Nerdy notes on NFS/avahi/zfs with a path to ldap/KerberosĀ 

0

Ok last century, the last time I used UNIX, the best we could do was uucp and NFS was the future. Now XXX years later I’m trying to get a file server running and come to find out that the best Ubuntu seems to offer is Samba and well NFS!
So I guess something is telling me I had better figure out /etc/fstab, mount, NFS etc once and for all. 
I’ve learned to start as small as possible with Linux so first off is zfs to NFS and samba. And after a hard try two years ago I had a server working poorly but I didn’t use scripts and wiped the configuration. This year I learned my lesson so it’s all “documented” in scripts. 
Here are the traps

  1. Most guides say mount -t NFS but this defaults you to NFS v3. And NFS v4 is nearly a decade old and has solved security problems  iff to use Kerberos. 
  2. There is an id mapper  which doesn’t really work. It does map user names to different ids on file server but only on things like listing files. It doesn’t work on open unless you have Kerberos. 

  3. The main solution seems to be to make sure all the uids and gids on the client and server are the same. Or do the ldap plus Kerberos which is much work. 

  4. Avahi is also shrouded in mystery but finally figured out that Ubuntu has avahi running but you must manually publish services. So you have to construct your own NFS.services and SMB.services in /etc/avahi/services. At least on 14.04 the avahi-daemon watched this directory and publishes. The only errors are found by grep in /var/log/syslog to see what’s valid and not. 

  5. Making sure all the uid and gid on clients map is not as hard as your think. For small machines. Have a standard scripts which does usermod -u and usermod -g to flip permissions around. It’s not secure of course but quick. 

Related Posts

© All Right Reserved