Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: Centralized User Administration

  1. #21
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Centralized User Administration

    Quote Originally Posted by TheFu View Post
    Layered mounts could be the issue. Is /export always mounted before /export/home?
    Also - isn't nfs4 the mount type, not just nfs? That's what the manpage shows here.
    I believe that later Linux kernels can use nfs. The need to specify ntfs4 is only for earlier kernels. See this from the current man page
    Code:
    Under Linux 2.6.32 and later kernel versions, mount.nfs can mount all NFS file system ver‐
           sions.  Under earlier Linux kernel versions, mount.nfs4 must be used  for  mounting  NFSv4
           file systems while mount.nfs must be used for NFSv3 and v2.
    To me that means you can safely use this with current kernels
    Code:
    mount -t nfs blah blah blah
    -BAB1

  2. #22
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Centralized User Administration

    Quote Originally Posted by bab1 View Post
    I believe that later Linux kernels can use nfs. The need to specify ntfs4 is only for earlier kernels. See this from the current man page
    Code:
    Under Linux 2.6.32 and later kernel versions, mount.nfs can mount all NFS file system ver‐
           sions.  Under earlier Linux kernel versions, mount.nfs4 must be used  for  mounting  NFSv4
           file systems while mount.nfs must be used for NFSv3 and v2.
    To me that means you can safely use this with current kernels
    Code:
    mount -t nfs blah blah blah
    I'm not seeing that 2.6.32 and later statement on my 3.13.xx system manpages (checked carefully for it). OTOH, if it works ...

    Also - it could be a typo, but ntfs4 and nfs4 are not the same. Did you mean to say ntfs4 above?

  3. #23
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Centralized User Administration

    Quote Originally Posted by TheFu View Post
    I'm not seeing that 2.6.32 and later statement on my 3.13.xx system manpages (checked carefully for it). OTOH, if it works ...

    Also - it could be a typo, but ntfs4 and nfs4 are not the same. Did you mean to say ntfs4 above?
    No, I meant nfs4. I'm so used to typing ntfs that "my little fingers" just do that. Sorry

    Edit: Try
    Code:
     man mount.nfs
    ... to see where I got the reference.
    Last edited by bab1; December 6th, 2014 at 12:24 PM.
    -BAB1

  4. #24
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Centralized User Administration

    Ah ... they are even linked to the same program.

    Code:
    -rwsr-xr-x 1 root root 88412 Jul 17 20:13 /sbin/mount.nfs*
    lrwxrwxrwx 1 root root     9 Jul 17 20:13 /sbin/mount.nfs4 -> mount.nfs*
    Nice catch.

    This isn't helping the OP. I'm out of ideas. I use nfsv3 and autofs constantly. Haven't screwed with kerberos here.

  5. #25
    Join Date
    May 2010
    Location
    uk
    Beans
    9,249
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Centralized User Administration

    Hi

    i will not attempt to help you today as the only Internet access is my phone.

    however I will be near a PC tomorrow so I will post more then as I have a working Kerberos, nfs, DNS, dhcp setup.

    firstly though, identify if this is a Kerberos issue by removing the sec parameters from the exports file and trying to mount the nfs share after restarting the nfs kernel server service. Try remounting after a reboot if that does not work.

    That'll identify a Kerberos issue or not. I'm using the MIT version of Kerberos.

    kind regards
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

    Thinking about becoming an Ubuntu Member?

  6. #26
    Join Date
    Apr 2014
    Location
    United States
    Beans
    65
    Distro
    Ubuntu

    Re: Centralized User Administration

    Quote Originally Posted by matt_symes View Post
    Hi

    i will not attempt to help you today as the only Internet access is my phone.

    however I will be near a PC tomorrow so I will post more then as I have a working Kerberos, nfs, DNS, dhcp setup.

    firstly though, identify if this is a Kerberos issue by removing the sec parameters from the exports file and trying to mount the nfs share after restarting the nfs kernel server service. Try remounting after a reboot if that does not work.

    That'll identify a Kerberos issue or not. I'm using the MIT version of Kerberos.

    kind regards
    So I disabled Kerberos on the shares:

    /etc/exports

    before:
    Code:
    /export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)
    /export/home *(rw,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)
    after:
    Code:
    /export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check)
    /export/home *(rw,insecure,async,no_subtree_check)
    /etc/default/nfs-common

    before:
    Code:
    # If you do not set values for the NEED_ options, they will be attempted
    # autodetected; this should be sufficient for most people. Valid alternatives
    # for the NEED_ options are "yes" and "no".
    
