On 05/04/2012 12:11 AM, Bob Goodwin - Zuni, Virginia, USA wrote:
> On 03/05/12 10:49, zxq9 wrote:
>> On 05/03/2012 11:34 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
>>> Can someone suggest a clear instruction for setting up an NSF4
>>> server on SL6.2/64, preferably with an example.
>>>
>>> I have NFS3 working on SL5 but haven't been able to get this new
>>> one working ...
>>
>> Does it need anything nifty happening, like mounting under a specific
>> SELinux context or using krb5, etc?
>>
>
> I normally keep Selinux active but other than that it's just a
> local file server on our home LAN, normally accessed from OSX
> and Fedora boxes.
>
> The SL5 server has been tuning continuously for a couple of
> years without ever missing a beat! I've just built up a
> replacement which I hope will do as well.
>
> Bob
>
> .
>
I just blew through this. Here is a log including some file dumps which
will hopefully be relevant to you.
I might have a few things set differently than you that make this work
great or totally trip you up -- so take the following with a grain
(shaker?) of salt. Also, I have Kerberos and LDAP running so name
resolution happens that way -- NFS uid/gid resolution is a little world
of its own.
Also, I normally use automount for nearly everything instead of adding
the NFS mount to /etc/fstab as shown below. There are some great
tutorials out there on that, but if you're confused let us know --
either way you probably won't notice on a home server.
--begin giant dump of stuff--
[root@services etc]# yum install nfs-utils
[root@services etc]# cd /var
[root@services var]# mkdir exphome
[root@services var]# cd /mnt
[root@services mnt]# mkdir /mnt/export/home
[root@services mnt]# echo "/var/exphome /mnt/export/home none bind 0 0"
>> /etc/fstab
[root@services mnt]# mount -a
[root@services var]# cd /etc
[root@services etc]# vim exports
#######################################FILE##########################################
/mnt/export 192.168.0.0/16(rw,fsid=0,insecure)
/mnt/export/home 192.168.0.0/16(rw,nohide,insecure)
#######################################FILE##########################################
[root@services etc]# vim idmapd.conf
#######################################FILE##########################################
[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
Domain = services.mine
# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
# local realm, such that <user>@REALM.A can be assumed to
# be the same user as <user>@REALM.B
# If not specified, the default local realm is the domain name,
# which defaults to the host's DNS domain name,
# translated to upper-case.
# Note that if this value is specified, the local realm name
# must be included in the list!
#Local-Realms =
[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
[Translation]
# Translation Method is an comma-separated, ordered list of
# translation methods that can be used. Distributed methods
# include "nsswitch", "umich_ldap", and "static". Each method
# is a dynamically loadable plugin library.
# New methods may be defined and inserted in the list.
# The default is "nsswitch".
Method = nsswitch
# Optional. This is a comma-separated, ordered list of
# translation methods to be used for translating GSS
# authenticated names to ids.
# If this option is omitted, the same methods as those
# specified in "Method" are used.
#GSS-Methods = <alternate method list for translating GSS names>
#-------------------------------------------------------------------#
# The following are used only for the "static" Translation Method.
#-------------------------------------------------------------------#
[Static]
# A "static" list of GSS-Authenticated names to
# local user name mappings
#someuser@REALM = localuser
#-------------------------------------------------------------------#
# The following are used only for the "umich_ldap" Translation Method.
#-------------------------------------------------------------------#
[UMICH_SCHEMA]
