We need to install NFS on the LDAP server. Note: it’s not required to have the LDAP server and the NFS server on the same machine, it’s only easier.
The first step is to install all the necessary packages for NFS. Once these packages are installed, each package needs to be enabled and started.
# yum -y install portreserve quota rpcbind nfs4-acl-tools.x86_64 nfs-utils.x86_64
# systemctl enable rpcbind
# systemctl start rpcbind
# systemctl enable nfs-server
# systemctl start nfs-server
# systemctl enable nfs-lock
# systemctl start nfs-lock
# systemctl enable nfs-idmap
# systemctl start nfs-idmap
# systemctl enable nfs-idmap
# systemctl start nfs-idmap
We now need to update the /etc/exports file.
# vi /etc/exports
/home/guests 192.168.56.105(rw,sync)
Once the config file is saved, we will now need to export the file.
# exportfs -avr
exporting 192.168.56.105:/home/guests
Ensure that iptables/firewalld allow communication using NFS.
Setup the LDAP client
The first step is to install openldap-clients, nss-pam-ldapd, autofs and nfs-utils.
# yum install -y openldap-clients nss-pam-ldapd autofs nfs-utils
Lets enable and start the autofs daemon.
# systemctl enable autofs
# systemctl start autofs
I’m also modifying the hosts file to include a mapping for instructor.example.com which will point to 192.168.56.104.
# cat /etc/hosts
192.168.56.104 instructor.example.com
We’ll now connect the LDAP client up to our OpenLDAP server.
# authconfig-tui
DO NOT CLICK ON OK, just yet!
Open a separate SSH session to the client and cd to /etc/openldap/cacerts/.
# cd /etc/openldap/cacerts/
We’re now going to copy across the certificate from the LDAP server to this directory.
# wget http://instructor.example.com/cert.pem .
Switch back to the original SSH session with authconfig-tui open. Press Ok.
Restart the host.
# shutdown -r now
Once the host has started up, run the following getent command to ensure that you can successfully connect to the OpenLDAP server.
# getent passwd ldapuser02
ldapuser02:x:1001:1001:ldapuser02:/home/guests/ldapuser02:/bin/bash
We’ll verify that we can access the NFS share which we previously setup on the OpenLDAP + NFS server.
# showmount -e instructor.example.com
Export list for instructor.example.com:
/home/guests 192.168.56.106,192.168.56.105
Create a new indirect /etc/auto.guests map and paste the following line:
* -rw,nfs4 instructor.example.com:/home/guests/&
Add the following line at the beginning of the /etc/auto.master file:
/home/guests /etc/auto.guests
Restart autofs:
# systemctl restart autofs
Test the configuration:
# su – ldapuser02
Last login: Sun Oct 26 20:37:23 EDT 2015 on pts/0
[ldapuser02@localhost ~]$ ls -lrt
total 0
-rwxrwxrwx. 1 ldapuser02 ldapuser02 0 Oct 26 18:20 testfile
Recent Comments