nfs
来源:互联网 发布:淘宝联盟是返利最多的 编辑:程序博客网 时间:2024/06/05 02:23
#########nfs##########
1.启用服务
systemctl start nfs-server
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=rpc-bind
showmount -e 172.25.254.124
2.共享目录
mkdir /public
要共享的系统目录 共享方式
3.利用kerberos保护nfs输出
在server上
yum install sssd krb5-workstation.x86_64 authconfig-gtk -y
开启kerberos认证,得到ldap用户
wget http://172.25.254.254/pub/keytabs/server24.keytab -O /etc/krb5.keytab
ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/server24.example.com@EXAMPLE.COM
2 2 host/server24.example.com@EXAMPLE.COM
3 2 host/server24.example.com@EXAMPLE.COM
4 2 host/server24.example.com@EXAMPLE.COM
5 2 host/server24.example.com@EXAMPLE.COM
6 2 host/server24.example.com@EXAMPLE.COM
7 2 host/server24.example.com@EXAMPLE.COM
8 2 host/server24.example.com@EXAMPLE.COM
9 2 nfs/server24.example.com@EXAMPLE.COM
10 2 nfs/server24.example.com@EXAMPLE.COM
11 2 nfs/server24.example.com@EXAMPLE.COM
12 2 nfs/server24.example.com@EXAMPLE.COM
13 2 nfs/server24.example.com@EXAMPLE.COM
14 2 nfs/server24.example.com@EXAMPLE.COM
15 2 nfs/server24.example.com@EXAMPLE.COM
16 2 nfs/server24.example.com@EXAMPLE.COM
ktutil: quit
systemctl start nfs-secure-server
systemctl enable nfs-secure-server
vim /etc/exports
/public *(rw,sec=krb5p)
exportfs -rv
在desktop上
yum install sssd krb5-workstation.x86_64 authconfig-gtk -y
开启kerberos认证,得到ldap用户
vim /etc/hosts
172.25.254.224 server24.example.com
wget http://172.25.254.254/pub/keytabs/desktop24.keytab -O /etc/krb5.keytab
[root@desktop ~]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/desktop24.example.com@EXAMPLE.COM
2 2 host/desktop24.example.com@EXAMPLE.COM
3 2 host/desktop24.example.com@EXAMPLE.COM
4 2 host/desktop24.example.com@EXAMPLE.COM
5 2 host/desktop24.example.com@EXAMPLE.COM
6 2 host/desktop24.example.com@EXAMPLE.COM
7 2 host/desktop24.example.com@EXAMPLE.COM
8 2 host/desktop24.example.com@EXAMPLE.COM
9 2 nfs/desktop24.example.com@EXAMPLE.COM
10 2 nfs/desktop24.example.com@EXAMPLE.COM
11 2 nfs/desktop24.example.com@EXAMPLE.COM
12 2 nfs/desktop24.example.com@EXAMPLE.COM
13 2 nfs/desktop24.example.com@EXAMPLE.COM
14 2 nfs/desktop24.example.com@EXAMPLE.COM
15 2 nfs/desktop24.example.com@EXAMPLE.COM
16 2 nfs/desktop24.example.com@EXAMPLE.COM
ktutil: quit
systemctl start nfs-secure
systemctl enable nfs-secure
mount 172.25.254.224:/public /mnt -o sec=krb5p
su - student
cd /mnt
su - ladpuser1
klist
Ticket cache: KEYRING:persistent:1701:krb_ccache_0MQODsG
Default principal: ldapuser1@EXAMPLE.COM
Valid starting Expires Service principal
06/03/2017 23:47:36 06/04/2017 23:47:35 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 06/03/2017 23:47:36
-bash-4.2$ ls /mnt
1.启用服务
yum install nfs-utils
systemctl start nfs-server
systemctl start firewalld.service
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
showmount -e 172.25.254.124
Export list for 172.25.254.124:
2.共享目录
mkdir /public
chmod 777 /public/
exportfs rv ##刷新服务,让更改立即生效
要共享的系统目录 共享方式
/public *(sync) ##public共享给所有人并且数据同步
测试:
/public 172.25.0.0/24(rw,sync) ##public共享给172.25.0.0/24网段
测试:18网段主机可以访问
254主机不可以访问
/public *.example.com(sync) ##public共享给example.com域的所有主机