# server information (REQUIRED)
LDAP_server = ldap-server.local.domain.edu
# the default search base (REQUIRED)
LDAP_base = dc=local,dc=domain,dc=edu
#-----------------------------------------------------------#
# The remaining options have defaults (as shown)
# and are therefore not required.
#-----------------------------------------------------------#
# whether or not to perform canonicalization on the
# name given as LDAP_server
#LDAP_canonicalize_name = true
# absolute search base for (people) accounts
#LDAP_people_base = <LDAP_base>
# absolute search base for groups
#LDAP_group_base = <LDAP_base>
# Set to true to enable SSL - anything else is not enabled
#LDAP_use_ssl = false
# You must specify a CA certificate location if you enable SSL
#LDAP_ca_cert = /etc/ldapca.cert
# Objectclass mapping information
# Mapping for the person (account) object class
#NFSv4_person_objectclass = NFSv4RemotePerson
# Mapping for the nfsv4name attribute the person object
#NFSv4_name_attr = NFSv4Name
# Mapping for the UID number
#NFSv4_uid_attr = UIDNumber
# Mapping for the GSSAPI Principal name
#GSS_principal_attr = GSSAuthName
# Mapping for the account name attribute (usually uid)
# The value for this attribute must match the value of
# the group member attribute - NFSv4_member_attr
#NFSv4_acctname_attr = uid
# Mapping for the group object class
#NFSv4_group_objectclass = NFSv4RemoteGroup
# Mapping for the GID attribute
#NFSv4_gid_attr = GIDNumber
# Mapping for the Group NFSv4 name
#NFSv4_group_attr = NFSv4Name
# Mapping for the Group member attribute (usually memberUID)
# The value of this attribute must match the value of NFSv4_acctname_attr
#NFSv4_member_attr = memberUID
#######################################FILE##########################################
[root@services etc]# cd /etc/sysconfig
[root@services sysconfig]# vim nfs
#######################################FILE##########################################
SECURE_NFS="yes"
#
# Define which protocol versions mountd
# will advertise. The values are "no" or "yes"
# with yes being the default
MOUNTD_NFS_V1="no"
MOUNTD_NFS_V2="no"
MOUNTD_NFS_V3="no"
#
#
# Path to remote quota server. See rquotad(8)
#RQUOTAD="/usr/sbin/rpc.rquotad"
# Port rquotad should listen on.
#RQUOTAD_PORT=875
# Optinal options passed to rquotad
#RPCRQUOTADOPTS=""
#
#
# Optional arguments passed to in-kernel lockd
#LOCKDARG=
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
#
#
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
RPCNFSDARGS="-N 2 -N 3"
# Turn off v4 protocol support
#RPCNFSDARGS="-N 4"
# Number of nfs server processes to be started.
# The default is 8.
#RPCNFSDCOUNT=8
# Stop the nfsd module from being pre-loaded
#NFSD_MODULE="noload"
#
#
# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
#RPCMOUNTDOPTS=""
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
#
#
# Optional arguments passed to rpc.statd. See rpc.statd(8)
#STATDARG=""
# Port rpc.statd should listen on.
STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
#STATD_OUTGOING_PORT=2020
# Specify callout program
#STATD_HA_CALLOUT="/usr/local/bin/foo"
#
#
# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
#RPCIDMAPDARGS=""
#
# Set to turn on Secure NFS mounts.
#SECURE_NFS="yes"
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
#RPCGSSDARGS=""
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
#RPCSVCGSSDARGS=""
#
######################################FILE##########################################
[root@services sysconfig]# iptables -vI INPUT -m tcp -p tcp --dport 2049
-j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:2049
[root@services sysconfig]# iptables-save > /etc/sysconfig/iptables
[root@services sysconfig]# chkconfig nfs on
[root@services sysconfig]# service nfs start
Starting NFS services: [ OK ]
Starting NFS daemon: rpc.nfsd: writing fd to kernel failed: errno 111
(Connection refused)
rpc.nfsd: unable to set any sockets for nfsd
[FAILED]
[root@services sysconfig]# service nfs stop
Shutting down NFS mountd: [FAILED]
Shutting down NFS daemon: [FAILED]
Shutting down NFS services: [ OK ]
Shutting down RPC svcgssd: [ OK ]
[root@services sysconfig]# rpcinfo -p
rpcinfo: can't contact portmapper: RPC: Remote system error - No such
file or directory
[root@services sysconfig]# service rpcbind status
rpcbind is stopped
[root@services sysconfig]# service rpcbind start
Starting rpcbind: [ OK ]
[root@services sysconfig]# service nfs start
Starting RPC svcgssd: [ OK ]
Starting NFS services: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
Starting RPC idmapd: [ OK ]
[root@services sysconfig]# service nfs stop
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS services: [ OK ]
Shutting down RPC svcgssd: [ OK ]
[root@services sysconfig]# service nfs start
Starting RPC svcgssd: [ OK ]
Starting NFS services: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@services sysconfig]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100003 4 tcp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 32769 nlockmgr
100021 3 udp 32769 nlockmgr
100021 4 udp 32769 nlockmgr
100021 1 tcp 32803 nlockmgr
100021 3 tcp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr
[root@katsuo etc]# echo "services:/ /home/remote nfs4
users 0 0" >> /etc/fstab
|
