Difference between revisions of "Cool Solution - NFS with UCS"

From Univention Wiki

Jump to: navigation, search
Line 10: Line 10:
 
At least for medium environments it is recommended to set up a seperate file server (e.g. DC Slave). On this server shares can created as described in the [http://docs.univention.de/manual-3.2.html#shares::management UCS documentation].
 
At least for medium environments it is recommended to set up a seperate file server (e.g. DC Slave). On this server shares can created as described in the [http://docs.univention.de/manual-3.2.html#shares::management UCS documentation].
  
=== Shares with Kerberos authentication ===
+
=== Shares with Kerberos authentication and Data integrity ===
 +
krb5 / krb5i / krb5p
 +
 
  
 
== Configuration in the Univention Management Console ==
 
== Configuration in the Univention Management Console ==
Line 31: Line 33:
 
== Temporary mount ==
 
== Temporary mount ==
 
To mount a NFSv4 share temporary use following command:
 
To mount a NFSv4 share temporary use following command:
  mount -t nfs nfs-server:path-to-share /path-to-mnt-dir
+
  mount -t nfs4 nfs-server.domain:/path-to-share /path-to-local-mnt-dir
  
 
== Auto mount ==
 
== Auto mount ==
Line 38: Line 40:
 
== Static mount ==
 
== Static mount ==
 
Unlike the auto mount option it is possible to statically mount the share during boot. Therefor the /etc/fstab has to be edited with the following line:
 
Unlike the auto mount option it is possible to statically mount the share during boot. Therefor the /etc/fstab has to be edited with the following line:
  nfs-server:path-to-share /path-to-mnt-dir nfs auto 0 0
+
  nfs-server.domain:/path-to-share /path-to-local-mnt-dir nfs4 auto 0 0
 
 
  
== Shares with Kerberos authentication ==
 
  
 +
== Mount with Kerberos authentication ==
 +
To mount using Kerberos authentication use following command: 
 +
mount -t nfs4 nfs-server.domain:/path-to-share /path-to-local-mnt-dir -o sec=krb5
 +
To static mount the share use:
 +
nfs-server.domain:/path-to-share /path-to-local-mnt-dir nfs4 sec=krb5 0 0
  
 
==
 
==

Revision as of 14:06, 2 May 2014

Produktlogo UCS Version 3.2
Produktlogo UCC Version 1.0

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

TITLE=Network File System in Version 4 (NFSv4) for Univention Products

Introduction

This article describes how to configure the Network File System (NFS) in Version 4 for Univention Corporate Clients (UCC) and Univention Corporate Servers (UCS). Since UCS 3.2 NFSv4 is activated by default1.. UCS Versions < 3.2 use NFSv3 for shares so please have a look on NFSv4 for Univention Corporate Server < 3.2.

NFS on UCS

Shares on UCS

At least for medium environments it is recommended to set up a seperate file server (e.g. DC Slave). On this server shares can created as described in the UCS documentation.

Shares with Kerberos authentication and Data integrity

krb5 / krb5i / krb5p


Configuration in the Univention Management Console

Beside several different Options in the TAB 'NFS' which are described in the UCS documentation it is possible to set following Univention Configuration Registry variables:

  • nfs/autostart - This variable configures the start mode of the NFS service. If set to 'no' or 'disabled', the service cannot be started. If the variable is set to 'manually', the service isn't started during system boot, but can be enabled manually at a later point.
  • nfs/common/gssd - This variable defines if the gssd daemon should be started. Evaluated values are 'yes', 'no' or <undefined> (default=yes).
  • nfs/common/idmapd - This variable defines if the idmap daemon should be started. Evaluated values are 'yes', 'no' or <undefined> (default=yes).
  • nfs/create/homesharepath - If this option is activated, the home directory configured for a user in the attributes 'Home share' and 'Home share path' is automatically created through a Univention Directory Listener module.
  • nfs/nfsd/nfs4 - This option activates the NFSv4 support of the NFS server. In addition the IDMAPD process must be configured usually.
  • nfs/ports - If this variable is set to 'static', fixed ports are used for the NFS services: 32767 for RPC mounts, 32765/32766 for statd and 32769 for the quota service. Otherwise the ports are assigned dynamically.
  • ucc/pxe/nfsroot - Sets the PXE-Rollout-Server in the domain.


NFS for UCC

Prerequisite: Install following packages:

apt-get install nfs-common

Create mount directory.

Temporary mount

To mount a NFSv4 share temporary use following command:

mount -t nfs4 nfs-server.domain:/path-to-share /path-to-local-mnt-dir

Auto mount

Static mount

Unlike the auto mount option it is possible to statically mount the share during boot. Therefor the /etc/fstab has to be edited with the following line:

nfs-server.domain:/path-to-share /path-to-local-mnt-dir nfs4 auto 0 0


Mount with Kerberos authentication

To mount using Kerberos authentication use following command:

mount -t nfs4 nfs-server.domain:/path-to-share /path-to-local-mnt-dir -o sec=krb5

To static mount the share use:

nfs-server.domain:/path-to-share /path-to-local-mnt-dir nfs4 sec=krb5 0 0

==

References

1. Release Notes Univention Corporate Server 3.2: http://docs.univention.de/release-notes-3.2-en.html#idp3973216 2. https://help.ubuntu.com/community/SettingUpNFSHowTo

Personal tools