linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares [2018/04/14 16:41]
billdozor 		linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares [2019/05/25 23:50] (current)
Line 37: Line 37:
  
 ====== NFS Server ====== ====== NFS Server ======
 +
 +**On server2** (NFS Server/KDC).
  
 \\ \\
Line 43: Line 45:
 kadmin kadmin
  
-addprinc -randkey nfs/server2.example.com +kadmin: addprinc -randkey nfs/server2.example.com 
-ktadd nfs/server2.example.com+kadmin: ktadd nfs/server2.example.com 
 + 
 +kadmin: exit
 </code> </code>
  
Line 72: Line 76:
 exportfs -var exportfs -var
 </code> </code>
- 
-\\ 
-LinuxAcademy.com says a reboot is needed at this point for the client to work consistently. -> **TO INVESTIGATE** 
  
 ---- ----
Line 80: Line 81:
 ====== NFS Client ====== ====== NFS Client ======
  
 +**On server1** (NFS Client/Kerberos Client)
 +
 +\\
 Add NFS principal and add local copy of keytab file Add NFS principal and add local copy of keytab file
 <code bash> <code bash>
 kadmin kadmin
  
-addprinc -randkey nfs/server1.example.com +kadmin: addprinc -randkey nfs/server1.example.com 
-ktadd nfs/server1.example.com+kadmin: ktadd nfs/server1.example.com 
 + 
 +kadmin: exit
 </code> </code>
  
Line 93: Line 99:
 systemctl enable nfs-client.target systemctl enable nfs-client.target
 systemctl start nfs-client.target systemctl start nfs-client.target
-</code> 
  
-\\ +# If it was already running, restart it 
-Temporary mount +systemctl restart nfs-client.target
-<code bash> +
-mount -t nfs4 -o sec=krb5 server2.example.com:/krbdata /mnt+
 </code> </code>
  
 \\ \\
-Permanent mount+Persistent mount
 <code bash>vim /etc/fstab <code bash>vim /etc/fstab
  
-server2.example.com:/krbdata  /mnt  nfs4  sec=krb5  0  0+server2.example.com:/krbdata  /mnt  _netdev,nfs4  sec=krb5  0  0 
 +</code> 
 + 
 +\\ 
 +Mount the filesystem 
 +<code bash> 
 +mount -a
 </code> </code>
 +  * If you see this error message "mount.nfs: an incorrect mount option was specified" -> Ensure that you restarted the 'nfs-client.target' service.
  
 \\ \\
  • linux_wiki/use_kerberos_to_control_access_to_nfs_network_shares.1523738507.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)