NFS
配置基本NFS掛載
server端:
systemctl start nfs-server
mkdir /myshare
修改權限
vim /etc/export
-----------------------------------
/myshare desktopX(rw)
-----------------------------------
export -r (刷新)
systemctl restart nfs-server
showmount -e (查看共享目錄)
systemctl stop filewall(其實添加防火牆規則就好了)
desktop端:
showmount -e serverX
mkdir /mnt/nfsshare (創建文件夾掛載)
mount serverX:/myshare /mnt/nfsshare
配置NFS網絡存儲用kerberos做驗證
server端:
yum -y install authconfig-gtk sssd krb5-workstation
authconfig-gtk
配置ldap與kerber域-------------id ldapuser1 查看是否成功
下載秘鑰:wegt -o /etc/krb5.keytab__________地址___________
-----------------------------------------------------------------------
systemctl restart nfs-secure-server (要重啟secure這個服務,先下載秘鑰,不然會報錯)
systemctl enable nfs-secure-server
systemctl restart nfs-server 重啟NFS基本服務與開機自動啟動
systemctl enable nfs-server
---------------------------------------------------------------------
mkdir /secshare
chmod o+w /secshare
修改secshare目錄,擁有寫權限。
vim /etc/exports (
在這個配置文件寫入你要共享的目錄與對象
)
------------------------------------------------------------
/secshare desktop6(sec=krb5p,rw) 在這之間要先建立好一個叫secshare的目錄
------------------------------------------------------------
expportfs -r (
刷新一下配置文件,看看有沒有錯誤
)
showmount -e 查看共享目錄列表
修改防火牆規則:
firewall-cmd --add-server=mountd
vim /etc/sysconfig/nfs
( 修改selinux策略
)
------------------------------------------------------------------
RPCNFSDARGS="-V 4.2" (找到這行,修改)
-----------------------------------------
systemctl restart nfs-server
systemctl restart nfs-secure-server (重啟這兩個服務)
chcon -R -t public_content_t /secshare (修改secshare目錄的selinux上下文,用ls -Z查看)
desktop端:
一樣的裝3個包
authconfig-gtk 配置ldap與kerber的域 ------id ldapuser1 查看
下載desktop端的秘鑰同樣的 放在/etc/krb5.keytab
-----------------------------------------------------------------------
systemctl restart nfs-secure-server (要重啟secure這個服務,先下載秘鑰,不然會報錯)
systemctl enable nfs-secure-server
systemctl restart nfs-server 重啟NFS基本服務與開機自動啟動
systemctl enable nfs-server
---------------------------------------------------------------------
ssh ldapuser1@localhost (第一次登陸ldapuser需要用ldapuser1進行登陸,獲取票據)
輸入密碼:kerberos
/mnt/secshare (建立掛載目錄)
在root下掛載:
mount -o sec=krb5p,v4.2 server6:/secshare /mnt/secshare
要往掛載目錄些東西需要在ldapuser1里面去寫
NFS的自動掛載
基本NFS的使用fstab的自動掛載
vim /etc/fstab
-----------------------------------------------------------------
server6:/myshare /mnt/nfsshare nfs sync 0 0
------------------------------------------------------------------
kerber驗證的fstab自動掛載
vim /etc/fstab
-----------------------------------------------------------------------
server6:/myshare /mnt/nfsshare nfs sec=krb5p,sync 0 0
-----------------------------------------------------------------------
autofs的自動掛載(掛載ldapuser的家目錄)
安裝所需要的autofs包
yum -y install autofs
vim /etc/autofs.master (
修改本配置文件)
----------------------------------------------------------------
--------------
/home/guests /etc/autofs.ldapuser1 (家目錄要和遠端用戶相同)
---------------------------------------------------------
在本地新建一個/home/guests(不要深到ldapuser1去,它會自動幫你把遠端的ldapuser1這個家目錄掛載在本端/home/guests)
cp /etc/autofs.misc /etc/autofs.ldapuser1 (
從.misc里面抄襲寫法
)
vim /etc/autofs.ldapuser
----------------------------------------------------------------------------------------------------
--------------
ldapuser1 --stype=nfs classroom:server/secshare /home/guests/ldapuser1
--------------------------------------------------------------------------------------------------------------------------
<wiz_tmp_tag id="wiz-table-range-border" contenteditable="false" style="display: none;">