Friday, May 13, 2016

RHEL7 - Autofs (nfs-client)


nfs server/autofs

Now, go to your LDAP server and configure nfs server as well

1. installl package


[root@sam migrationtools]# yum install nfs-utils

[root@sam migrationtools]# rpm -q nfs-utils
nfs-utils-1.3.0-0.21.el7.x86_64


[root@sam migrationtools]# vi /etc/exports
/opt/RHEL7.2    *(ro)
/home   *(rw,sync)
[root@sam migrationtools]#

[root@sam migrationtools]# systemctl reload nfs-server
[root@sam migrationtools]# exportfs
/opt/RHEL7.2    <world>
/home           <world>
[root@sam migrationtools]#

note: If you have problem starting nfs server, please check rpcbind service

Once you restarted, add it into firewall to enable. My case, firewall is disable

[root@sam migrationtools]# firewall-cmd --permanent --add-service nfs
FirewallD is not running
[root@sam migrationtools]# firewall-cmd --reload

verify your export

[root@sam migrationtools]# showmount -e localhost
Export list for localhost:
/home        *
/opt/RHEL7.2 *
[root@sam migrationtools]#


Now, your nfs server is configured


Configure nfs client

Go to client machine and check the packages

[root@localhost tmp]# rpm -qa | egrep "nfs-utils|autofs"
[root@localhost tmp]# yum install nfs-utils autofs



[root@localhost tmp]# vi /etc/auto.master
[root@localhost tmp]# vi /etc/auto.autofs


[root@localhost tmp]# cat /etc/auto.master
/home   /etc/auto.autofs --timeout=600

note: timeout value is optional


[root@localhost tmp]# cat /etc/auto.autofs
*       sam:/home/&
[root@localhost tmp]#



[root@localhost tmp]# systemctl enable autofs
Created symlink from /etc/systemd/system/multi-user.target.wants/autofs.service to /usr/lib/systemd/system/autofs.service.
[root@localhost tmp]# systemctl start autofs
[root@localhost tmp]#


edit /etc/ssh/ssh_config file and enable gss

[root@localhost tmp]# vi /etc/ssh/ssh_config

   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials yes


Also verify if GSSAPIAuthentication is set to yes on server

[root@localhost tmp]# vi /etc/ssh/sshd_config
GSSAPIAuthentication yes

restart sshd
[root@localhost tmp]# systemctl reload sshd




[root@localhost home]# ssh ldapuser1@suvi
The authenticity of host 'suvi (192.168.10.20)' can't be established.
ECDSA key fingerprint is 24:5b:42:2e:96:0b:c9:1d:2a:e7:a3:5f:a9:fe:43:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'suvi,192.168.10.20' (ECDSA) to the list of known hosts.
ldapuser1@suvi's password:
[ldapuser1@localhost ~]$ pwd
/home/ldapuser1
[ldapuser1@localhost ~]$ ls
[ldapuser1@localhost ~]$

[ldapuser1@localhost ~]$ df -h .
Filesystem           Size  Used Avail Use% Mounted on
sam:/home/ldapuser1   20G   16G  4.8G  77% /home/ldapuser1
[ldapuser1@localhost ~]$  mount | grep ldap
sam:/home/ldapuser1 on /home/ldapuser1 type nfs4 (rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.10.20,local_lock=none,addr=192.168.10.8)
[ldapuser1@localhost ~]$



[ldapuser1@localhost ~]$ id ldapuser1
uid=1002(ldapuser1) gid=1002(ldapuser1) groups=1002(ldapuser1)
[ldapuser1@localhost ~]$ getent passwd | grep ldapuser2
ldapuser2:x:1003:1003:ldapuser2:/home/ldapuser2:/bin/bash
[ldapuser1@localhost ~]$


[ldapuser1@localhost ~]$ klist
Ticket cache: KEYRING:persistent:1002:krb_ccache_hbxE3HZ
Default principal: ldapuser1@EXPANOR.LOCAL

Valid starting       Expires              Service principal
05/13/2016 00:28:47  05/14/2016 00:28:47  krbtgt/EXPANOR.LOCAL@EXPANOR.LOCAL
[ldapuser1@localhost ~]$



Configured using following video below. Working perfect
https://www.youtube.com/watch?v=yS5mLBh-yGo









No comments:

Post a Comment