configuring
Note if you install the nfs-server bootscript you dont need to install the nfs-client bootscript.
Note
Make sure that your clocks are in sync. If the time differers by more then 5 minutes, you will not authenticate even with the correct password / key.
You must also have a working DNS & Reverse DNS Zones. If your FQDN for your host resolves to 127.0.0.1 Kerberos will not work properly either.If you're using nfs4 you should also have host/<fqdn of client>@<REALMNAME.COM> in your /etc/krb5.keytab as well as nfs/<fqdn of client>@<REALMNAME.COM>.
Client
NFSv4
Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab Each client gets its own keytab for nfs:
kadmin.local -q "addprinc -randkey <fqdn of client>@<REALMNAME.COM>" kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"
Now securely move temp.keytab to /etc/krb5.keytab on the client. Then make sure you change the permissions on the file on the target computer:
chmod 600 /etc/krb5.keytab
If you already have a krb5.keytab on the target computer you can merge the two together with the ktutil command.
Bootscript
Install the init script from the bootscripts package:
make install-nfs-client
Create the default configuration file with the following command:
cat > /etc/sysconfig/nfs-client << "EOF" # Begin /etc/sysconfig/nfs-client # Change the following line to NFS4=yes if you wish to use nfs4. NFS4=no # End /etc/sysconfig/nfs-client EOF
/etc/fstab
Below are 2 example entries in /etc/fstab for a nfs mounted /home and /usr.
<server-name>:/home /home nfs rw,_netdev,rsize=8192,wsize=8192 0 0 <server-name>:/usr /usr nfs ro,_netdev,rsize=8192 0 0
<server-name> in the above example is an ip address or a hostname.
Server
NFSv4
Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab:
kadmin.local -q "addprinc -randkey <fqdn of client>@<REALMNAME.COM>" kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"
Now securely move temp.keytab to /etc/krb5.keytab on the client. Then make sure you change the permissions on the file on the target computer:
chmod 600 /etc/krb5.keytab
If you already have a krb5.keytab on the target computer you can merge the two together with the ktutil command.
Bootscript
Install the init script from the bootscripts package:
make install-nfs-server
Create the default configuration file with the following command:
cat > /etc/sysconfig/nfs-server << "EOF" # Begin /etc/sysconfig/nfs-server # Change the following line to NFS4=yes if you wish to use nfs4. NFS4=no PORT="2049" PROCESSES="8" QUOTAS="no" KILLDELAY="10" # End /etc/sysconfig/nfs-server EOF
Server Configuration
/etc/exports contains the exported directories on NFS servers. The "NFS HowTo", http://nfs.sourceforge.net/nfs-howto/. contains information on how to configure the servers and clients. For example, for sharing the /home directory over the local network, the following line may be added:
/home <192.168.0.0/255.255.255.0>(rw,subtree_check,anonuid=99,anongid=99)
