{"id":611,"date":"2011-07-14T09:05:09","date_gmt":"2011-07-14T09:05:09","guid":{"rendered":"http:\/\/blog.designed79.co.uk\/?p=611"},"modified":"2011-07-14T09:20:09","modified_gmt":"2011-07-14T09:20:09","slug":"ubuntu-11-04-sbs-small-business-server-setup-part-5-%e2%80%93-nfs","status":"publish","type":"post","link":"https:\/\/blog.designed79.co.uk\/?p=611","title":{"rendered":"Ubuntu 11.04 SBS (Small Business Server) Setup: Part 5 \u2013 NFS"},"content":{"rendered":"
\n
\n

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small\/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network.<\/p>\n

Part 1 –\u00a0DHCP and DNS<\/a><\/p>\n

Part 2 – NTP<\/a><\/p>\n

Part 3 – OpenLDAP<\/a><\/p>\n

Part 4 – Kerberos<\/a><\/p>\n

Part 5 – NFS<\/a><\/p>\n

Part 6 – Account Management<\/a><\/p>\n

Part 7 – Setting Up Clients<\/a><\/p>\n

This section will help you configure NFS; using Kerberos to secure it.<\/p>\n

The first step is to install the following NFS packages:<\/p>\n

\n
\n
sudo apt-get install nfs-kernel-server nfs-common<\/pre>\n<\/div>\n<\/div>\n
NFSv4 uses a pseudo filesystem by mounting the real directories you want to export under an export folder using the -bind mount option. We need to create this folder system as follows:<\/p>\n
\n
\n
sudo mkdir \/export\r\nsudo mkdir \/export\/home<\/pre>\n<\/div>\n<\/div>\n
In order to mount \/home under \/export\/home each time the system boots, we need to modify \/etc\/fstab by adding the following line to the bottom of the file:<\/p>\n
\n
\n
\/home    \/export\/home   none    bind  0  0<\/pre>\n<\/div>\n<\/div>\n
This will take care of mounting the directories next time he server reboots, but for now we can manually mount it using:<\/p>\n
\n
\n
sudo mount \/export\/home<\/pre>\n<\/div>\n<\/div>\n
Next we\u2019re going to tell NFS what it should export by configuring the \/etc\/exports file like so:<\/p>\n
\n
\n
\/export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)\r\n\/export\/home *(rw,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)<\/pre>\n<\/div>\n<\/div>\n
Now we have to tell NFS to use Kerberos first by setting the following options in \/etc\/default\/nfs-common:<\/p>\n
\n
\n
NEED_STATD=\r\nSTATDOPTS=\r\nNEED_IDMAPD=yes\r\nNEED_GSSD=yes<\/pre>\n<\/div>\n<\/div>\n
Then by setting the following options in \/etc\/default\/nfs-kernel-server:<\/p>\n
\n
\n
RPCNFSDCOUNT=8\r\nRPCNFSDPRIORITY=0\r\nRPCMOUNTDOPTS=--manage-gids\r\nNEED_SVCGSSD=yes\r\nRPCSVCGSSDOPTS=<\/pre>\n<\/div>\n<\/div>\n
\/etc\/idmapd.conf needs to configured with the correct domain name for user\/group name mappings:<\/p>\n
\n
\n
[General]\r\n\r\nVerbosity = 0\r\nPipefs-Directory = \/var\/lib\/nfs\/rpc_pipefs\r\nDomain = danbishop.org\r\n\r\n[Mapping]\r\n\r\nNobody-User = nobody\r\nNobody-Group = nogroup<\/pre>\n<\/div>\n<\/div>\n
Next we need to create Kerberos principals for the NFS server.<\/p>\n
\n
\n
sudo kadmin.local -q \"addprinc -randkey nfs\/neo.danbishop.org\"\r\nsudo kadmin.local -q \"ktadd nfs\/neo.danbishop.org\"<\/pre>\n<\/div>\n<\/div>\n
sudo kadmin.local is used here as you need sudo privileges to write to \/etc\/krb5.keytab.<\/p>\n
Finally, a small change is needed to enable weak encryption (the only type currently supported by NFS in Ubuntu) in Kerberos. This is done by editing \/etc\/krb5.conf and adding the following to the [libdefaults] section:<\/p>\n
\n
\n
allow_weak_crypto = true<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small\/medium business. The server will provide DHCP, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-611","post","type-post","status-publish","format-standard","hentry","category-info-on-tech"],"_links":{"self":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=611"}],"version-history":[{"count":0,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/611\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}