On 05/04/2012 12:11 AM, Bob Goodwin - Zuni, Virginia, USA wrote: > On 03/05/12 10:49, zxq9 wrote: >> On 05/03/2012 11:34 PM, Bob Goodwin - Zuni, Virginia, USA wrote: >>> Can someone suggest a clear instruction for setting up an NSF4 >>> server on SL6.2/64, preferably with an example. >>> >>> I have NFS3 working on SL5 but haven't been able to get this new >>> one working ... >> >> Does it need anything nifty happening, like mounting under a specific >> SELinux context or using krb5, etc? >> > > I normally keep Selinux active but other than that it's just a > local file server on our home LAN, normally accessed from OSX > and Fedora boxes. > > The SL5 server has been tuning continuously for a couple of > years without ever missing a beat! I've just built up a > replacement which I hope will do as well. > > Bob > > . > I just blew through this. Here is a log including some file dumps which will hopefully be relevant to you. I might have a few things set differently than you that make this work great or totally trip you up -- so take the following with a grain (shaker?) of salt. Also, I have Kerberos and LDAP running so name resolution happens that way -- NFS uid/gid resolution is a little world of its own. Also, I normally use automount for nearly everything instead of adding the NFS mount to /etc/fstab as shown below. There are some great tutorials out there on that, but if you're confused let us know -- either way you probably won't notice on a home server. --begin giant dump of stuff-- [root@services etc]# yum install nfs-utils [root@services etc]# cd /var [root@services var]# mkdir exphome [root@services var]# cd /mnt [root@services mnt]# mkdir /mnt/export/home [root@services mnt]# echo "/var/exphome /mnt/export/home none bind 0 0" >> /etc/fstab [root@services mnt]# mount -a [root@services var]# cd /etc [root@services etc]# vim exports #######################################FILE########################################## /mnt/export 192.168.0.0/16(rw,fsid=0,insecure) /mnt/export/home 192.168.0.0/16(rw,nohide,insecure) #######################################FILE########################################## [root@services etc]# vim idmapd.conf #######################################FILE########################################## [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. Domain = services.mine # The following is a comma-separated list of Kerberos realm # names that should be considered to be equivalent to the # local realm, such that <user>@REALM.A can be assumed to # be the same user as <user>@REALM.B # If not specified, the default local realm is the domain name, # which defaults to the host's DNS domain name, # translated to upper-case. # Note that if this value is specified, the local realm name # must be included in the list! #Local-Realms = [Mapping] Nobody-User = nfsnobody Nobody-Group = nfsnobody [Translation] # Translation Method is an comma-separated, ordered list of # translation methods that can be used. Distributed methods # include "nsswitch", "umich_ldap", and "static". Each method # is a dynamically loadable plugin library. # New methods may be defined and inserted in the list. # The default is "nsswitch". Method = nsswitch # Optional. This is a comma-separated, ordered list of # translation methods to be used for translating GSS # authenticated names to ids. # If this option is omitted, the same methods as those # specified in "Method" are used. #GSS-Methods = <alternate method list for translating GSS names> #-------------------------------------------------------------------# # The following are used only for the "static" Translation Method. #-------------------------------------------------------------------# [Static] # A "static" list of GSS-Authenticated names to # local user name mappings #someuser@REALM = localuser #-------------------------------------------------------------------# # The following are used only for the "umich_ldap" Translation Method. #-------------------------------------------------------------------# [UMICH_SCHEMA] # server information (REQUIRED) LDAP_server = ldap-server.local.domain.edu # the default search base (REQUIRED) LDAP_base = dc=local,dc=domain,dc=edu #-----------------------------------------------------------# # The remaining options have defaults (as shown) # and are therefore not required. #-----------------------------------------------------------# # whether or not to perform canonicalization on the # name given as LDAP_server #LDAP_canonicalize_name = true # absolute search base for (people) accounts #LDAP_people_base = <LDAP_base> # absolute search base