nfs server/autofs
Now, go to your LDAP server and configure nfs server as well
1. installl package
[root@sam migrationtools]# yum install nfs-utils
[root@sam migrationtools]# rpm -q nfs-utils
nfs-utils-1.3.0-0.21.el7.x86_64
[root@sam migrationtools]# vi /etc/exports
/opt/RHEL7.2 *(ro)
/home *(rw,sync)
[root@sam migrationtools]#
[root@sam migrationtools]# systemctl reload nfs-server
[root@sam migrationtools]# exportfs
/opt/RHEL7.2 <world>
/home <world>
[root@sam migrationtools]#
note: If you have problem starting nfs server, please check rpcbind service
Once you restarted, add it into firewall to enable. My case, firewall is disable
[root@sam migrationtools]# firewall-cmd --permanent --add-service nfs
FirewallD is not running
[root@sam migrationtools]# firewall-cmd --reload
verify your export
[root@sam migrationtools]# showmount -e localhost
Export list for localhost:
/home *
/opt/RHEL7.2 *
[root@sam migrationtools]#
Now, your nfs server is configured
Configure nfs client
Go to client machine and check the packages
[root@localhost tmp]# rpm -qa | egrep "nfs-utils|autofs"
[root@localhost tmp]# yum install nfs-utils autofs
[root@localhost tmp]# vi /etc/auto.master
[root@localhost tmp]# vi /etc/auto.autofs
[root@localhost tmp]# cat /etc/auto.master
/home /etc/auto.autofs --timeout=600
note: timeout value is optional
[root@localhost tmp]# cat /etc/auto.autofs
* sam:/home/&
[root@localhost tmp]#
[root@localhost tmp]# systemctl enable autofs
Created symlink from /etc/systemd/system/multi-user.target.wants/autofs.service to /usr/lib/systemd/system/autofs.service.
[root@localhost tmp]# systemctl start autofs
[root@localhost tmp]#
edit /etc/ssh/ssh_config file and enable gss
[root@localhost tmp]# vi /etc/ssh/ssh_config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Also verify if GSSAPIAuthentication is set to yes on server
[root@localhost tmp]# vi /etc/ssh/sshd_config
GSSAPIAuthentication yes
restart sshd
[root@localhost tmp]# systemctl reload sshd
[root@localhost home]# ssh ldapuser1@suvi
The authenticity of host 'suvi (192.168.10.20)' can't be established.
ECDSA key fingerprint is 24:5b:42:2e:96:0b:c9:1d:2a:e7:a3:5f:a9:fe:43:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'suvi,192.168.10.20' (ECDSA) to the list of known hosts.
ldapuser1@suvi's password:
[ldapuser1@localhost ~]$ pwd
/home/ldapuser1
[ldapuser1@localhost ~]$ ls
[ldapuser1@localhost ~]$
[ldapuser1@localhost ~]$ df -h .
Filesystem Size Used Avail Use% Mounted on
sam:/home/ldapuser1 20G 16G 4.8G 77% /home/ldapuser1
[ldapuser1@localhost ~]$ mount | grep ldap
sam:/home/ldapuser1 on /home/ldapuser1 type nfs4 (rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.10.20,local_lock=none,addr=192.168.10.8)
[ldapuser1@localhost ~]$
uid=1002(ldapuser1) gid=1002(ldapuser1) groups=1002(ldapuser1)
[ldapuser1@localhost ~]$ getent passwd | grep ldapuser2
ldapuser2:x:1003:1003:ldapuser2:/home/ldapuser2:/bin/bash
[ldapuser1@localhost ~]$
[ldapuser1@localhost ~]$ klist
Ticket cache: KEYRING:persistent:1002:krb_ccache_hbxE3HZ
Default principal: ldapuser1@EXPANOR.LOCAL
Valid starting Expires Service principal
05/13/2016 00:28:47 05/14/2016 00:28:47 krbtgt/EXPANOR.LOCAL@EXPANOR.LOCAL
[ldapuser1@localhost ~]$
Configured using following video below. Working perfect
https://www.youtube.com/watch?v=yS5mLBh-yGo
No comments:
Post a Comment