{"id":6094,"date":"2016-07-31T16:20:05","date_gmt":"2016-07-31T08:20:05","guid":{"rendered":"http:\/\/rmohan.com\/?p=6094"},"modified":"2016-07-31T16:20:05","modified_gmt":"2016-07-31T08:20:05","slug":"install-nfs-on-the-ldap-server","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6094","title":{"rendered":"Install NFS on the LDAP Server"},"content":{"rendered":"

We need to install NFS on the LDAP server. Note: it\u2019s not required to have the LDAP server and the NFS server on the same machine, it\u2019s only easier.<\/p>\n

The first step is to install all the necessary packages for NFS. Once these packages are installed, each package needs to be enabled and started.<\/p>\n

# yum -y install portreserve quota rpcbind nfs4-acl-tools.x86_64 nfs-utils.x86_64
\n# systemctl enable rpcbind
\n# systemctl start rpcbind<\/p>\n

# systemctl enable nfs-server
\n# systemctl start nfs-server<\/p>\n

# systemctl enable nfs-lock
\n# systemctl start nfs-lock<\/p>\n

# systemctl enable nfs-idmap
\n# systemctl start nfs-idmap<\/p>\n

# systemctl enable nfs-idmap
\n# systemctl start nfs-idmap<\/p>\n

We now need to update the \/etc\/exports file.<\/p>\n

# vi \/etc\/exports
\n\/home\/guests 192.168.56.105(rw,sync)
\nOnce the config file is saved, we will now need to export the file.<\/p>\n

# exportfs -avr
\nexporting 192.168.56.105:\/home\/guests
\nEnsure that iptables\/firewalld allow communication using NFS.<\/p>\n

Setup the LDAP client<\/p>\n

The first step is to install openldap-clients, nss-pam-ldapd, autofs and nfs-utils.<\/p>\n

# yum install -y openldap-clients nss-pam-ldapd autofs nfs-utils
\nLets enable and start the autofs daemon.<\/p>\n

# systemctl enable autofs
\n# systemctl start autofs
\nI\u2019m also modifying the hosts file to include a mapping for instructor.example.com which will point to 192.168.56.104.<\/p>\n

# cat \/etc\/hosts
\n192.168.56.104 instructor.example.com
\nWe\u2019ll now connect the LDAP client up to our OpenLDAP server.<\/p>\n

# authconfig-tui<\/p>\n

\"authconfig-1\"<\/a><\/p>\n

\"authconfig-2\"<\/a><\/p>\n

\"authconfig-3\"<\/a><\/p>\n

DO NOT CLICK ON OK, just yet!<\/p>\n

Open a separate SSH session to the client and cd to \/etc\/openldap\/cacerts\/.<\/p>\n

# cd \/etc\/openldap\/cacerts\/
\nWe\u2019re now going to copy across the certificate from the LDAP server to this directory.<\/p>\n

# wget http:\/\/instructor.example.com\/cert.pem .
\nSwitch back to the original SSH session with authconfig-tui open. Press Ok.<\/p>\n

Restart the host.<\/p>\n

# shutdown -r now
\nOnce the host has started up, run the following getent command to ensure that you can successfully connect to the OpenLDAP server.<\/p>\n

# getent passwd ldapuser02
\nldapuser02:x:1001:1001:ldapuser02:\/home\/guests\/ldapuser02:\/bin\/bash
\nWe\u2019ll verify that we can access the NFS share which we previously setup on the OpenLDAP + NFS server.<\/p>\n

# showmount -e instructor.example.com
\nExport list for instructor.example.com:
\n\/home\/guests 192.168.56.106,192.168.56.105
\nCreate a new indirect \/etc\/auto.guests map and paste the following line:<\/p>\n

* -rw,nfs4 instructor.example.com:\/home\/guests\/&
\nAdd the following line at the beginning of the \/etc\/auto.master file:<\/p>\n

\/home\/guests \/etc\/auto.guests
\nRestart autofs:<\/p>\n

# systemctl restart autofs
\nTest the configuration:<\/p>\n

# su – ldapuser02
\nLast login: Sun Oct 26 20:37:23 EDT 2015 on pts\/0
\n[ldapuser02@localhost ~]$ ls -lrt
\ntotal 0
\n-rwxrwxrwx. 1 ldapuser02 ldapuser02 0 Oct 26 18:20 testfile<\/p>\n","protected":false},"excerpt":{"rendered":"

We need to install NFS on the LDAP server. Note: it\u2019s not required to have the LDAP server and the NFS server on the same machine, it\u2019s only easier.<\/p>\n

The first step is to install all the necessary packages for NFS. Once these packages are installed, each package needs to be enabled and started.<\/p>\n

# […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6094"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6094"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6094\/revisions"}],"predecessor-version":[{"id":6098,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6094\/revisions\/6098"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}