/public 172.25.18.11(ro,sync) 172.25.18.10(rw,sync) ##public共享给11是只读,共享给10是写
测试:
11主机只可读:
10主机可读写:
/public *(rw,sync,no_root_squash) ##public共享给所有人,当客户端使用root挂载不转换用户身份
测试:
/public *(rw,sync,anonuid=1001,anongid=1000) ##public共享给所有人以1001为uid,1000为gid
测试:
3.利用kerberos保护nfs输出
在server上
yum install sssd krb5-workstation.x86_64 authconfig-gtk -y
开启kerberos认证,得到ldap用户
wget http://172.25.254.254/pub/keytabs/server24.keytab -O /etc/krb5.keytab
ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/server24.example.com@EXAMPLE.COM
2 2 host/server24.example.com@EXAMPLE.COM
3 2 host/server24.example.com@EXAMPLE.COM
4 2 host/server24.example.com@EXAMPLE.COM
5 2 host/server24.example.com@EXAMPLE.COM
6 2 host/server24.example.com@EXAMPLE.COM
7 2 host/server24.example.com@EXAMPLE.COM
8 2 host/server24.example.com@EXAMPLE.COM
9 2 nfs/server24.example.com@EXAMPLE.COM
10 2 nfs/server24.example.com@EXAMPLE.COM
11 2 nfs/server24.example.com@EXAMPLE.COM
12 2 nfs/server24.example.com@EXAMPLE.COM
13 2 nfs/server24.example.com@EXAMPLE.COM
14 2 nfs/server24.example.com@EXAMPLE.COM
15 2 nfs/server24.example.com@EXAMPLE.COM
16 2 nfs/server24.example.com@EXAMPLE.COM
ktutil: quit
systemctl start nfs-secure-server
systemctl enable nfs-secure-server
vim /etc/exports
/public *(rw,sec=krb5p)
exportfs -rv
在desktop上
yum install sssd krb5-workstation.x86_64 authconfig-gtk -y
开启kerberos认证,得到ldap用户
vim /etc/hosts
172.25.254.224 server24.example.com
wget http://172.25.254.254/pub/keytabs/desktop24.keytab -O /etc/krb5.keytab
[root@desktop ~]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/desktop24.example.com@EXAMPLE.COM
2 2 host/desktop24.example.com@EXAMPLE.COM
3 2 host/desktop24.example.com@EXAMPLE.COM
4 2 host/desktop24.example.com@EXAMPLE.COM
5 2 host/desktop24.example.com@EXAMPLE.COM
6 2 host/desktop24.example.com@EXAMPLE.COM
7 2 host/desktop24.example.com@EXAMPLE.COM
8 2 host/desktop24.example.com@EXAMPLE.COM
9 2 nfs/desktop24.example.com@EXAMPLE.COM
10 2 nfs/desktop24.example.com@EXAMPLE.COM
11 2 nfs/desktop24.example.com@EXAMPLE.COM
12 2 nfs/desktop24.example.com@EXAMPLE.COM
13 2 nfs/desktop24.example.com@EXAMPLE.COM
14 2 nfs/desktop24.example.com@EXAMPLE.COM
15 2 nfs/desktop24.example.com@EXAMPLE.COM
16 2 nfs/desktop24.example.com@EXAMPLE.COM
ktutil: quit
systemctl start nfs-secure
systemctl enable nfs-secure
mount 172.25.254.224:/public /mnt -o sec=krb5p
su - student
cd /mnt
su - ladpuser1
klist
Ticket cache: KEYRING:persistent:1701:krb_ccache_0MQODsG
Default principal: ldapuser1@EXAMPLE.COM
Valid starting Expires Service principal
06/03/2017 23:47:36 06/04/2017 23:47:35 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 06/03/2017 23:47:36
-bash-4.2$ ls /mnt
阅读全文
0 0
- NFS
- NFS
- nfs
- NFS
- NFS
- nfs
- NFS
- NFS
- NFS
- nfs
- NFS
- NFS
- nfs
- nfs
- nfs
- NFS
- nfs
- NFS
- 在w3c学习angular2遇到的问题
- 自动补全文本框
- mysql 中union和union的区别和使用方法
- HTTP协议状态码详解(HTTP Status Code)
- [YTU]_2476(C++习题 继承与组合)
- nfs
- [YTU]_2476(E3 继承了,成员函数却不可访问)
- android文件存储的4种方式
- retrofit2.0中自定义转换器使用,通用啊
- HashMap实现原理分析
- [poj1741] Tree 点分
- [YTU]_2635(P4 游戏中的Human角色)
- idea中JSP模板{头信息}的设置方法
- bzoj 1004 Cards