Professional Documents
Culture Documents
Prerequisites
Scenario 1: We can install DNS, Kerberos, KDC server, 365 Directory Service, Token issue
authority and LDAP. We use this single server as a main server.
Scenario 2: We can install and configure One DNS server, One Kerberos Server and One LDAP
Server separately. This Scenario required more hardware resource but performance will be
good.
why i am explaining above two scenarios because we are going to see the kerberized NFS with
single server all services included in one.
Environment :
We have to generate keytab files and add NFS principles in kerberos server.
# kadmin
Authenticating as principal admin@EXAMPLE.COM with password.
Password for root/admin@EXAMPLE.COM: kerberos
kadmin: addprinc -randkey nfs/nfserv.arki.co.in
kadmin: addprinc -randkey nfs/nfsclient.arki.co.in
kadmin: ktadd nfs/nfserv.arki.co.in
kadmin: ktadd nfs/nfsclient.arki.co.in
kadmin: quit
[root@TechTutorials ~]# cp /etc/krb5.keytab /var/www/html/keytabs/nfserv.keytab
[root@TechTutorials ~]# cp /etc/kerb5.keytab /vat/www/html/keytabs/nfsclient.keytab
After installing above packages we have to run below command in GUI interface
[root@nfserv.example.com]# system-config-authentication
Provide the details
KDCs : ldap.example.com
:wq
/nfssecure *.example.com(rw,sec=krb5p)
:wq
# setsebool -P nfsd_anon_write 1
In order to complete Kerberized NFS Server configuration, We are done in NFS Server we have
to switch to NFS client
Now start the NFS client side setup. We have to join NFS client also as LDAP and Kerberos Client
:wq
:wq
[root@nfsclient.example.com~]# mount -a
Now login as ldapuser1 and try to access the nfssecure share it will be accessible. You can also
write data to that share path.