Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

34.4. Setting up a Kerberos-aware NFS Client

  1. If the NFS clients supports only weak cryptography, such as a Red Hat Enterprise Linux 5 client, set the following entry in the /etc/krb5.conf file of the server to allow weak cryptography: 
    allow_weak_crypto = true
    Copy to Clipboard Toggle word wrap
  2. If the NFS client is not enrolled as a client in the IdM domain, set up the required host entries, as described in Section 12.3, “Adding Host Entries”.
  3. Install the nfs-utils package: 
    [root@nfs-client ~]# yum install nfs-utils
    Copy to Clipboard Toggle word wrap
  4. Obtain a Kerberos ticket before running IdM tools. 
    [root@nfs-client ~]# kinit admin
    Copy to Clipboard Toggle word wrap
  5. Run the ipa-client-automount utility to configure the NFS settings: 
    [root@nfs-client ~] ipa-client-automount
Searching for IPA server...
IPA server: DNS discovery
Location: default
Continue to configure the system with these values? [no]: yes
Configured /etc/sysconfig/nfs
Configured /etc/idmapd.conf
Started rpcidmapd
Started rpcgssd
Restarting sssd, waiting for it to become available.
Started autofs
    Copy to Clipboard Toggle word wrap
    By default, this enables secure NFS in the /etc/sysconfig/nfs file and sets the IdM DNS domain in the Domain parameter in the /etc/idmapd.conf file.
  6. Configure the services to start automatically when the system boots: 
    [root@nfs-client ~]# systemctl enable rpc-gssd.service
[root@nfs-client ~]# systemctl enable rpcbind.service
    Copy to Clipboard Toggle word wrap
  7. Add the following entries to the /etc/fstab file to mount the NFS shares from the nfs-server.example.com host when the system boots: 
    nfs-server.example.com:/export  /mnt          nfs4  sec=krb5p,rw
nfs-server.example.com:/home    /home  nfs4  sec=krb5p,rw
    Copy to Clipboard Toggle word wrap
    These settings configure Red Hat Enterprise Linux to mount the /export share to the /mnt and the /home share to the /home directory.
  8. Create the mount points if they do not exist: 
    # mkdir -p /mnt/
# mkdir -p /home
    Copy to Clipboard Toggle word wrap
  9. Mount the NFS shares: 
    [root@nfs-client ~]# mount /mnt/
[root@nfs-client ~]# mount /home
    Copy to Clipboard Toggle word wrap
    The command uses the information from the /etc/fstab entry.
  10. Configure SSSD to renew Kerberos tickets:
    1. Set the following parameters in the IdM domain section of the /etc/sssd/sssd.conf file to configure SSSD to automatically renew tickets: 
      [domain/EXAMPLE.COM]
...
krb5_renewable_lifetime = 50d
krb5_renew_interval = 3600
      Copy to Clipboard Toggle word wrap
    2. Restart SSSD: 
      [root@nfs-client ~]# systemctl restart sssd
      Copy to Clipboard Toggle word wrap
Important
The pam_oddjob_mkhomedir module does not support automatic creation of home directories on an NFS share. Therefore, you must manually create the home directories on the server in the root of the share that contains the home directories.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat