How to Roam Linux User Profile Through Network File System

How to Roam Linux User Profile Through Network File System

book

Article ID: CTX231898

calendar_today

Updated On:

Description

Network File System (NFS) allows a Linux machine acting as NFS server to share directories with other Linux machines acting as NFS clients over network. NFS server exports one or more directories to the specified NFS client, and then NFS clients can normally mount those directories to the local. Linux VDAs can leverage NFS mechanism to roam user profiles. This article explains how to set up the configuration separately on NFS Server and NFS client.

Instructions

Configuration overview
The following configurations are required to implement user profile roaming through NFS mechanism:
  • Configuring NFS Server
  1. Install required NFS packages
  2. Enable/start required services
  3. Configure Firewall
  4. Export shared directories
  • Configuring NFS Client
  1. Install required NFS packages
  2. Mount NFS shares on client
  3. Configure IDMAP
Note that a real example based upon RHEL 7.2 distribution is used to elaborate how to set up the configuration for each step in the following sections. As for other supported distributions, such as CentOs, SUSE and Ubuntu, this article also applies to them, however, package name and service name mentioned below may have minor differences, and this article does not cover that.

Configuring NFS Server
  1. Install required NFS packages
Install nfs-utils and libnfsidmap packages on NFS server using the following command: 
yum install nfs-utils libnfsidmap
 
  1. Enable/start required services
Enable rpcbind and nfs-server services, using the following commands: 
systemctl enable rpcbind
systemctl enable nfs-server
Activate the following four services using the following commands: 
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd

Additional details about the services mentioned above:
  • rpcbind -- The rpcbind server converts RPC program numbers into universal addresses.
  • nfs-server --  It enables the clients to access NFS shares.
  • rpc-statd --  NFS file locking. Implements file lock recovery when an NFS server crashes and reboots.
  • nfs-idmap -- It translates user and group ids into names, and translates user and group names into ids.
 
  1. Set up firewall configuration
We need to configure firewall on NFS server to allow client services to access NFS shares. To do that, run the following commands on the NFS server: 
firewall-cmd --permanent --zone public --add-service mountd
firewall-cmd --permanent --zone public --add-service rpc-bind
firewall-cmd --permanent --zone public --add-service nfs
firewall-cmd --reload
 
  1. Export shared directories
There are two sub steps in this section.
  • Specify shared directory and its attributes in /etc/exports.
  • Export shared directory using command  “exportfs -r”
Specify shared directory and its attributes in /etc/exports.
Example:
To share directory /home in NFS server with NFS client “10.150.152.167”, we need to add the following line to /etc/exports
       /home 10.150.152.167(rw,sync, no_root_squash)
 
Note that:
/home -- directory name in NFS server
10.150.152.167 -- IP address of NFS client
rw,sync, no_root_squash -- directory attributes
  1. – read/write permission to the shared folder
  2. – all changes to filesystem are immediately flushed to disk;
  3. : By default, any file request made by user root on the client machine is treated as by user nobody on the server. (Exactly which UID the request is mapped to depends on the UID of user “nobody” on the server, not the client.) If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server.
We can get all options in the man page (man exports)
Export shared directory using command “exportfs -r”
Execute command “exportfs –r” to export the shared directory on the shell of NFS server.
We can also use the command “exportfs –v” to get a list for all shared directories.
More details on exportfs commands:
exportfs -v : Displays a list of shared files and export options on a server
exportfs -a : Exports all directories listed in /etc/exports
exportfs -u : Un-export one or more directories
exportfs -r : Re-export all directories after modifying /etc/exports

Configuring NFS Client
  1. Install required NFS packages
Install the nfs-utils package using the following command. 
yum install nfs-utils
 
  1. Mount NFS shares on the client
There are two different ways to mount the exported directories.
  • Use command “mount” to manually mount the directories.
  • Update /etc/fstab to mount the directories at boot time.
Use the “mount” command to manually mount directories.
Example:
The command to mount remote directory /home in 10.150.138.34 to local /home/GZG6N, command is as follows:     
mount -t nfs -o options 10.150.138.34:/home /home/GZG6N
Note that:
10.150.138.34 -IP address of NFS server
/home – Shared directory on NFS server
/home/GZG6N – Local mount point
Update /etc/fstab to mount the directories at boot time.
Examples:
Add a line similar to the following to /etc/fstab.   
10.150.138.34:/home     /home/GZG6N     nfs     defaults        0       0
Then execute command “mount –a” to mount all filesystems mentioned in fstab. 
  1. Configure IDMAP
Update /etc/samba/smb.conf to make sure that each user has a unique UID across all the Linux VDAs. Add the following lines to [global] section in the smb.conf file: 
[Global]
   idmap config * : backend = tdb
   idmap config <DomainREALM> : backend = rid
   idmap config <DomainREALM> : range = 100000-199999
   idmap config <DomainREALM> : base_rid = 0
   template homedir = /home/<DomainName>/%u

Now that all the configurations have been done, we can normally launch session from Linux VDA called NFS client in this article (its IP address is 10.150.152.167 in the example), however, user directory is actually located in NFS server (its IP address is 10.150.138.34 in the example).

Powered by Wolken Software