Jon Carnes April 30, 2003 NFS, NIS, Automount, and BIND on Red Hat 9 ====== NFS: Network File System is a way of sharing directories from one machine (the NFS server) to another machine (the NFS client) across a Network. === NFS Client: NFS clients mount shared directories and then use them as though they were local directories and files. To mount a shared directory: service portmap start mkdir /mnt/nfs/example mount foo.bar.com:/home/export /mnt/nfs/example -alternate forms- mount -t nfs 192.168.1.20:/home/export /mnt/nfs/example mount -o rsize=8192,wsize=8192,async foo:/home/export /mnt/nfs/example To automount NFS drives on boot-up, you can specify the drive in the file /etc/fstab: foo.bar.com:/home/export /mnt/nfs/example nfs rsize=8192,wsize=8192 0 0 foo.bar.com:/home/export2 /mnt/nfs/example2 nfs user,rw,exec,rsize=8192,wsize=8192,timeo=2 0 You may also mount NFS drives via autofs (see the Automount section below). Troubleshooting: - ping the server to make sure you have a path to the machine across your network - drop your firewall rules service iptables stop - run "rpcinfo -p " rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100021 1 udp 1028 nlockmgr 100021 3 udp 1028 nlockmgr 100021 4 udp 1028 nlockmgr 100021 1 tcp 1114 nlockmgr 100021 3 tcp 1114 nlockmgr 100021 4 tcp 1114 nlockmgr 100005 1 udp 1029 mountd 100005 1 tcp 1115 mountd 100005 2 udp 1029 mountd 100005 2 tcp 1115 mountd 100005 3 udp 1029 mountd 100005 3 tcp 1115 mountd 100024 1 udp 1032 status 100024 1 tcp 1121 status You can see that this host is running: portmap nfs nlockmgr == loaded as part of NFS mountd == nfsmount is loaded as a part of NFS status == nfslock (statd) if you run a firewall on the client system, you will have to open all upper ports (tcp/udp, by default NFS will use udp) between the client and the server. Currently ports assigned for use by Portmapper are randomly determined. You can run NFS without Portmapper, and then assign your own port. I think this only works for one-on-one connections. === NFS Server: NFS servers export specified local directories so that they can be shared by remote clients. To export a local directory: edit /etc/exports vi /etc/exports /home/export foo.bar.com(rw,async,no_root_squash) /home/export 192.168.1.101(rw,async,root_squash) exportfs -a service portmap start service nfslock start service nfs start The RedHat way*: redhat-config-services (click on start NFS) redhat-config-nfs (browse to directory, choose hosts) * trademark of Jeremy Portzer Enterprises The file /etc/exports contains the list of local directories (and remote directories) that you are allowing clients to access via NFS. The first field in the file is the local directory that you are sharing, the second field is the server (or servers, if you use wildcards) that are allowed access to the shared directory structure. If you want to modify the default export options then include those options in paraenthesis directly after the remote server name/ip (no spaces in between). Default export options are: sync - write any changes before accepting new requests ro - mount filesystem as read only root_squash - root requests on the NFS mount are remapped to anonymous or user nobody hard - holds the mounted drive on line even if the server has communication problems or crashes Helpful export options are: async - faster than sync, but you could lose data in a crash rsize=8192,wsize=8192 - set the default read/write buffer sizes to twice the normal size no_auth_nlm - compatibilty switch (turns off authentication of locking requests), needed for some non-linux clients insecure_locks - same as no_auth_nlm soft - allows the nfs processes to be timed out (useful for automounting nfs drives). Whenever you edit /etc/exports you need to reload the exported filesystems table by running: exportfs -r Note: the redhat-config-nfs tool reads and writes directly to the /etc/export file so you can feel free to edit this file by hand as well as use the GUI. Troubleshooting: - is there a space between the hostname and the options in parenthesis - look at the currently exported filesystems and their options: exportfs -v - look directly at the table of exported filesystems: cat /var/lib/nfs/xtab - look at the kernel table of currently exported filesystems: cat /proc/fs/nfs/exportfs - Check the log files: tail /var/log/messages Apr 30 13:20:57 anncons rpc.mountd: authenticated mount request from 192.168.1.100:1021 for /home/export (/home/export) Apr 30 13:22:03 anncons rpc.mountd: authenticated unmount request from 192.168.1.100:602 for /home/export (/home/export) === Automount: The autofs deamon (or automount filesystem) will mount directories dynamically - when they are accessed. The master map configuration file is /etc/auto.master Use this file to specify the mount points which are controled by autofs # Mountpoint Map Options /misc /etc/auto.misc --timeout=60 This indicates that all subdirectories of /misc are controlled by the autofs daemon. The directory "/misc" should exist, however you should never manually create any subdirectories off of this mounting point. The subdirectories for /misc are controlled by the configuration file /etc/auto.misc # key [ -mount-options-separated-by-comma ] location nfs -rw,soft,intr,rsize=8192,wsize=8192 192.168.1.20:/home/samba cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom The directory /misc/nfs is controlled by autofs and is an nfs mounted drive that is only mounted if the directory is accessed. If the drive is not accessed for 60 seconds (see the /etc/auto.master file) then the drive is automatically unmounted. Note: If you have not yet accessed the drive /misc/nfs and you do an "ls /misc" you will see nothing... no subdirectory. You must first attempt to access /misc/nfs. The subdirectory will mounted on access. If you edit any of the autofs configuration files (or create new ones) then you must restart the service for the changes to be effective. service autofs restart To check on the autofs service: service autofs status === NIS: A simple and very insecure authentication system often used in conjuction with NFS. You setup users on your NIS (or YP: yellow pages) Master or Server and then you don't have to setup local accounts on other servers that act as NIS Slaves or Clients. NIS client is loaded by default (ypbind) but the NIS Sever must be loaded via the the ypserv rpm. Note: If you use a default security setup of Medium or above then NIS will not work - it will be blocked by the firewall. To setup a machine as the NIS Master, change to root on the machine and run: /usr/lib/yp/ypinit -m service portmap start service ypserv start To add a machine as an NIS client: edit /etc/yp.conf domain my_nis_domian server nis_master.foo.com edit /etc/nsswitch.conf # in general the default nsswitch.conf is fine # it searches local files first for authentication # then moves on to NIS files (if no match is found) passwd: files nis shadow: files nis group: files nis hosts: files nis dns ... service portmap start service ypbind start The Red Hat way for making machine an NIS client: authconfig-gtk Choose: Enable NIS support, then click on Configure NIS - fill in the NIS domain and the Master server. Note: this does not edit the /etc/nsswitch.conf file, but the default is probably fine as NIS is ignored as an entry if ypbind is not loaded. The gui will only edit the file /etc/yp.conf Troubleshooting: - call various NIS functions to check if the config is working yptest - attach to NIS service and print out the name of the NIS Master ypwhich - display all the mapped keys that are in use (passwd, group, ...) uses config info: ypcat -x - display the data in a mapped key: ypcat -t passwd - query a host for its NIS information yppoll -h passwd - query for the NIS domain name (or set it) ypdomainname ypdomainname some_other_name ====== BIND: The Berkley Internet Name Daemon allows your server to provide DNS information to clients - or to simply cache DNS look-ups so that future look-ups remain local and are much quicker. edit /etc/named.conf optionally create/edit files in /var/named/.. service named start The Red Hat way: redhat-config-bind