for groups #LDAP_group_base = <LDAP_base> # Set to true to enable SSL - anything else is not enabled #LDAP_use_ssl = false # You must specify a CA certificate location if you enable SSL #LDAP_ca_cert = /etc/ldapca.cert # Objectclass mapping information # Mapping for the person (account) object class #NFSv4_person_objectclass = NFSv4RemotePerson # Mapping for the nfsv4name attribute the person object #NFSv4_name_attr = NFSv4Name # Mapping for the UID number #NFSv4_uid_attr = UIDNumber # Mapping for the GSSAPI Principal name #GSS_principal_attr = GSSAuthName # Mapping for the account name attribute (usually uid) # The value for this attribute must match the value of # the group member attribute - NFSv4_member_attr #NFSv4_acctname_attr = uid # Mapping for the group object class #NFSv4_group_objectclass = NFSv4RemoteGroup # Mapping for the GID attribute #NFSv4_gid_attr = GIDNumber # Mapping for the Group NFSv4 name #NFSv4_group_attr = NFSv4Name # Mapping for the Group member attribute (usually memberUID) # The value of this attribute must match the value of NFSv4_acctname_attr #NFSv4_member_attr = memberUID #######################################FILE########################################## [root@services etc]# cd /etc/sysconfig [root@services sysconfig]# vim nfs #######################################FILE########################################## SECURE_NFS="yes" # # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default MOUNTD_NFS_V1="no" MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no" # # # Path to remote quota server. See rquotad(8) #RQUOTAD="/usr/sbin/rpc.rquotad" # Port rquotad should listen on. #RQUOTAD_PORT=875 # Optinal options passed to rquotad #RPCRQUOTADOPTS="" # # # Optional arguments passed to in-kernel lockd #LOCKDARG= # TCP port rpc.lockd should listen on. LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 # # # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) # Turn off v2 and v3 protocol support RPCNFSDARGS="-N 2 -N 3" # Turn off v4 protocol support #RPCNFSDARGS="-N 4" # Number of nfs server processes to be started. # The default is 8. #RPCNFSDCOUNT=8 # Stop the nfsd module from being pre-loaded #NFSD_MODULE="noload" # # # Optional arguments passed to rpc.mountd. See rpc.mountd(8) #RPCMOUNTDOPTS="" # Port rpc.mountd should listen on. MOUNTD_PORT=892 # # # Optional arguments passed to rpc.statd. See rpc.statd(8) #STATDARG="" # Port rpc.statd should listen on. STATD_PORT=662 # Outgoing port statd should used. The default is port # is random #STATD_OUTGOING_PORT=2020 # Specify callout program #STATD_HA_CALLOUT="/usr/local/bin/foo" # # # Optional arguments passed to rpc.idmapd. See rpc.idmapd(8) #RPCIDMAPDARGS="" # # Set to turn on Secure NFS mounts. #SECURE_NFS="yes" # Optional arguments passed to rpc.gssd. See rpc.gssd(8) #RPCGSSDARGS="" # Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8) #RPCSVCGSSDARGS="" # ######################################FILE########################################## [root@services sysconfig]# iptables -vI INPUT -m tcp -p tcp --dport 2049 -j ACCEPT ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:2049 [root@services sysconfig]# iptables-save > /etc/sysconfig/iptables [root@services sysconfig]# chkconfig nfs on [root@services sysconfig]# service nfs start Starting NFS services: [ OK ] Starting NFS daemon: rpc.nfsd: writing fd to kernel failed: errno 111 (Connection refused) rpc.nfsd: unable to set any sockets for nfsd [FAILED] [root@services sysconfig]# service nfs stop Shutting down NFS mountd: [FAILED] Shutting down NFS daemon: [FAILED] Shutting down NFS services: [ OK ] Shutting down RPC svcgssd: [ OK ] [root@services sysconfig]# rpcinfo -p rpcinfo: can't contact portmapper: RPC: Remote system error - No such file or directory [root@services sysconfig]# service rpcbind status rpcbind is stopped [root@services sysconfig]# service rpcbind start Starting rpcbind: [ OK ] [root@services sysconfig]# service nfs start Starting RPC svcgssd: [ OK ] Starting NFS services: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] Starting RPC idmapd: [ OK ] [root@services sysconfig]# service nfs stop Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS services: [ OK ] Shutting down RPC svcgssd: [ OK ] [root@services sysconfig]# service nfs start Starting RPC svcgssd: [ OK ] Starting NFS services: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] [root@services sysconfig]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100003 4 tcp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr [root@katsuo etc]# echo "services:/ /home/remote nfs4 users 0 0" >> /etc/fstab