How to Roam Linux User Profile Through Network File System

Configuration overview

The following configurations are required to implement user profile roaming through NFS mechanism:

  • Configuring NFS Server
  1. Install required NFS packages
  2. Enable/start required services
  3. Configure Firewall
  4. Export shared directories
  • Configuring NFS Client
  1. Install required NFS packages
  2. Mount NFS shares on client
  3. Configure IDMAP

Note that a real example based upon RHEL 7.2 distribution is used to elaborate how to set up the configuration for each step in the following sections. As for other supported distributions, such as CentOs, SUSE and Ubuntu, this article also applies to them, however, package name and service name mentioned below may have minor differences, and this article does not cover that.

Configuring NFS Server

  1. Install required NFS packages

Install nfs-utils and libnfsidmap packages on NFS server using the following command:

yum install nfs-utils libnfsidmap
  1. Enable/start required services

Enable rpcbind and nfs-server services, using the following commands:

systemctl enable rpcbindsystemctl enable nfs-server

Activate the following four services using the following commands:

systemctl start rpcbindsystemctl start nfs-serversystemctl start rpc-statdsystemctl start nfs-idmapd

Additional details about the services mentioned above:

  • rpcbind — The rpcbind server converts RPC program numbers into universal addresses.
  • nfs-server — It enables the clients to access NFS shares.
  • rpc-statd — NFS file locking. Implements file lock recovery when an NFS server crashes and reboots.
  • nfs-idmap — It translates user and group ids into names, and translates user and group names into ids.
  1. Set up firewall configuration

We need to configure firewall on NFS server to allow client services to access NFS shares. To do that, run the following commands on the NFS server:

firewall-cmd --permanent --zone public --add-service mountdfirewall-cmd --permanent --zone public --add-service rpc-bindfirewall-cmd --permanent --zone public --add-service nfsfirewall-cmd --reload
  1. Export shared directories

There are two sub steps in this section.

  • Specify shared directory and its attributes in /etc/exports.
  • Export shared directory using command “exportfs -r”

Specify shared directory and its attributes in /etc/exports.

Example:

To share directory /home in NFS server with NFS client “10.150.152.167”, we need to add the following line to /etc/exports

/home 10.150.152.167(rw,sync, no_root_squash)

Note that:

/home — directory name in NFS server

10.150.152.167 — IP address of NFS client

rw,sync, no_root_squash — directory attributes

  1. – read/write permission to the shared folder
  2. – all changes to filesystem are immediately flushed to disk;
  3. : By default, any file request made by user root on the client machine is treated as by user nobody on the server. (Exactly which UID the request is mapped to depends on the UID of user “nobody” on the server, not the client.) If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server.

We can get all options in the man page (man exports)

Export shared directory using command “exportfs -r”

Execute command “exportfs –r” to export the shared directory on the shell of NFS server.

We can also use the command “exportfs –v” to get a list for all shared directories.

More details on exportfs commands:

exportfs -v : Displays a list of shared files and export options on a server

exportfs -a : Exports all directories listed in /etc/exports

exportfs -u : Un-export one or more directories

exportfs -r : Re-export all directories after modifying /etc/exports

Configuring NFS Client

  1. Install required NFS packages

Install the nfs-utils package using the following command.

yum install nfs-utils
  1. Mount NFS shares on the client

There are two different ways to mount the exported directories.

  • Use command “mount” to manually mount the directories.
  • Update /etc/fstab to mount the directories at boot time.

Use the “mount” command to manually mount directories.

Example:

The command to mount remote directory /home in 10.150.138.34 to local /home/GZG6N, command is as follows:

mount -t nfs -o options 10.150.138.34:/home /home/GZG6N

Note that:

10.150.138.34 -IP address of NFS server

/home – Shared directory on NFS server

/home/GZG6N – Local mount point

Update /etc/fstab to mount the directories at boot time.

Examples:

Add a line similar to the following to /etc/fstab.

10.150.138.34:/home /home/GZG6N nfs defaults 0 0

Then execute command “mount –a” to mount all filesystems mentioned in fstab.

  1. Configure IDMAP

Update /etc/samba/smb.conf to make sure that each user has a unique UID across all the Linux VDAs. Add the following lines to [global] section in the smb.conf file:

[Global] idmap config * : backend = tdb idmap config <DomainREALM> : backend = rid idmap config <DomainREALM> : range = 100000-199999 idmap config <DomainREALM> : base_rid = 0 template homedir = /home/<DomainName>/%u

Now that all the configurations have been done, we can normally launch session from Linux VDA called NFS client in this article (its IP address is 10.150.152.167 in the example), however, user directory is actually located in NFS server (its IP address is 10.150.138.34 in the example).

Related:

Leave a Reply