NFS实例 rhel 7
NFS实例 rhel 7
1.在server0上,要求共享目录/nfstest,允许网络上任何主机都能以只读的方式访问目标服务器,在server0上,共享目录/nfsprivate,仅允许example.com域可以访问,域内主机拥有读写功能,并且使用kerboers安全认证。验证所用文件使用http://classroom.example.com/pub/keytabs/server0.keytab.
2.Desktop0上使用krb5p来至server0上nfs共享/nfsprivate目录的共享进行安全认证,验证所用文件使用http://classroom.example.com/pub/keytabs/desktop0.keytab.要求每次开机都能自动挂载。
服务器:
[[email protected] ~]# lab nfskrb5 setup
Installing packages ...
Updating authconfig for ldap & krb5 ...
SUCCESS
[[email protected] ~]#
[[email protected] ~]# firefox
[[email protected] ~]# yum -y install nfs*
[[email protected] ~]# cd /
[[email protected] /]# mkdir abc
[[email protected] /]# mkdir krb5
[[email protected] /]# chmod 777 abc krb5
[[email protected] /]# vim /etc/exports
/abc 172.25.0.0/24(ro)
/krb5 172.25.0.0/24(sec=krb5p,rw)
[[email protected] /]# exportfs -rv
exporting 172.25.0.0/24:/krb5
exporting 172.25.0.0/24:/abc
[[email protected] /]# systemctl enable nfs-secure-server
[[email protected] /]# systemctl start nfs-secure-server
[[email protected] /]# systemctl enable nfs-server
[[email protected] /]# systemctl start nfs-server
[[email protected] /]# systemctl start rpcbind
[[email protected] /]# systemctl enable rpcbind
[[email protected] /]# firewall-cmd --permanent --add-service=nfs
success
[[email protected] /]# firewall-cmd --reload
success
[[email protected] /]# showmount -e localhost
Export list for localhost:
/krb5 172.25.0.0/24
/abc 172.25.0.0/24
[[email protected] /]#
客户端
[[email protected] ~]# lab nfskrb5 setup
Installing packages ...
Updating authconfig for ldap & krb5 ...
SUCCESS
[[email protected] ~]#
[[email protected] ~]# yum -y install nfs*
[[email protected] ~]# firefox
下载desktop0的kerb5.kerborkey
[[email protected] ~]# systemctl start nfs-secure
[[email protected] ~]# mkdir /mnt/abc
[[email protected] ~]# mkdir /mnt/krb5
[[email protected] ~]# mount -t nfs server0:/abc /mnt/abc
[[email protected] ~]# mount -o sec=krb5p server0:/krb5 /mnt/krb5/
[[email protected] ~]# df -TH
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 xfs 11G 3.5G 7.3G 33% /
devtmpfs devtmpfs 950M 0 950M 0% /dev
tmpfs tmpfs 966M 82k 966M 1% /dev/shm
tmpfs tmpfs 966M 18M 948M 2% /run
tmpfs tmpfs 966M 0 966M 0% /sys/fs/cgroup
server0:/abc nfs4 11G 3.5G 7.3G 33% /mnt/abc
server0:/krb5 nfs4 11G 3.5G 7.3G 33% /mnt/krb5
[[email protected] ~]# cd /mnt/krb5/
[[email protected] krb5]# touch kr
[[email protected] krb5]# ll
total 0
-rw-r--r--. 1 nfsnobody nfsnobody 0 Oct 3 23:19 kr
[[email protected] krb5]# cd /mnt/abc/
[[email protected] abc]# touch a
touch: cannot touch 'a': Read-only file system
[[email protected] abc]# ll
total 0
[[email protected] abc]#
vim etc/fstab
server0:/krb5 /mnt/krb5 nfs sec=krb5p,defaults 0 0
[[email protected] /]# reboot
Connection to desktop0 closed by remote host.
Connection to desktop0 closed.
[[email protected] Desktop]# ssh -X [email protected]
Last login: Sat Oct 3 23:09:31 2015 from 172.25.0.250
(process:1691): dconf-WARNING **: failed to commit changes to dconf: Could not connect: Connection refused
[[email protected] ~]# df -TH
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 xfs 11G 3.5G 7.3G 33% /
devtmpfs devtmpfs 950M 0 950M 0% /dev
tmpfs tmpfs 966M 82k 966M 1% /dev/shm
tmpfs tmpfs 966M 18M 948M 2% /run
tmpfs tmpfs 966M 0 966M 0% /sys/fs/cgroup
server0:/krb5 nfs4 11G 3.5G 7.3G 33% /mnt/krb5
本文转自810105851 51CTO博客,原文链接:http://blog.51cto.com/4708948/1701917,如需转载请自行联系原作者