nfs mount not working
Donny George
donny008 at gmail.com
Wed Aug 6 15:21:38 UTC 2008
On Wed, Aug 6, 2008 at 4:20 PM, Mark Haney <mhaney at ercbroadband.org> wrote:
> Donny George wrote:
> > On Wed, Aug 6, 2008 at 4:03 PM, Mark Haney <mhaney at ercbroadband.org>
> wrote:
> >
> >> Donny George wrote:
> >>> On Wed, Aug 6, 2008 at 3:37 PM, Mark Haney <mhaney at ercbroadband.org>
> >> wrote:
> >>>> Donny George wrote:
> >>>>> On Wed, Aug 6, 2008 at 3:21 PM, Mark Haney <mhaney at ercbroadband.org>
> >>>> wrote:
> >>>>>> Donny George wrote:
> >>>>>>> On Wed, Aug 6, 2008 at 2:18 PM, Mark Haney <
> mhaney at ercbroadband.org>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> hey mark
> >>>>>>>
> >>>>>>> thankyou for the mail
> >>>>>>>
> >>>>>>> and now its seems working
> >>>>>>>
> >>>>>>> this is the etc/export on the server
> >>>>>>>
> >>>>>>> /home/users 10.4.139.3(rw,no_root_squash,async)
> >>>>>>> /srv 10.4.139.3(rw,no_root_squash,async)
> >>>>>>>
> >>>>>>>
> >>>>>>> and the clients etc/fstab is
> >>>>>>>
> >>>>>>> 10.4.139.2:/srv /srv nfs rsize=8192,wsize=8192,timeo=14,intr
> >>>>>>> 10.4.139.2:/home/users /home/users nfs
> >>>>>> rsize=8192,wsize=8192,timeo=14,intr
> >>>>>>> this is working at the moment
> >>>>>>>
> >>>>>>> but i dont know wen it will stop working :)
> >>>>>>>
> >>>>>>> donny
> >>>>>>>
> >>>>>>>
> >>>>>> I'm don't see how it could be working unless the user accounts were
> >>>>>> sync'd up, or you just chmod'd everything wide open on those nfs
> >> mounts.
> >>>>>> Having RW on the export give the user the ability but not the
> >>>>>> permissions to modify a file on the mount. That's a whole separate
> >>>> issue.
> >>>>>>
> >>>>>> --
> >>>>>> Libenter homines id quod volunt credunt -- Caius Julius Caesar
> >>>>>>
> >>>>>>
> >>>>>> Mark Haney
> >>>>>> Sr. Systems Administrator
> >>>>>> ERC Broadband
> >>>>>> (828) 350-2415
> >>>>>>
> >>>>>> Call (866) ERC-7110 for after hours support
> >>>>>>
> >>>>>> --
> >>>>>> ubuntu-users mailing list
> >>>>>> ubuntu-users at lists.ubuntu.com
> >>>>>> Modify settings or unsubscribe at:
> >>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >>>>>>
> >>>>> hey
> >>>>>
> >>>>>
> >>>>>
> >>>>> i reset the read write persmissions for the shared files on the
> server.
> >> i
> >>>>> reset it to all. so may be that explains why i can create or write on
> >>>> this
> >>>>> shared files
> >>>>>
> >>>>>
> >>>>> donny
> >>>>>
> >>>>>
> >>>> Well, if you're okay with that security hole, that is perfectly
> >> acceptable.
> >>>>
> >>>>
> >>>> --
> >>>> Libenter homines id quod volunt credunt -- Caius Julius Caesar
> >>>>
> >>>>
> >>>> Mark Haney
> >>>> Sr. Systems Administrator
> >>>> ERC Broadband
> >>>> (828) 350-2415
> >>>>
> >>>> Call (866) ERC-7110 for after hours support
> >>>>
> >>>> --
> >>>> ubuntu-users mailing list
> >>>> ubuntu-users at lists.ubuntu.com
> >>>> Modify settings or unsubscribe at:
> >>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >>>>
> >>> hey mark
> >>>
> >>> at the moment i just needed it to get LDAP running. so once its runs
> >>> perfectly fine then i will look into the secirty lapse
> >>>
> >>> don
> >>>
> >>>
> >> You needed to get NFs working so you can get LDAP running? Okay. I
> >> didn't realize they were dependent on each other. :)
> >>
> >> I'll be glad to help you with figuring out the proper permissions when
> >> you get time.
