rhel-7.2系統Kerberos驗證的NFS服務端和客戶端的配置
首先你得確認,你考試的system1和system2的操作系統版本,如果是7.2就按照以下步驟去完成,否則按照視頻的解題步驟
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo) <---- 看到7.2就按照此文檔的配置步驟去做
一、System1(NFS共享服務端)配置
1、創建目錄
# mkdir /public
# mkdir /protected/project -p
2、設定SeLinux安全上下文
# semanage fcontext -a -t public_content_t '/protected(/.*)?'
# semanage fcontext -a -t public_content_rw_t '/protected/project(/.*)?'
# restorecon -R /protected/
3、更改目錄屬性
# chown andres /protected/project/
4、更改NFS配置
# vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2" <----找到這一個參數並修改
5、下載keytab秘鑰
# wget -O /etc/krb5.keytab http://server.group8.example.com/pub/keytabs/system1.keytab
6、配置共享
# vim /etc/exports
/public *.group8.example.com(ro,sec=sys,sync)
/protected *.group8.example.com(rw,sec=krb5p,sync)
7、設定防火墻規則
# firewall-cmd --add-service=rpc-bind --permanent
# firewall-cmd --add-service=mountd --permanent
# firewall-cmd --add-service=nfs --permanent
# firewall-cmd --reload
8、啟動服務
# systemctl enable nfs-server.service
# systemctl start nfs-server
# exportfs -ra
二、System2(NFS客戶端)配置
1、創建掛載點
# mkdir /mnt/nfsmount
# mkdir /mnt/nfssecure
2、設定開機掛載
# vim /etc/fstab
system1:/public /mnt/nfsmount nfs defaults,sec=sys 0 0
system1:/protected /mnt/nfssecure nfs4 defaults,sec=krb5p 0 0 #請註意前面是 nfs4
3、下載秘鑰
# wget -O /etc/krb5.keytab http://server.group8.example.com/pub/keytabs/system2.keytab
4、設定服務開機啟動
# systemctl enable nfs-client.target
# systemctl start nfs-client.target
註意:在rhel7.1之後的版本,已經不能手工設定nfs-secure服務開機啟動,他會根據條件自動啟動
5、掛載驗證
# mount /mnt/nfsmount
# systemctl restart nfs-secure #註意:首次配置後掛載krb5p驗證的nfs共享需要手工重啟(該服務可以restart,但不能start和enable)
# mount /mnt/nfssecure # 如果掛載失敗,請認真檢查對比上面的配置步驟,確定沒錯之後還是無法掛載請重啟system2(本機)
從此之後,你重啟system2,如無意外,開機會自動掛載了的
andres用戶寫認證:
#su - andres
Last login: Thu Jan 4 15:06:02 CST 2018 from system2.group8.example.com on pts/1
su: warning: cannot change directory to /home/ldap/andres: No such file or directory
-bash-4.2$ kinit
Password for [email protected]: redhat
-bash-4.2$ cd /mnt/nfssecure/project/
-bash-4.2$ touch aa.txt
-bash-4.2$ ls
aa.txt
rhel-7.2系統Kerberos驗證的NFS服務端和客戶端的配置