    # Do you want to start the statd daemon? It is not needed for NFSv4.
    NEED_STATD=
    
    # Options for rpc.statd.
    #   Should rpc.statd listen on a specific port? This is especially useful
    #   when you have a port-based firewall. To use a fixed port, set this
    #   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
    #   For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
    STATDOPTS=
    
    # Do you want to start the gssd daemon? It is required for Kerberos mounts.
    NEED_GSSD=yes
    after:
    Code:
    # If you do not set values for the NEED_ options, they will be attempted
    # autodetected; this should be sufficient for most people. Valid alternatives
    # for the NEED_ options are "yes" and "no".
    
    # Do you want to start the statd daemon? It is not needed for NFSv4.
    NEED_STATD=
    
    # Options for rpc.statd.
    #   Should rpc.statd listen on a specific port? This is especially useful
    #   when you have a port-based firewall. To use a fixed port, set this
    #   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
    #   For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
    STATDOPTS=
    
    # Do you want to start the gssd daemon? It is required for Kerberos mounts.
    NEED_GSSD=
    /etc/default/nfs-kernel-server

    before:
    Code:
    # Number of servers to start up
    RPCNFSDCOUNT=8
    
    # Runtime priority of server (see nice(1))
    RPCNFSDPRIORITY=0
    
    # Options for rpc.mountd.
    # If you have a port-based firewall, you might want to set up
    # a fixed port here using the --port option. For more information,
    # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
    # To disable NFSv4 on the server, specify '--no-nfs-version 4' here
    RPCMOUNTDOPTS="--manage-gids"
    
    # Do you want to start the svcgssd daemon? It is only required for Kerberos
    # exports. Valid alternatives are "yes" and "no"; the default is "no".
    NEED_SVCGSSD="yes"
    
    # Options for rpc.svcgssd.
    RPCSVCGSSDOPTS=""
    
    # Options for rpc.nfsd.
    RPCNFSDOPTS=""
    after:
    Code:
    # Number of servers to start up
    RPCNFSDCOUNT=8
    
    # Runtime priority of server (see nice(1))
    RPCNFSDPRIORITY=0
    
    # Options for rpc.mountd.
    # If you have a port-based firewall, you might want to set up
    # a fixed port here using the --port option. For more information,
    # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
    # To disable NFSv4 on the server, specify '--no-nfs-version 4' here
    RPCMOUNTDOPTS="--manage-gids"
    
    # Do you want to start the svcgssd daemon? It is only required for Kerberos
    # exports. Valid alternatives are "yes" and "no"; the default is "no".
    NEED_SVCGSSD="no"
    
    # Options for rpc.svcgssd.
    RPCSVCGSSDOPTS=""
    
    # Options for rpc.nfsd.
    RPCNFSDOPTS=""
    I rebooted the server and the test client. For consistency, I attempted login from the terminal, and the system again reported that no home directory was available. I stopped the autofs daemon and manually remounted the drive:
    Code:
    sudo service autofs stop
    sudo mount -t nfs main1.test.local:/export/home home
    It did take some time, but it mounted. At that point, I was able to login to another virtual terminal without issue, and subsequently I was able to login to the graphical prompt, with all files populating properly.

  7. #27
    Join Date
    Apr 2014
    Location
    United States
    Beans
    65
    Distro
    Ubuntu

    Re: Centralized User Administration

    Since the manual mounting worked, I made changes to the auto.home settings on the client:
    Code:
    *    -fstype=nfs4,rw,hard,intr    main1.test.local:/home/&
    and I changed the line in /etc/default/nfs-common that read NEED_GSSD=yes as follows:
    Code:
    NEED_GSSD=
    At this point, the client is connecting correctly. I'm going to reboot and test it a few times more.

  8. #28
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Centralized User Administration

    https://bugs.launchpad.net/ubuntu/+s...s/+bug/1270445 is a bug report that seems very much related. A few other options in the link.

  9. #29
    Join Date
    Apr 2014
    Location
    United States
    Beans
    65
    Distro
    Ubuntu

    Re: Centralized User Administration

    The client was missing it's .keytab file. That's been fixed, and everything is working. I'm going to get to work on the scripts and I will post them up as soon I've verified their functionality. Just so that it doesn't get overlooked, thank you to everyone who has contributed to this thread.

  10. #30
    Join Date
    May 2010
    Location
    uk
    Beans
    9,249
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Centralized User Administration

    Hi

    Quote Originally Posted by matt_fussell2 View Post
    The client was missing it's .keytab file. That's been fixed, and everything is working. I'm going to get to work on the scripts and I will post them up as soon I've verified their functionality. Just so that it doesn't get overlooked, thank you to everyone who has contributed to this thread.
    Well done

    It can be a pain to set up so i detailed all the steps i took on my personal wiki.

    I though you might have replied on Sunday but i seems you didn't really need much help anyway.

    Make sure you lock it down from the Internet though with your firewall rules.

    Kind regards
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

    Thinking about becoming an Ubuntu Member?

Page 3 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •