Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares [2018/04/14 16:41] billdozor |
linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares [2018/05/19 14:32] billdozor [NFS Client] |
||
---|---|---|---|
Line 37: | Line 37: | ||
====== NFS Server ====== | ====== NFS Server ====== | ||
+ | |||
+ | **On server2** (NFS Server/ | ||
\\ | \\ | ||
Line 43: | Line 45: | ||
kadmin | kadmin | ||
- | addprinc -randkey nfs/ | + | kadmin: |
- | ktadd nfs/ | + | kadmin: |
+ | |||
+ | kadmin: exit | ||
</ | </ | ||
Line 72: | Line 76: | ||
exportfs -var | exportfs -var | ||
</ | </ | ||
- | |||
- | \\ | ||
- | LinuxAcademy.com says a reboot is needed at this point for the client to work consistently. -> **TO INVESTIGATE** | ||
---- | ---- | ||
Line 80: | Line 81: | ||
====== NFS Client ====== | ====== NFS Client ====== | ||
+ | **On server1** (NFS Client/ | ||
+ | |||
+ | \\ | ||
Add NFS principal and add local copy of keytab file | Add NFS principal and add local copy of keytab file | ||
<code bash> | <code bash> | ||
kadmin | kadmin | ||
- | addprinc -randkey nfs/ | + | kadmin: |
- | ktadd nfs/ | + | kadmin: |
+ | |||
+ | kadmin: exit | ||
</ | </ | ||
Line 93: | Line 99: | ||
systemctl enable nfs-client.target | systemctl enable nfs-client.target | ||
systemctl start nfs-client.target | systemctl start nfs-client.target | ||
- | </ | ||
- | \\ | + | # If it was already running, restart it |
- | Temporary mount | + | systemctl restart nfs-client.target |
- | <code bash> | + | |
- | mount -t nfs4 -o sec=krb5 server2.example.com:/ | + | |
</ | </ | ||
\\ | \\ | ||
- | Permanent | + | Persistent |
<code bash>vim /etc/fstab | <code bash>vim /etc/fstab | ||
- | server2.example.com:/ | + | server2.example.com:/ |
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Mount the filesystem | ||
+ | <code bash> | ||
+ | mount -a | ||
</ | </ | ||
+ | * If you see this error message " | ||
\\ | \\ |