NFS
配置基本NFS挂载
server端:
systemctl start nfs-server
mkdir /myshare 修改权限
vim /etc/export
-----------------------------------
/myshare desktopX(rw)
-----------------------------------
export -r (刷新)
systemctl restart nfs-server
showmount -e (查看共享目录)
systemctl stop filewall(其实添加防火墙规则就好了)
desktop端:
showmount -e serverX
mkdir /mnt/nfsshare (创建文件夹挂载)
mount serverX:/myshare /mnt/nfsshare
配置NFS网络存储用kerberos做验证
server端:
yum -y install authconfig-gtk sssd krb5-workstation
authconfig-gtk 配置ldap与kerber域-------------id ldapuser1 查看是否成功
下载秘钥:wegt -o /etc/krb5.keytab__________地址___________
-----------------------------------------------------------------------
systemctl restart nfs-secure-server (要重启secure这个服务,先下载秘钥,不然会报错)
systemctl enable nfs-secure-server
systemctl restart nfs-server 重启NFS基本服务与开机自动启动
systemctl enable nfs-server
---------------------------------------------------------------------
mkdir /secshare chmod o+w /secshare 修改secshare目录,拥有写权限。
vim /etc/exports (在这个配置文件写入你要共享的目录与对象)
------------------------------------------------------------
/secshare desktop6(sec=krb5p,rw) 在这之间要先建立好一个叫secshare的目录
------------------------------------------------------------
expportfs -r (刷新一下配置文件,看看有没有错误)
showmount -e 查看共享目录列表
修改防火墙规则:
firewall-cmd --add-server=mountd
vim /etc/sysconfig/nfs( 修改selinux策略)
------------------------------------------------------------------
RPCNFSDARGS="-V 4.2" (找到这行,修改)
-----------------------------------------
systemctl restart nfs-server
systemctl restart nfs-secure-server (重启这两个服务)
chcon -R -t public_content_t /secshare (修改secshare目录的selinux上下文,用ls -Z查看)
desktop端:
一样的装3个包
authconfig-gtk 配置ldap与kerber的域 ------id ldapuser1 查看
下载desktop端的秘钥同样的 放在/etc/krb5.keytab
-----------------------------------------------------------------------
systemctl restart nfs-secure-server (要重启secure这个服务,先下载秘钥,不然会报错)
systemctl enable nfs-secure-server
systemctl restart nfs-server 重启NFS基本服务与开机自动启动
systemctl enable nfs-server
---------------------------------------------------------------------
ssh ldapuser1@localhost (第一次登陆ldapuser需要用ldapuser1进行登陆,获取票据)
输入密码:kerberos
/mnt/secshare (建立挂载目录)
在root下挂载:
mount -o sec=krb5p,v4.2 server6:/secshare /mnt/secshare
要往挂载目录些东西需要在ldapuser1里面去写
NFS的自动挂载
基本NFS的使用fstab的自动挂载
vim /etc/fstab
-----------------------------------------------------------------
server6:/myshare /mnt/nfsshare nfs sync 0 0
------------------------------------------------------------------
kerber验证的fstab自动挂载
vim /etc/fstab
-----------------------------------------------------------------------
server6:/myshare /mnt/nfsshare nfs sec=krb5p,sync 0 0
-----------------------------------------------------------------------
autofs的自动挂载(挂载ldapuser的家目录)
安装所需要的autofs包
yum -y install autofs
vim /etc/autofs.master (修改本配置文件)
------------------------------------------------------------------------------
/home/guests /etc/autofs.ldapuser1 (家目录要和远端用户相同)
---------------------------------------------------------
在本地新建一个/home/guests(不要深到ldapuser1去,它会自动帮你把远端的ldapuser1这个家目录挂载在本端/home/guests)
cp /etc/autofs.misc /etc/autofs.ldapuser1 (从.misc里面抄袭写法)
vim /etc/autofs.ldapuser
------------------------------------------------------------------------------------------------------------------
ldapuser1 --stype=nfs classroom:server/secshare /home/guests/ldapuser1
--------------------------------------------------------------------------------------------------------------------------
<wiz_tmp_tag id="wiz-table-range-border" contenteditable="false" style="display: none;">