NFS Utilities

From CBLFS
Revision as of 15:41, 16 November 2008 by Jciccone (talk | contribs) (Bootscript)
Jump to navigationJump to search
Download Source: http://www.kernel.org/pub/linux/utils/nfs/nfs-utils-1.2.8.tar.bz2

Introduction to NFS Utilities

The NFS Utilities package contains the userspace server and client tools necessary to use the kernel's NFS abilities. NFS is a protocol that allows sharing file systems over the network.

Project Homepage: Unknown

Dependencies

Required

Optional for NFSv4 Support

Optional for GSS (RPC Security) Support

Creating the nobody/nogroup User/Group

groupadd -g 65533 nogroup &&
groupadd -g 65534 nobody &&
useradd -c "Nobody" -d /dev/null \
        -u 65534 -g nobody -s /bin/false nobody

Non-Multilib

Compile the package: 

./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package 

make install &&
install -dv -m755 /var/lib/nfs/rpc_pipefs

Multilib

This package does not install any libraries so only one installation is needed.

32Bit

Compile the package: 

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" USE_ARCH=32 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package 

make install &&
install -dv -m755 /var/lib/nfs/rpc_pipefs

N32

Compile the package: 

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" USE_ARCH=n32 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package 

make install &&
install -dv -m755 /var/lib/nfs/rpc_pipefs

64Bit

Compile the package: 

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" USE_ARCH=64 \
./configure --prefix=/usr --sysconfdir=/etc \
    --disable-nfsv4 --disable-gss &&
make

Install the package 

make install &&
install -dv -m755 /var/lib/nfs/rpc_pipefs

Configuring

Note if you install the nfs-server bootscript you dont need to install the nfs-client bootscript.

Caution.png

Note

This is a note about NFSv4 & Kerberos.

Make sure that your clocks are in sync. If the time differers by more then 5 minutes, you will not authenticate even with the correct password / key.

You must also have a working DNS & Reverse DNS Zones. If your FQDN for your host resolves to 127.0.0.1 Kerberos will not work properly either.

Client

NFSv4

Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab Each client gets its own keytab for nfs: 

kadmin.local -q "addprinc <fqdn of client>@<REALMNAME.COM>"
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"

Now securely move temp.keytab to /etc/krb5.keytab on the client. Then make sure you change the permissions on the file on the target computer: 

chmod 600 /etc/krb5.keytab

If you already have a krb5.keytab on the target computer you can merge the two together with the ktutil command.

Bootscript

Install the init script from the bootscripts package: 

make install-nfs-client

Create the default configuration file with the following command: 

cat > /etc/sysconfig/nfs-client << "EOF"
# Begin /etc/sysconfig/nfs-client

# Change the following line to NFS4=yes if you wish to use nfs4.
NFS4=no

# End /etc/sysconfig/nfs-client
EOF

/etc/fstab

Below are 2 example entries in /etc/fstab for a nfs mounted /home and /usr. 

<server-name>:/home  /home nfs   rw,_netdev,rsize=8192,wsize=8192 0 0
<server-name>:/usr   /usr  nfs   ro,_netdev,rsize=8192            0 0

<server-name> in the above example is an ip address or a hostname.

Server

NFSv4

Make sure that you have your Kerberos KDC setup then add a client key, then export it to a temporary keytab: 

kadmin.local -q "addprinc <fqdn of client>@<REALMNAME.COM>"
kadmin.local -q "ktadd -e des-cbc-crc:normal -k temp.keytab nfs/<fqdn of client>@<REALMNAME.COM>"

Now securely move temp.keytab to /etc/krb5.keytab on the client. Then make sure you change the permissions on the file on the target computer: 

chmod 600 /etc/krb5.keytab

If you already have a krb5.keytab on the target computer you can merge the two together with the ktutil command.

Bootscript

Install the init script from the bootscripts package: 

make install-nfs-server

Create the default configuration file with the following command: 

cat > /etc/sysconfig/nfs-server << "EOF"
# Begin /etc/sysconfig/nfs-server

# Change the following line to NFS4=yes if you wish to use nfs4.
NFS4=no

PORT="2049"
PROCESSES="8"
QUOTAS="no"
KILLDELAY="10"

# End /etc/sysconfig/nfs-server
EOF

Server Configuration

/etc/exports contains the exported directories on NFS servers. The "NFS HowTo", http://nfs.sourceforge.net/nfs-howto/. contains information on how to configure the servers and clients. For example, for sharing the /home directory over the local network, the following line may be added: 

/home <192.168.0.0/255.255.255.0>(rw,subtree_check,anonuid=99,anongid=99)
Retrieved from "https://cblfs.clfs.org/index.php?title=NFS_Utilities&oldid=16092"