> >>
> >>
> >>
> >> --
> >> Libenter homines id quod volunt credunt -- Caius Julius Caesar
> >>
> >>
> >> Mark Haney
> >> Sr. Systems Administrator
> >> ERC Broadband
> >> (828) 350-2415
> >>
> >> Call (866) ERC-7110 for after hours support
> >>
> >> --
> >> ubuntu-users mailing list
> >> ubuntu-users at lists.ubuntu.com
> >> Modify settings or unsubscribe at:
> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >>
> >
> > hey mark
> >
> > ldap and nfs are so dependent and thats the reason i keep banging my head
> on
> > nfs.
> >
> > i have trying to get the ldap working since almost one week, its only
> today
> > that i was able to log in with the user created at ldap server frmo a
> client
> > machine. so i guess atleast today i can sleep peacefully and hope the
> > machine works tomo too
> >
> >
> > don
> >
> >
>
> I have had nfs/ldap working flawlessly for over 3 years now on our
> network. I'll be glad to help you work on it off list if you like.
>
>
>
> --
> Libenter homines id quod volunt credunt -- Caius Julius Caesar
>
>
> Mark Haney
> Sr. Systems Administrator
> ERC Broadband
> (828) 350-2415
>
> Call (866) ERC-7110 for after hours support
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
oh
so sorry i didnt know i was talking to a GURU in ldap.
i cud never find any correct documentation to set up the ldap.
right now i have set up an ldap server and a client on the same machine the
documentation was something like this
The softwares which have to be installed at the *server side* are
slapdldap-utilsdb4.2-utilmigrationtools (if any database is to be
migrated from another server)phpldapadmin (web based server management
with better gui)
Needed sofware for *Client (also for Server to setup a client on server*)
libnss-ldaplibpam-ldapnscdportmap
Configuration files for server
Create the password for the administrator
$ slappasswdNew password:Re-enter password:{MD5}d2BamRTgBuhC6SxC0vFGWol31ki8iq5m
u can use slappasswd -h {Md5} if u need an Md5 password
encryption{SSHA}4ODePKzs1kHeSixhXxjZRUO1ccmRhNuz
{MD5}XvpJ/rW6GRZCVS386MHZdw== Edit the /etc/ldap/slapd.conf
# Make sure you edit or add these directives after the first
'database' directive.#replace all appearences of "dc=mml,dc=nodomain"
with "dc=mml,dc=uni-freiburg,dc=de" in the file suffix
"dc=mml,dc=uni-freiburg,dc=de"directory "/var/lib/ldap"rootdn
"cn=admin,dc=mml,dc=uni-freiburg,dc=de"rootpw
{MD5}<hier the encrypted admin password have to be filled in >
NOTE : it so happened that one time the suffix and rootdn where
seperated with some other lines and the login into phpldapadmin didnt
work. So we had to type them all together one after the other. (though
its weird, that was the trouble once)
NOTE: We also have a tool to compare two files, just do apt-get
install xxdiff.Then the command to compare two files would bexxdiff
/source /destination
Edit /etc/ldap/ldap.conf and add:
ldap_version 3 HOST localhostBASE
dc=mml,dc=uni-freiburg,dc=deURI ldap://localhost
in the /etc/php5/apache2/php.ini set the value
memory_limit = 24M
restart the apache server /etc/init.d/apache2 restart
when the phpldapadmin website gives an low memory error
/etc/phpldapadmin/config.php
replace "nodomain" with "dc=mml,dc=uni-freiburg,dc=de" (or with the
domain of your choice)
the full string for this setting is:
$ldapservers->SetValue($i,'server','base',array('dc=mml,dc=uni-freiburg,dc=de'));#
(this is the file which controls the appearance on the GUI)
Restarting the server with /etc/init.d/slapd restart
With the command "ldapsearch -x" the server can be tested.
Unfortunately, the script does not create the Group and People nodes,
so we need to create it. To do this, create a file called
etc/ldap/base.ldif and fill it up with:
dn:dc=mml,dc=uni-freiburg,dc=de objectClass: dcObject objectClass:
organization o:mml dc:mml
dn:cn=admin,dc=mml,dc=uni-freiburg,dc=de objectClass:
organizationalRole cn:admin
Now, we have our users and groups converted to LDAP's ldif format. Let
import them into our LDAP database.ldapadd -x -W -D
"cn=admin,dc=debuntu,dc=local" -f etc/base.ldif
*Configuration Files for the Client*
/etc/pam.d/common-auth
auth sufficient pam_ldap.soauth required pam_unix.so
use_first_pass nullok_secure
auth ist für die Sicherheit zuständig, ob der User, der er vorgibt zu
sein auch wirklich dieser ist und somit ein Passwort verlangt.
/etc/pam.d/common-account
account sufficient pam_ldap.soaccount required pam_unix.so
use_first_pass
account prüft die Berechtigung, ob ein User den Dienst benutzen darf,
oder ob vielleicht sein Passwort abgelaufen ist.
/etc/pam.d/common-password
password sufficient pam_ldap.sopassword required pam_unix.so
use_first_pass nullok obscure min=4 max=8 md5
password spezifiziert, wie ein Passwort gewechselt wird und wie dieses
zusammengesetzt werden muss.
/etc/pam.d/common-session
session required pam_unix.sosession optional pam_foreground.so
session übernimmt alle wichtigen Prioritätsaufgaben und regelt die
Prozesse wie das zur Verfügung stellen des Heimatverzeichnisses.
/etc/ldap/ldap.conf
HOST 10.0.0.2 # IP des LDAP ServersBASE
dc=mml,dc=uni-freiburg,dc=de # BASE DN
In der ldap.conf sind die wichtigsten LDAP-Angaben untergebracht, die
weit ins Detail verfeinert werden können, zunächst reicht es jedoch
wenn, dort die Adresse des LDAP-Servers und die Suchbasis, in der man
sich authentifizieren will, angegeben wird.
/etc/pam_ldap.conf
host 10.0.0.2base dc=mml,dc=uni-freiburg,dc=derootbinddn
cn=Administrator,dc=mml,dc=uni-freiburg,dc=de # der Adminaccountname
des LDAP Servers
NSS - Modul - Konfiguration
NSS (System Databases and Name Service Switch configuration) gibt im
System an, wo sich welche Datenbanken (Aliase, Benutzer, Gruppen,
Netzwerke...etc.) befinden und in welcher Reihenfolge sie abgefragt
oder genutzt werden sollen. So kann man für jede Datenbank individuell
angeben wie der LookUp Prozess funktionieren soll.
(/etc/nsswitch.conf)
/etc/libnss-ldap.conf
host 10.0.0.2base dc=mml,dc=uni-freiburg,dc=deldap_version 3
/etc/nsswitch.conf
Achtung!
Nachdem man die nsswitch.conf editiert hat, könnte kein sudo mehr
erfolgreich sein, wenn man sich vertan hat oder etwas Anderes nicht
stimmt, denn dann möchte Ubuntu bereits auf den LDAP-Server zugreifen.
Sorgfalt ist also geboten. Wenn man sich trotz aller Vorsicht
ausgesperrt, hilft nur noch ein Start im Rettungsmodus oder von einer
Live-CD um den Fehler zu korrigieren oder die alte nsswitch.conf
wieder herzustellen. Im Artikel Recovery Modus ist auch ein weiterer
Hinweis, wie man an das Root-Filesystem gelangt, um Fehler zu
korrigieren oder Einträge rückgängig zu machen.
passwd: files ldapgroup: files ldapshadow:
files ldaphosts: files dnsnetworks: files
Test the communication with "getent passwd" or id "username" . Users
have to be created on the LDAP-server to see them with the test.
In the file /etc/ldap.conf specify
host 132.230.139.65blind_policy softldap_version 3base
dc=mml,dc=uni-freiburg,dc=de
is there anythign wrong with this documentation. i collected it frmo various
sources. i cant log in frmo the client with the user created at the ldap
server. this is the problem that i am facing now
don
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080806/2a7a4b90/attachment.html>
More information about the ubuntu-users
mailing list